This course introduces practical security concepts. The goal is to understand common attacks and countermeasures in a range of topics. The course is practice-oriented, it describes real attacks and countermeasures. Students will practice attacks on a dedicated server (similar to a Capture the Flag competition).
Teaching and Learning Methods: Weekly class. Some guest lectures. Homework is an online challenge, on a number of topics related to the class. A first lab is organized during lecture time to bootstrap challenges.
Course Policies: Class attendance is not checked but is generally required to succeed.
- There are no books covering all topics. Some resources can be found on the public page of the course: http://www.s3.eurecom.fr/~aurel/teaching.html
It is recommended to have basic knowledge in:
- “Operating systems” (OS),
- "Introduction to Computer Networking and the Internet 1” (IntroNet_1),
- “Computer architecture” (Comparch).
It is still possible to follow the “System and Network Security” (SysSec) course if this is not the case as required concepts will be reminded.
Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is often not well understood. The course aims to make the students gain a basic understanding of real-world security issues and countermeasures. Another of the goals of this course is to teach students to think as an attacker. This state of mind is a requirement for performing security audits and is very useful to design secure systems and avoid common pitfalls. The course introduces the students to all the basic concepts of system security in the areas of host, network, and web security. The class has a very practical spin. A number of challenge-like homework assignments are used to force the student to practice the low-level aspects of the concept presented during the lectures. Therefore, prior experience in basic programming (C) as well as knowledge of basic concepts in operating systems and networks is recommended.
The following topics are introduced in this course:
- Windows and Unix Security Basics
- Race Conditions
- Memory Corruption, Exploitation and Modern Countermeasures
- Trusted Computing
- Web Security
- Wireless Security
- Network Security
- Testing for Security
- Embedded systems security
- Every year there are guest lectures on selected topics.
All the above topics will be mostly covered at a high level (possibly covered in more detail in other courses). A particular focus is put on the exploitation of memory vulnerabilities well as on web security.
- Students will have an overall understanding of security problems in systems and the basic countermeasures. They will be able to perform a range of attacks (code injection, etc).
- Students should be able to understand a Vulnerability, how to read a security advisory, and how to handle them to either attack systems or defend against attacks.
Nb hours: 42.00
- Solving challenges (20 to 25% of the final grade)
- Final written exam covering all the topics from the lectures (75 to 80% of the final grade)
- Additional points for extra participation in class (mini projects, presentations on a related topic)