print

System and Network Security

T
Technical Teaching
SysSec
FRANCILLON Aurélien
HERNANDEZ Aurélien
MALMAIN Romain
SALIMI Solmaz
Abstract

Abstract

This course introduces practical security concepts. The goal is to understand common attacks and countermeasures in a range of topics. The course is practice-oriented, it describes real attacks and countermeasures. Students will practice attacks on a dedicated “challenges” server (similar to a Capture the Flag competition).

Teaching and Learning Methods:

Weekly class. Guest lectures by industry. Homework are in the form of challenges, on a number of topics related to the class. Few labs are organized during lecture time to help students.

Course Policies:

Class attendance is not checked but is generally required to succeed

 

Bibliography

Bibliography

  • There are no books covering all topics. Some useful content may be found in :

    • Designing Secure Software: A Guide for Developers”, Loren Kohnfelder

    • Web Security Academy” is a good reference for Web

    • "Security Engineering" by Ross Anderson

  • Students who think they miss background for the course may look at the following books

    • Linux basics for hackers : getting started with networking, scripting, and security in Kali" (ISBN-10: 1-59327-855-1)

    • "Effective C: An introduction to professional C programming", Seacord, Robert C (first chapters only)

    • Parts of the series  "Write great code ...", No starch, Hyde, Randall

Requirements

Students are recommended to have followed the following courses or have knowledge in:

Operating systems” (OS), “Computer architecture” (Comparch), “Software development methodologies” (SoftDev), “Introduction to Computer Networking and the Internet 1” (IntroNet_1)

It is still possible to follow the “System and Network Security” (SysSec) course if the above courses were not followed as required concepts will be reminded.

Description
Description
 
Computer security is an essential part of everyday life, and security issues often have major impact on our daily lives as well as global effects. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is often not well understood. The course aims to make the students gain a basic understanding of real-world security issues and countermeasures. Another of the goals of this course is to teach students to think as an attacker. This state of mind is a requirement for performing security audits and very useful to design secure systems and avoid common pitfalls. The course introduces the students to all the basic concepts of system security in the areas of operating system, network, and web security. The class has a very practical spin. A number of challenge-like homework assignments are used to force the student to practice the low-level aspects of the concepts presented during the lectures. Therefore, prior experience in basic programming (C, python) as well as knowledge of basic concepts in operating systems and networks is recommended.
 
The course changes every year, but in general the following topics are covered in this course:
 
  • System security history and general knowledge
  • Memory Corruption, Exploitation and Modern Countermeasures
  • Trusted Computing
  • Windows and Unix Security Basics
  • Race Conditions
  • Network Security
  • Telephony Fraud
  • Product security certifications
  • Malware, Embedded systems security
  • Every year there are guest lectures on selected topics.
 
All the above topics will be mostly covered at a high level (possibly covered in more details in other courses). A particular focus is put on the exploitation of memory vulnerabilities well as on web security.Learning Outcomes

 

  • Students will have an overall understanding of security problems in systems and the basic countermeasures. They will be able to perform a range of attacks (code injection, etc).

  • Students should be able to understand a vulnerability, how to read a security advisory, and how to handle them to either attack systems or defend against attacks.

 

Nb hours: 50.00

Evaluation:

  • Solving challenges (20 to 25% of the final grade)
  • Final written exam covering all the topics from the lectures (75 to 80% of the final grade)
  • Additional points for extra participation in class (mini projects, presentations on a related topic)