Learning Objectives

In this course, student will learn the fundamental principles of computer and network security by studying attacks on computer systems, network, and the Web. Students will learn how those attacks work and how to prevent and detect them. The course emphasizes "learning by doing", and requires students to conduct a series of lab exercises. Through these labs, students can enhance their understanding of the principles, and be able to apply those principles to solve real problems. After completion of the course, students should be able to possess the following skills:

  • be able to explain security principles,
  • be able to evaluate risks faced by computer systems,
  • be able to explain how various attacks work,
  • be able to describe and generalize various software vulnerabilities.
  • be able to detect common vulnerabilities in software,
  • be able to analyze and evaluate software systems for its security properties,
  • be able to explain how various security mechanisms work, and correlate these security mechanisms with security principles,
  • be able to compare various security mechanisms, and articulate their advantages and limitations,
  • be able to apply security principles to solve problems,

Instructor

Professor: Wenliang (Kevin) Du
Office: SciTech Building, Room 4-285
Phone: 443-9180
Email address: wedu@syr.edu

Required Texts

Wenliang Du. Computer Security: A Hands-on Approach.

Grading (subject to change)

  • Labs and Projects: 40% (Late-homework policy: 10% penality per day)
  • Quizzes: 10%
  • Exam 1: Software Security: 10%
  • Exam 2: Web Security: 10%
  • Final Exam 30%

Topics

  • Introduction and Basics
    • Class Introduction (syllabus, policies, and projects)
    • An Overview of Computer Security
    • Course projects (labs)
    • Unix Security Basics

  • Software Security: Vulnerabilities, Attacks, and Countermeasures
    • Privileged programs (Set-UID programs) and vulnerabilities
    • Buffer Overflow vulnerability and attack
    • Return-to-libc attack
    • Race Condition vulnerability and attack
    • Format String vulnerability and attack
    • Input validation
    • Shellshock attack

  • Web Security: Vulnerabilities, Attacks, and Coutermeasures
    • Same Origin Policy
    • Cross-Site Scripting Attack
    • Cross-Site Request Forgerty Attack
    • SQL-Injection Attack
    • Click-Jacking Attack
    • Web Tracking
    • Web Proxy and Firewall

  • Smartphone Security
    • Access control in Android operating system
    • Rooting Android devices
    • Repackaging attacks
    • Attacks on apps
    • Whole-disk encryption
    • Hardware protection: TrustZone