Learning Objectives
In this course, students will study a variety of attacks on computer software and hardware.
These attacks are caused by the vulnerabilities in the design and implementation
of computer systems. The course emphasizes "learning by doing", and requires
students to conduct a series of lab exercises. Through these labs, students can
enhance their understanding of the principles, and be able to apply those
principles to solve real problems.
After completion of the course, students should be able to possess the following skills:
- be able to analyze and evaluate software systems for its security properties,
- be able to evaluate risks faced by computer systems,
- be able to explain how various attacks work,
- be able to detect common vulnerabilities in software,
- be able to design and implement basic security mechanisms to protect computer systems,
- be able to describe and generalize various software vulnerabilities,
- be able to compare various security mechanisms, and articulate their advantages and limitations,
- be able to apply security principles to solve problems.
Instructor
Professor: Wenliang (Kevin) Du
Office: SciTech Building, Room 4-285
Phone: 443-9180
Email address: wedu@syr.edu
Required Texts
Wenliang Du.
Computer Security: A Hands-on Approach, 2nd Edition.
Grading (subject to change)
- Late Homework Policy: 10% penality per business day.
- Weights on Final Exam, Labs and Final Project:
The labs and project are supposed to help students enhance
and supplement their learnings with hands-on experiences. While many students do benefit
from that, for some students, these exercises do not seem to work. They get very good
scores in labs and project, but score very low in the final exam. Given that the final
exam is the utimate test to measure how much a students has learned,
for students doing poorly on the exam, the hands-on exercises do not seem to serve
their intended goal, so their weight needs to be reduced. Here is the fomula
to calculate the weight on the labs and final project:
- Final exam score ≥ 60: weight on labs/project = 50%.
- Final exam score < 60: weight on labs/project = (final_exam_score - 10)/100.
- Final exam score < 10: weight on labs/project = 0%.
| Examples |
Weight on Final Exam |
Weight on Labs/Project |
| Final exam score is above 60 |
50% |
50% |
| Final exam score is 40 |
70% |
30% |
| Final exam score is 20 |
90% |
10% |
| Final exam is below 10 |
100% |
0% |
- Introduction and Basics
- Class Introduction (syllabus, policies, and projects)
- An Overview of Computer Security
- Course projects (labs)
- Unix Security Basics
- Software Security: Vulnerabilities, Attacks, and Countermeasures
- Privileged programs (Set-UID programs) and vulnerabilities
- Buffer Overflow vulnerability and attack
- Return-to-libc attack
- Race Condition vulnerability and attack
- Dirty COW attack
- Format String vulnerability and attack
- Shellshock attack
- Heartbleed attack
- Web Security: Vulnerabilities, Attacks, and Coutermeasures
- Same Origin Policy
- Cross-Site Scripting Attack
- Cross-Site Request Forgerty Attack
- SQL-Injection Attack
- Click-Jacking Attack
- Web Tracking
- Smartphone Security
- Access control in Android operating system
- Rooting Android devices
- Repackaging attacks
- Attacks on apps
- Whole-disk encryption
- Hardware protection: TrustZone
- Hardware Security
- Meltdown attack
- Spectre attack
- 80x86 Protection Mode (access control in hardware)