Computer Security

Instructor: Marius Minea
Collaborators: dr. Bogdan Groza, Emanuel Danci, Norbert Fazekas

Grading: 50% lab, 50% tests
Lab grades
Test results

Course material

Last year's course

Introduction PDF slides
J. H. Saltzer, M. D. Schroeder. "The protection of information in computer systems". Proceedings of the IEEE 63(9):1278-1308, 1975. HTML, PDF (sec. I A 3), 10-line summary
Ken Thompson Reflections on Trusting Trust
Unix access rights (W. Pollock)
Access Control. PDF slides
see also Overview of Computer Security (Matt Bishop), sec. 1.1-1.5
curs, Univ. of Edinburgh (general notions, without formalism)
M. Bishop. Race conditions, Files and Security Flaws (introduction; passwd and binmail examples)
FAQ: setuid shell scripts - a discussion
Buffer overflows. (PDF summary)
Purdue course, part 1, part 2
Secure and Defensive Programming. Secure Programming for Linux and Unix HOWTO (David Wheeler)
(see slides, details in book, ch. 5.1-5.5, ch. 6)
Malware (invited lecture by Marius Tivadar, Bitdefender)
Supplementary reading: remote car hacking, see also video.
Network security
Purdue course part 1, part 2
see also SYN cookies, details on DNS cache poisoning)
Firewalls (slides after Stallings/Brown textbook);
Web application security: Ch. 7; Ch. 10 (p.1-35) (see also book)
Symmetric Cryptography (Bogdan Groza)
Public-key Cryptography (Bogdan Groza)
Cryptography fundamentalsHandbook of Applied Cryptography: Foundations (ch. 1-1.4), mathematical notions (ch. 2: conditional probability, birthday paradox, entropy, complexity, number theory); reference problems (ch. 3: problem definitions and relations between them).
Authentication protocols (U. Edinburgh course); see also HAC, ch. 10-10.4.1, incl. ZK (Fiat-Shamir)
Authentication and key distribution protocols(U. Edinburgh course), see also HAC, cap. 12-12.2 + Kerberos, Needham-Schroeder (a)symmetric, Diffie-Hellman (12.6)
Probabilistic Contract Signing (V. Shmatikov, p. 1-11), and Fair Exchange (S. Kremer, M. Ryan; p. 1-12)
Digital Cash (Mark Ryan, U. Birmingham)
Bitcoin (J. Johenfors, U. Linköping) -- fundamental ideas

Lab sessions

Many labs use instructional material from Syracuse University.
Here are the virtual machines and the user manual

Lab 1: Access rights
Lab 2: Setuid programs
Lab 3: Buffer overflows
Lab 4: Return-to-libc attacks
Lab 5: Format string vulnerabilities
Lab 6: Attacks in TCP networks
Lab 7: DNS attacks
Script for configuring virtual machines
Lab 8+9: Cross-Site Request Forgery
Cross-Site Scripting
SQL Injection

Projects proposed by Bitdefender (2014)

Resources

Other courses

Computer Security David Aspinall, University of Edinburgh
CS 426: Computer Security. Ninghui Li, Purdue University.

Books

Ross Anderson. Security Engineering, 2nd ed., Wiley, 2008 (online)
Dieter Gollmann. Computer Security (3rd ed.), Wiley, 2010
Ed Skoudis, Tim Liston. Counter Hack Reloaded (2nd ed.), Prentice Hall, 2005

Marius Minea

Last modified: Tue Jan 19 12:25:00 EET 2016