This course will cover a wide range of topics in the area of Systems
Security. A computer system is composed by software, hardware,
policies, and practices. Systems security involves both designing and
building secure systems, as well as improving and evaluating the
security of existing systems. This course is giving a particular
emphasis into providing hands-on experience to students through
building, attacking, and securing systems. The class is programming
intensive. Those who take the class should be skilled programmers and
should have some experience with the C programming language and
programming on a Linux environment. It is recommended that students
are also familiar with the assembly language and with network and
operating system basics.
Detailed information about the course can be found in the
The course requires good programming skills (C, C++), including
some knowledge of x86 assembly. Also, a basic background in
operating systems (mainly UNIX) and networking.
(Graduate students) CS-631Advanced Programming in the UNIX Environment or
(Undergraduate students) CS-306 Introduction to IT Security and CS-392 Systems Programming
- Computer Security: Principles and Practice, 3/E, William Stallings, Lawrie Brown ISBN-10: 0133773922 • ISBN-13: 9780133773927
- Security Engineering 2nd Edition by Ross Anderson
- The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition, Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte, ISBN: 978-0-470-08023-8
- Slides used in lectures and papers referenced in them
Your final grade will be determined by your performance in the
|Lab participation|| ||10%
|Midterm Exam|| ||20%
|Final Exam|| ||20%
Authentication and access control.
How software executes: from abstractions to machine-level code.
(Early) Memory corruption attacks.
Early defenses and more attacks.
Modern exploitation and defenses.
Project proposals due.
How to prepare a project proposal.
Systems and Cryptography
Denial of Service.
OS security and sandboxing.