ECE 750 Topic 27 - Spring 2014

ECE 750 Topic 27 - Computer Security

Instructor

Professor V. Ganesh

Course outline

This course is an introduction to computer security. I will teach this course in 4 modules. Each module consists of 4-6 lectures. The modules are:

• MODULE 1 (Lectures 1-6):  Basic security concepts, control-hijack attacks, malware, software engineering techniques to prevent, detect and recover from attacks
  
  

  Introduction to computer security (confidentiality, integrity, availability). Control-hijack attacks. Ways of detecting (canaries), preventing (bug-finding using fuzzing and concolic testing), and recovering/dealing with control-hijack based exploits (ASLR or layout randomization). SYN Cookies. Malware (virus, worms,...). Techniques to detect malware using static and dynamic analysis

• MODULE 2 (Lectures 7-10): Basic cryptography
  
  

  Perfect security (Shannon), One-time pads, idea of computational indistinguishability, semantic security, public-key cryptography, RSA, digital signatures, side-channel attacks on cryptographic implementations

• MODULE 3 (Lectures 11-15): Security policies and principles of safe design
• MODULE 4 (Lectures 16-22): Browser and internet security
  
  

  SQL Injection, XSS scripting and CSRF attacks