skip to primary navigationskip to content

Department of Computer Science and Technology

Undergraduate

Course pages 2021–22

Security

Principal lecturer: Prof Frank Stajano
Taken by: Part IB CST
Hours: 12
Suggested hours of supervisions: 3
Prerequisites: Software and Security Engineering
This course is a prerequisite for: E-Commerce
Past exam questions

Aims

In today’s digital society, computer security is vital for commercial competitiveness, national security and privacy of individuals. Protection against both criminal and state-sponsored attacks will need a large cohort of skilled individuals with an understanding of the principles of security and with practical experience of the application of these principles. We want you to become one of them. In this adversarial game, to defeat the bad guys, the good guys have to be at least as skilled at them. Therefore this course has a strong foundation of becoming proficient at actual attacks. A theoretical understanding is of course necessary, but without some practice the bad guys will run circles around the good guys. In 12 hours I can’t bring you from zero to the stage where you can invent new attacks and countermeasures, but at least by practicing and dissecting common attacks (akin to “studying the classics”) I’ll give you a feeling for the kind of adversarial thinking that is required in this field. Large portions of this course are hands-on: you will need to acquire the relevant skills rather than just reading about it. The recommended course textbook will be especially helpful to those with no prior low-level hacking experience.In today’s digital society, computer security is vital for commercial competitiveness, national security and privacy of individuals. Protection against both criminal and state-sponsored attacks will need a large cohort of skilled individuals with an understanding of the principles of security and with practical experience of the application of these principles. We want you to become one of them. In this adversarial game, to defeat the bad guys, the good guys have to be at least as skilled at them. Therefore this course has a strong foundation of becoming proficient at actual attacks. A theoretical understanding is of course necessary, but without some practice the bad guys will run circles around the good guys. In 12 hours I can’t bring you from zero to the stage where you can invent new attacks and countermeasures, but at least by practicing and dissecting common attacks (akin to “studying the classics”) I’ll give you a feeling for the kind of adversarial thinking that is required in this field. Large portions of this course are hands-on: you will need to acquire the relevant skills rather than just reading about it. The recommended course textbook will be especially helpful to those with no prior low-level hacking experience.

Lectures

  • Introduction.
    The adversarial nature of security; thinking like the attacker; confidentiality, integrity and availability; systems-level thinking; Trusted Computing Base; role of cryptography.

    Fundamentals of access control.
    Discretionary vs mandatory access control; discretionary access control in POSIX; file permissions, file ownership, groups, permission bits.

    Software security (spanning 4 book chapters)
    Setuid (chapter 1): privileged programs, attack surfaces, exploitable vulnerabilities, privilege escalation from regular user to root.
    Buffer overflow (chapter 4): stack memory layout, exploiting a buffer overflow vulnerability, guessing unknown addresses, payload, countermeasures and counter-countermeasures.
    Return to libc and return-oriented programming (chapter 5): exploiting a non-executable stack, chaining function calls, chaining ROP gadgets.
    SQL injection (chapter 12): vulnerability and its exploitation, countermeasures, input filtering, prepared statements.

    Authentication.
    Something you know, have, are; passwords, their dominance, their shortcomings and the many attempts at replacing them; password cracking; tokens; biometrics; taxonomy of Single Sign-On systems; password managers.

    Web and internet security (spanning 3 book chapters).
    Cross-Site Request Forgery (chapter 10): why cross-site requests, CSRF attacks on HTTP GET and HTTP POST, countermeasures.
    Cross-Site Scripting (chapter 11): non-persistent vs persistent XSS, javascript, self-propagating XSS worm, countermeasures;
    TCP attacks (chapter 16): SYN flooding, TCP reset, TCP session hijacking.

    Human factors.
    Users are not the enemy; Compliance budget; Prospect theory; 7 principles for systems security.

    Additional topics.
    Viruses, worms and quines; lockpicking; privilege escalation in physical locks; conclusions.


    To complete the course successfully, students must acquire the practical ability to carry out (as opposed to just describing) the exploits mentioned in the syllabus, given a vulnerable system. The low-level hands-on portions of the course are supported by the very helpful course textbook. Those who choose not to study on the recommended textbook will be severely disadvantaged.

    Recommended textbook: Kevin Du, Computer & Internet Security: A Hands-on Approach, Second Edition, 2019. ISBN: 978-1733003933 (paperback)

    https://www.handsonsecurity.net. Some chapters freely available online.

     


    Optional additional books (not substitutes):

     

    Ross Anderson, Security Engineering 3rd Ed, Wiley, 2020. ISBN: 978-1-119-64278-7. https://www.cl.cam.ac.uk/~rja14/book.html. Some chapters freely available online.

     

    Paul van Oorschot, Computer Security and the Internet, Springer, 2020. ISBN: 978-3-030-33648-6 (hardcopy), 978-3-030-33649-3 (eBook). https://people.scs.carleton.ca/~paulv/toolsjewels.html. All chapters freely available online.