CSC 405

Computer Security

Level:
[Ugrad]
Number:
CSC 405
Title:
Computer Security
Format:
In-person, recorded lectures
Credits:
3
Offerings:
2027 Spring
Introductory undergraduate course on computer security covering fundamental information security concepts including risks and vulnerabilities, applied cryptography, program security, malware, authentication, access control, operating system security, multilevel and trusted systems, database security, inference control, physical security, and system assurance.
Rotating Instructors: Note that this course is taught by a rotating set of instructors depending on availability. This course page reflects my offering of the course. Structure and content may vary between instructors.

Overview #

Basic concepts and techniques in information security and management such as risks and vulnerabilities, applied cryptography, program security, malicious software, authentication, access control, operating systems security, multilevel security, trusted operating systems, database security, inference control, physical security, and system assurance and evaluation. Coverage of high-level concepts such as confidentiality, integrity, and availability applied to hardware, software, and data.

Topic List #

  1. Web Security
  2. Web Security – SQL Injections
  3. Web Security – XSS
  4. ClickJacking & EAR
  5. Browser Extensions
  6. Evasive web-based malware
  7. Shellcode
  8. Linux Security
  9. Reverse Engineering
  10. Control-flow hijack attacks
  11. Stack Canaries & ASLR
  12. Return-into-libc & ROP
  13. Control-flow integrity

Outcomes #

By the end of this course, students will be able to:

  1. Explain software and web vulnerabilities and implement attacks against them
  2. Understand what defense mechanisms exist against these attacks, how they work and why some of them fail against the latest attacks
  3. Describe the methods and motivation of Internet malware and the motivations behind these attacks
  4. Design systems and software with security in mind