Computer Security

Introductory undergraduate course on computer security covering core concepts and defenses.
Number:
[CSC 405] Ugrad
Short:
CompSec
Format:
In-person, recorded lectures
Credits:
3

Iterations

2027 Spring
Upcoming
Rotating Instructors: This course may be taught by different instructors in different semesters, depending on availability. This page reflects only my offering.

Overview #

Basic concepts and techniques in information security and management such as risks and vulnerabilities, applied cryptography, program security, malicious software, authentication, access control, operating systems security, multilevel security, trusted operating systems, database security, inference control, physical security, and system assurance and evaluation. Coverage of high-level concepts such as confidentiality, integrity, and availability applied to hardware, software, and data.

Topic List #

  1. Web Security
  2. Web Security – SQL Injections
  3. Web Security – XSS
  4. ClickJacking & EAR
  5. Browser Extensions
  6. Evasive web-based malware
  7. Shellcode
  8. Linux Security
  9. Reverse Engineering
  10. Control-flow hijack attacks
  11. Stack Canaries & ASLR
  12. Return-into-libc & ROP
  13. Control-flow integrity

Outcomes #

By the end of this course, students will be able to:

  1. Explain software and web vulnerabilities and implement attacks against them
  2. Understand what defense mechanisms exist against these attacks, how they work and why some of them fail against the latest attacks
  3. Describe the methods and motivation of Internet malware and the motivations behind these attacks
  4. Design systems and software with security in mind