Idea Transcript
Computer Security 2 Lecturers: Emiliano De Cristofaro (http://emilianodc.com/), Gianluca Stringhini (http://www0.cs.ucl.ac.uk/staff/G.Stringhini/) University College London, MSc. in Information Security, Term 2
CONTENT (2015/16) Introduction to advanced security topics: threat modeling, security properties, vulnerabilities, harm, history of security [PDF (http://compsec2.cs.ucl.ac.uk/slides/intro.pdf)] Network Security: Attacks against the TCP/IP stack, security problems of BGP, DNS, FTP, SSL [PDF (http://compsec2.cs.ucl.ac.uk/slides/netsec.pdf)] Denial of Service [PDF (http://compsec2.cs.ucl.ac.uk/slides/dos.pdf)] Practical Security in Facebook (Guest Lecture) Web Security: XSS, SQL issues, CSRF, clickjacking [PDF (http://compsec2.cs.ucl.ac.uk/slides/websec.pdf)] Software Vulnerabilities: Stack-based buffer overflows, heap-based buffer overflow, format string vulnerabilities, return oriented programming [PDF (http://compsec2.cs.ucl.ac.uk/slides/softsec.pdf)] Advanced exploits [PDF (http://compsec2.cs.ucl.ac.uk/slides/advanced.pdf)] Malware and botnets [PDF (http://compsec2.cs.ucl.ac.uk/slides/malware.pdf)] Network defense [PDF (http://compsec2.cs.ucl.ac.uk/slides/netdefense.pdf)] Practical malware analysis (Guest Lecture, Dr Marco Cova, LastLine) [PDF (http://compsec2.cs.ucl.ac.uk/slides/lastline.pdf)]
METHOD OF INSTRUCTION Lecture presentations and laboratory sessions with associated coursework
ASSESSMENT Written examination (2.5 hours, 70%) Coursework (30%)
RESOURCES Dieter Gollmann, "Computer Security" (3rd edition) Ross Anderson, “Security Engineering” Kurose & Ross, “Computer Networking: A Top-Down Approach” (6th edition) William Stallings, “Cryptography and Network Security” C.P. Pfleeger and S.L. Pfleeger, “Analyzing Computer Security: A Threat/Vulnerability/Countermeasure Approach”.
This course is part of the "10K students initiative" to improve computer security education in the European Union
(http://10Kstudents.eu)