Instructor

Engin Kirda

For correspondence, send a mail to ek@ccs.neu.edu.

Office hours: Find out here


Teaching Assistants

Bahruz Jabiyev and Prashant Singh Chouhan Find out here


News

  1. 10.12.2021 Challenge 4 is online. Good luck!
  2. 10.05.2021 Challenge 3 is online. Good luck!
  3. 09.28.2021 Challenge 2 is online. Good luck!
  4. 09.23.2021 Office hours are listed here.
  5. 09.19.2021 TA hours were announced on Piazza. Location details will follow.
  6. 09.16.2021 Challenge 1 is online. Good luck!
  7. 09.16.2021 Piazza was setup and invites were sent.
  8. 09.15.2021 Account information was just emailed out to everyone.
  9. 09.09.2021 First class is today. See announcement on Canvas.
  10. 09.02.2021 The website has been updated. Small updates and adjustments will follow.
  11. 08.31.2021 The course website will be updated in the next couple of days.

Abstract

Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect systems, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of attacks is a prerequisite for the design and implementation of secure systems.

This course deals with common programming, configuration, and design mistakes and ways to detect and avoid them. Examples are used to highlight general error classes, such as stack and heap overflows. Possible protection and detection techniques are examined. The course includes a number of practical lab assignments where participants are required to apply their knowledge as well as a discussion of the current research in the field. Students will learn how the security of systems can be violated, and how such attacks can be detected and prevented.

The course aims to make the students "security aware", and gain an in-depth understanding about security issues.


Some Topics

Operating system security and vulnerabilities
- (UNIX, Windows, stack and heap overflows)
Windows Security
Memory corruption
- (Buffer overflows, Heap overflows, Format string issues, etc.))
Testing
Reverse engineering and binary analysis
Malicious code
- (Viruses, Worms, Botnets, APTs, etc.)
Language security
Web security

Prerequisites

Significant Programming experience
- (This course is not for you if you are a beginner)
Knowledge of C/C++ useful
Basic SQL knowledge
Basic web programming knowledge

Dates and Times

Tuesdays (11:45am-1:15pm, WVG 108), Thursdays (2:50pm-4:20pm, WVG 108)


Slides, Material, and Schedule

All materials will be linked here.

Use your course credentials to access the material below.

Here are videos to the demos in class.

  • 12.07.2021 // Final
  • 12.02.2021 // Class 22
  • 11.30.2021 // Class 21 // Quiz 3
  • 11.23.2021 // Class 20
  • 11.18.2021 // Class 19
  • 11.16.2021 // Class 18
  • 11.11.2021 // No Class // Veteran's Day
  • 11.09.2021 // Class 17 // Quiz 2
  • 11.04.2021 // Class 16
  • 11.02.2021 // Class 15
  • 10.28.2021 // Class 14
  • 10.26.2021 // Class 13
  • 10.21.2021 // Midterm
  • 10.19.2021 // Class 12 // Slides and video lecture available on Canvas
  • 10.14.2021 // Class 11 // Slides and video lecture available on Canvas
  • 10.12.2021 // Class 10 // Slides and video lecture available on Canvas
  • 10.07.2021 // Class 9 // Slides and video lecture available on Canvas
  • 10.05.2021 // Class 8 // Quiz 1 // Slides and video lecture available on Canvas
  • 09.30.2021 // Class 7 // Slides and video lecture available on Canvas
  • 09.28.2021 // Class 6 // Slides and video lecture available on Canvas
  • 09.23.2021 // Class 5 // Slides and video lecture available on Canvas
  • 09.21.2021 // Class 4 // No physical class, recorded lecture
  • 09.16.2021 // Class 3 // Slides and video lecture available on Canvas
  • 09.14.2021 // Class 2 // Slides and video lecture available on Canvas
  • 09.09.2021 // Class 1 // Slides and video lecture available on Canvas

Practical Challenges (Assignments)

Students will "need" to solve a set of practical challenges (assignments) in the lab part of the course. For more information on the challenges and the grading, check this page.


Grading

  • 10%: 3 Quizzes
  • 25%: Midterm exam
  • 25%: Final exam
  • 5%: Participation
  • 35%: 8 practical security challenges

  • Registration

    Registration details will be announced via e-mail to the registered participants.


    Last Modified: Tue Oct 19 16:33:19 2021 EDT