CSC 405 - Computer Security
Catalog Description:Basic concepts and techniques in information security and management such as risks and vulnerabilities, applied cryptography, program security, malicious software, authentication, access control, operating systems security, multilevel security, trusted operating systems, database security, inference control, physical security, and system assurance and evaluation. Coverage of high-level concepts such as confidentiality, integrity, and availability applied to hardware, software, and data.
Contact Hours:
- Lecture: 3 hours
Co-requisites: None
Restrictions: None
Coordinator: Dr. Alexandros Kapravelos
Textbook: None
Course Outcomes:
By the end of this course, students will be able to:
- Explain software and web vulnerabilities and implement attacks against them
- Understand what defense mechanisms exist against these attacks, how they work and why some of them fail against the latest attacks
- Describe the methods and motivation of Internet malware and the motivations behind these attacks
- Design systems and software with security in mind
Topics:
- Web Security
- Web Security - SQL Injections
- Web Security - XSS
- ClickJacking & EAR
- Browser Extensions
- Evasive web-based malware
- Shellcode
- Linux Security
- Reverse Engineering
- Control-flow hijack attacks
- Stack Canaries & ASLR
- Return-into-libc & ROP
- Control-flow integrity
See Course Listings