Computer Security Course Overview and Content Details
Explore the essentials of computer security with topics covering safety, confidentiality, integrity, and availability. Delve into diverse fields like software security, web security, networking security, and more for a deep understanding of building secure systems. The course includes foundational principles, specific security issues, and potential topics such as software security, web security, networking security, and machine learning security.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Overview Topics in Computer Security Baojian Hua bjhua@ustc.edu.cn
Whats computer security? Many aspects: safety, confidentiality, integrity, availability, Useful or important? What principles are applied in building safe and secure systems? many ideas: isolation, open design, minimal trusted computing base, etc.
Whats computer security? Diverse fields: Software security, web security, networking security, mobile security, ML security, IoT security, blockchain security, And still in rapid growth Every new computer science topic comes with a security topic
Course Contents Foundation of computer security General principals, terminologies & concepts Specific security problems and mitigations (5 board topics for this year's course) Basic principals Software security Web security Network security Machine learning security
Course Contents: software security Potential topics: Set-UID & env-vars Shell and shellshock buffer overflow Ret-to-libc & ROP Format strings attack Race conditions & dirty-COW
Course Contents: web security Potential topics: CSRF: Cross Site Request Forgery XSS: Cross-Site Scripting SQL injection Browser security (if time permits)
Course Contents: networking security Potential topics: Packet sniffing and spoofing Link layer (ARP cache poisoning) IP layer (IP attack) Transport layer (TCP attack, VPN) Application layer (DNS attack, PKI & TLS/HTTPS)
Course Contents: machine learning security Potential topics: Backdoor, Trojan horse, neutron overflow, You'll finish a project on this in a group The content is relatively new No lectures, but we'll help to select the topics, set up the environments, etc.. Details to be discussed below
Administrivia Staff: Hua, Baojian: bjhua@ustc.edu.cn Fan, Qiliang: sa613162@mail.ustc.edu.cn Pan,Zhizhong: sg513127@mail.ustc.edu.cn Course page: http://staff.ustc.edu.cn/~bjhua papers, labs, books, projects, among other materials check it frequently
Course Organization #1: book reading Chapter assigned before each lecture some are very technical, so must read in advance Don t expect to pick it up just by sitting and listening #2: lecture and discussion lecture given by me discussion by all of us #3: lab 1 lab/per week planned you are expected to become an expert after #4: project Finish a project (team of no more than 3 people)
#1: Readings This year, we'll be using the book Computer security: a hands-on approach how to read? what security problem does this chapter intend to address? is this problem real or serious? How does the security problem happen? How to mitigate the problem? novel or borrowed from other fields? method detail? the benefits and drawbacks? Your comment! Better ideas?
#1: Reading, cont' There will a question about the topic You are expected to answer the question after you read the material And submit you answer before the next lecture We ll not grade you answer but just to see that you ve made your hands dirty
#1: Background knowledge Security study means that you must be an expert on the relevant topics can we understand virus if we don t know what's .exe file format or how it s executed? can we perform web attack if we don t know how browsers and web servers work? So, when reading the assigned papers, pick up the background knowledge along the way we d offer some other auxiliary materials
#2: lecture & discussion Three parts in each week s lecture: #1: background knowledge, zero-starting e.g., what s a buffer, how does it work? #2: security vulnerability and exploitation e.g., why a buffer can be overflowed? e.g., why does an overflow corrupt the system? #3: defending techniques e.g., canary, stack-guard or CPU NX-bit
#3: Labs Learning-by-doing, or learning-by- hacking This year, we'll be using the accompanied SEED project with the book Roughly 1 lab/per week Considerable engineering efforts To start early
#4: Projects Select a topic from machine learning security And finish a final project See the course web pages for detailed schedule Proposal, write-up, presentation In a group of no more than 3 people
Evaluation Labs: 30% Project: 30% Final-test: 40%
What to do next? Check out the course web pages Lab #1 is out: To install the software Read the first assigned reading Do the homework Find partners, form groups, select ML security topics
![❤[READ]❤ Deep Space Craft: An Overview of Interplanetary Flight (Springer Praxis](/thumb/21511/read-deep-space-craft-an-overview-of-interplanetary-flight-springer-praxis.jpg)
