CSL865: Spl. Topics in Computer Applications: Systems Security

Sem II, 2009-10

Slot E (Tue, Wed, Fri, 10-10.50am)
Instructors: Huzur Saran, Sorav Bansal

Programming Assignments

  1. Buffer Overflow Exploits
  2. Fuzzing (due date: March 19, 2010)
  3. Traceroute (due date: April 17, 2010)



Secure system design

Buffer Overflows, Integer Overflows, formatstring vulnerabilties, other libc bugs [PDF, PPT]

Access Control and Protection [PDF, PPT]

Defenses against well-known attacks (buffer overflows, etc.) [PDF, PPT]

Heap Spraying / Stack Spraying Attacks [PDF, PPT]

Testing for security via fuzzing

Tools for writing robust application code

Dealing with bad (legacy) application code: sandboxing and isolation [PDF, PPT]


Data Lifetime

OS abstractions for Browsers

Use of cryptography in computer security [PDF, PPT]

Security problems in network protocols: TCP, DNS, SMTP, and routing [PDF, PPT]

Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters [PDF, PPT]

Malware: Computer viruses, spyware, and key-loggers [PDF, PPT]

Bot-nets: Attacks and Defenses [PDF, PPT]

Unwanted Traffic: Denial-of-Service attacks and Spam email [PDF, PPT]

Network security testing [PDF, PPT]

Mobile Networks


Basic web security model [PDF, PPT]

User authentication and session management [PDF, PPT, PDF, PPT]

Web site security [PDF, PPT]

Digital Rights Management [PDF, PPT]