echo "EC521 Security" | sed s/\ /\ Cyber/g

ECE Homepage
Related Security Research
Blog
Twitter
Abstract
Topics
Prerequisites
Location
Dates and Times
Slides
Challenges
Standings
Environment
Grading

EC 521: CyberSecurity, Spring 2020

Boston University Terriers Boston Strong Boy Router

Instructor

Manuel Egele

For correspondence, post to the piazza course site.

Graduate Student Teacher (GST)

  • Sumatra Dhimoyee
GST Office Hours:
  • Thu 06:00pm -- 08:00pm, Fri 06:00pm -- 08:00pm, @PHO305/307
Instructor's Office Hours:
  • Mon 3pm -- 4:30pm, Wed 09:00am -- 10:00am @ PHO337

Abstract

Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect systems, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of attacks is a prerequisite for the design and implementation of secure systems.

This course deals with common programming, configuration, and design mistakes and ways to detect and avoid them. Examples are used to highlight general error classes, such as stack and heap overflows. Possible protection and detection techniques are examined. The course includes a number of practical lab assignments where participants are required to apply their knowledge as well as a discussion of the current research in the field. Students will learn how the security of systems can be violated, and how such attacks can be detected and prevented.

The course aims to make the students "security aware", and gain an in-depth understanding about security issues.

Tentative Syllabus

  • Introduction & Principles
  • Reconnaissance
  • Unix Security Part
  • Web Security Part
  • Memory - Operational Semantics & Stack
  • Memory - Assembly Primer
  • Memory Corruption - Vulnerabilities
  • Reverse Engineering
  • Mobile Security
  • Malware

With Topics On

  • Operating system security and vulnerabilities (UNIX, Windows, stack and heap overflows)
  • Windows Security
  • Buffer Overflows (including Heap overflow)
  • Testing
  • Reverse engineering and binary analysis
  • Viruses, worms, malware and malicious code
  • Botnets
  • Language security
  • Web security

Prerequisites

Significant Programming experience (this course is not for you if you are a beginner)
Operating Systems knowledge (e.g., EC440)
Knowledge of C useful, C++ less useful
Basic SQL knowledge
Basic web programming knowledge

Dates and Times

Mondays & Wednesdays 10:10 -- 11:55, PHO 205
Labs (by announcement only)

Slides and Schedule

01/22/2024 Class 0x00 -- Introduction (download slides)
01/24/2024 Class 0x01 -- Principles of Security (download slides)
01/29/2024 Class 0x02 -- Reconnaissance (download slides)

Practical Challenges (Homework Assignments)

Students will "need" to solve a set of practical challenges (assignments) in the lab part of the course.
For more information on the challenges and the grading, check this page.

The current challenge is Challenge 1.

Grading

The course grade will be based on:

40%: 8 practical security challenges
20%: Security Project
15%: Midterm exam
20%: Final exam
5%: Participation

Registration

Registration details will be announced via e-mail to the registered participants.
Last Modified: Sat Jan 13 13:54:16 EDT 2020

Boston University, http://www.bu.edu