Course information
- Complete course name: 055633 - COMPUTER SECURITY - UIC 587 (ZANERO STEFANO)
- Profesor: Stefano Zanero
- Tutor: Armando Bellante
- Accademic year: 2021-2022
- Recordings: link to webeep
- Webeep: link to recman
Topics
- Introduction to computer security
- Cryptography
- Authentication
- Access Control
- Software security
- Buffer overflow
- Format string bugs
- Web security
- Network security
- Malwares
Schedule
| Date | Recording | Title | Slides |
|---|---|---|---|
| 02 24 | Recording | Introduction to the course What is somputer security? |
00. Administrivia-new 01. Introduction to Computer Security-new |
| 02 25 | Recording | Assets Threats Security and protection Risk management |
01. Introduction to Computer Security-new |
| 03 03 | Recording | Trust and assumptions History of criptography Definitions in cryptography Perfectly secure cypher |
01. Introduction to Computer Security-new 02 Introduction to cryptography |
| 03 04 | Recording | Cryptographically Safe Pseudorandom Number Generators Pseudorandom Permutations (Block ciphers) Data integrity Message Authentication Codes (MAC) Hashes |
02 Introduction to cryptography |
| 03 10 | Recording | Diffie-Helman key agreement Public key encription Digital signatures Certification authorities |
02 Introduction to cryptography |
| 03 11 | Recording | Entropy Identification vs authentication Three factors of authentication "to know" factor of authentication |
02 Introduction to cryptography 03. Authentication |
| 03 24 | Recording | "to have" factor of authentication | 03. Authentication |
| 03 25 | Recording | "to be" factor of authentication | 03. Authentication |
| 03 31 | Recording | Introduction to access control DAC Discretionary Access Control MAC Mandatory Access Control Brief introduction to vulnerabilities |
04. Access Control 05. Introduction to Software Security |
| 04 01 | Recording | Life of a vulnerability Disclosure lifecycle Exploits |
05. Introduction to Software Security |
| 04 07 | Recording | Key issues in secure design Recap of x86 for buffer overflow |
05. Introduction to Software Security 06. Buffer Overflows |
| 04 08 | Recording | Buffer overflows Shell code |
06. Buffer Overflows |
| 04 14 | Recording | Preparing the memory in practice Shell code in environment variables Return to libc |
06. Buffer Overflows |
| 04 21 | Recording | Defending against buffer overflows Introduction to format string bugs |
06. Buffer Overflows 07. Format String Bugs |
| 04 22 | Recording | Format String Bugs | 07. Format String Bugs |
| 04 29 | Recording | Introduction to web security Filtering XSS vulnerabilities |
08. Web Application Security |
| 05 05 | Recording | SQL Injections Information leaks Intro to cookies |
08. Web Application Security |
| 05 06 | Recording | Cross-Site Request Forgery Denial of Service Sniffing |
08. Web Application Security 09. Network Protocol Attacks |
| 05 19 | Recording | ARP spoofing Filling CAM tables Abusing spanning tree protocol IP address spoofing TCP session hijacking Man in the middle DNS poisoning DHCP poisoning ICMP redirect attack Route mangling |
09. Network Protocol Attacks |
| 05 20 | Recording | Firewalls Architectures for secure networks Demilitarized zone Virtual Private Networks |
10. Secure Network Architectures |
| 05 26 | Recording | TLS protocol SET Malware introduction |
11. Network Security Protocols - TLS and SET 12. Malicious Software |
| 05 27 | Recording | Theory of computer viruses Malware lifecycle Malware categories and techniques Defending against malwares |
12. Malicious Software |