This is an archived course site. See the 2014 version of this course.
Lecturers | Eran Tromer, Avishai Wool |
Teaching assistants | Itamar Gilad, Nir Krakowski |
Lecture | Sundays 15:00-18:00 Schreiber 006 (0368-3065-01) |
Recitation | Sundays 13:00-14:00 Schreiber 006 (0368-3065-03) |
Final exams | 21.07.2013 and 11.09.2013 |
The Introduction to Information Security course surveys central concepts in applied information security and cyber security, and offers a hands-on introduction to secure programming and vulnerability analysis.
High-level goals:
- Make students aware of the major security risks and attack vectors
- Teach about good tools and practices for building secure systems
- Instill the state of mind and conceptual vocabulary for reasoning about systems security
A student who has taken the class and then got programming project should know when he's doing something dangerous, what are the standard solutions, and be able to to productively communicate with vendors and experts.
Tentative scope:
1. Programming vulnerabilities (buffer/stack/integer overflow, format strings, privilege escalation)
2. Secure platforms and programming (OS, TPM, languages, libraries, good practices, analysis tools)
3. Network vulnerabilities (impersonation, DoS, application-level) and defense (SSL, IPsec, firewalls, anomaly detection)
4. Authentication (passwords, biometrics, tokens, certificates)
5. Authorization policies (access control, information flow control, logging, detection)
6. Law and ethics (personal privacy, legal setting in Israel and abroad, exposure practices)
7. Market and economics (the vulnerability/malware/botnet market, propagation dynamics, incentives, security mechanism design)
8. Physical and psychological elements (tamperproofing, user interfaces, social engineering)
9. Study cases (e.g., banks, mobile phones, cars)
The requisite cryptography background will be covered in the accompanying course Introduction to Modern Cryptography.
Course requirements:
Requisite courses: