Error message

User warning: The following module has moved within the file system: ldap_user. In order to fix this, clear caches or put the module back in its original location. For more information, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1143 of /usr/local/stow/drupal-7.60/lib/drupal-7.60/includes/bootstrap.inc).

Overview

This is an archived course site. See the 2014 version of this course.

 

Lecturers Eran Tromer, Avishai Wool
Teaching assistants Itamar GiladNir Krakowski
Lecture Sundays 15:00-18:00 Schreiber 006  (0368-3065-01)
Recitation Sundays 13:00-14:00 Schreiber 006  (0368-3065-03)
Final exams 21.07.2013 and 11.09.2013

The Introduction to Information Security course surveys central concepts in applied information security and cyber security, and offers a hands-on introduction to secure programming and vulnerability analysis.

High-level goals:

- Make students aware of the major security risks and attack vectors

- Teach about good tools and practices for building secure systems

- Instill the state of mind and conceptual vocabulary for reasoning about systems security

A student who has taken the class and then got programming project should know when he's doing something dangerous, what are the standard solutions, and be able to to productively communicate with vendors and experts.
 

Tentative scope:
1. Programming vulnerabilities (buffer/stack/integer overflow, format strings, privilege escalation)
2. Secure platforms and programming (OS, TPM, languages, libraries, good practices, analysis tools)
3. Network vulnerabilities (impersonation, DoS, application-level) and defense (SSL, IPsec, firewalls, anomaly detection)
4. Authentication (passwords, biometrics, tokens, certificates)
5. Authorization policies (access control, information flow control, logging, detection)
6. Law and ethics (personal privacy, legal setting in Israel and abroad, exposure practices)
7. Market and economics (the vulnerability/malware/botnet market, propagation dynamics, incentives, security mechanism design)
8. Physical and psychological elements (tamperproofing, user interfaces, social engineering)
9. Study cases (e.g., banks, mobile phones, cars)
The requisite cryptography background will be covered in the accompanying course Introduction to Modern Cryptography.

Course requirements:

  • Final exam [Moed Aleph] [Solution] [example questions]
  • Homework exercises every week. Many homework will be “wet” exercises on attacking and defending mock systems.
  • Final grade: 65% exam, 35% exercises

 

Requisite courses:

  • Introduction to Modern Cryptography (can be taken in parallel)
  • Operating Systems
  • Computer Structure