Error message

User warning: The following module has moved within the file system: ldap_user. In order to fix this, clear caches or put the module back in its original location. For more information, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1143 of /usr/local/stow/drupal-7.60/lib/drupal-7.60/includes/bootstrap.inc).

Overview

Lecturers Eran Tromer, Avishai Wool
Leading teaching assistants Itamar GiladNir Krakowski
Teaching assistant / exercise checker Michal Shagam
Lecture Sundays 13:00-16:00, Dach 005  (0368-3065-01)
Recitations
  1. Sundays 16:00-17:00, Dach 005  (0368-3065-02)
  2. Sundays 17:00-18:00, Schreiber 008   (0368-3065-03)
Final exams 25.06.2014, 07.09.2014
Teaching Survey http://www.tau.ac.il/teaching-survey-2014

The Introduction to Information Security course surveys central concepts in applied information security and cyber security, and offers a hands-on introduction to secure programming and vulnerability analysis.

High-level goals:

- Make students aware of the major security risks and attack vectors
- Gain concrete hands-on experience with prominent tools and technologies

- Teach about good tools and practices for building secure systems

- Instill the state of mind and conceptual vocabulary for reasoning about systems security

A student who has taken the class and then got programming project should know when he's doing something dangerous, what are the standard solutions, and be able to to productively communicate with vendors and experts.
 

Scope:
1. Programming vulnerabilities (buffer/stack/integer overflow, format strings, privilege escalation)
2. Secure platforms and programming (OS, TPM, languages, libraries, good practices, analysis tools)
3. Network vulnerabilities (impersonation, DoS, application-level) and defense (SSL, IPsec, firewalls, anomaly detection)
4. Exploitation techniques and the low-level details underlying them (reverse engineering x86 assembly, shell code, packet injection
5. Cryptography basics (encryption, digital signatures, certificates)
6. Authentication (passwords, biometrics, tokens, certificates)
7. Authorization policies (access control, information flow control, logging, detection)
8. Physical and psychological elements (tamperproofing, user interfaces, social engineering)
9. Study cases (e.g., banks, mobile phones, cars)

Optional:
10. Law and ethics (personal privacy, legal setting in Israel and abroad, exposure practices)
11. Market and economics (the vulnerability/malware/botnet market, propagation dynamics, incentives, security mechanism design)

See also last year's course, Introduction to Information Security 2013, but note that there are changes in the syllabus.

Course requirements:

 

Requisite courses:

  • Operating Systems
  • Computer Structure
  • Introduction to Modern Cryptography (0368-3049) or Cryptography and Computer Security (0510-7401) - helpful but not mandatory