Error message

User warning: The following module has moved within the file system: ldap_user. In order to fix this, clear caches or put the module back in its original location. For more information, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1143 of /usr/local/stow/drupal-7.56/lib/drupal-7.56/includes/bootstrap.inc).

Overview

Lecturers Avishai Wool, Zvi Ostfeld
Teaching Assistants Nir Krakowski , Dan Gittik
Exercise Checker Yuval Lewi
Lecture Sundays 13:00-16:00, (0368-3065-01)
Sherman 002
Recitations Sundays 16:00-17:00 (0368-3065-02),
Sundays 17:00-18:00 (0368-3065-03)
Sherman 002
Final exams Moed A - 16.06.16, 09:00
Moed B - 17.07.16, 09:00

The Introduction to Information Security course surveys central concepts in applied information security and cyber security, and offers a hands-on introduction to secure programming and vulnerability analysis.

High-level goals:

  • Make students aware of the major security risks and attack vectors
  • Gain concrete hands-on experience with prominent tools and technologies
  • Teach about good tools and practices for building secure systems
  • Instill the state of mind and conceptual vocabulary for reasoning about systems security
  • Offer a glimpse into open research questions

A student who has taken the class and then got a programming project should know when he's doing something dangerous and what are the standard solutions, and be able to to productively communicate with vendors and experts.

Scope:

  1. Programming vulnerabilities (buffer/stack/integer overflow, input validation, privilege escalation)
  2. Exploitation techniques and the low-level details underlying them (reverse engineering x86 assembly, shell codes, return-oriented programming, rootkits, fuzzing, packet injection)
  3. Secure platforms and programming (confinement mechanisms, operating system security, languages, libraries, trusted platform architecture, good practices, analysis tools)
  4. Network security and vulnerability  (TCP/IP security, DoS attacks, SSL/TLS)
  5. Web security (browser security model, XSS, CSRF)
  6. Cryptography basics (encryption, digital signatures, certificates)
  7. Authentication (passwords, biometrics, tokens)
  8. Authorization policies (access control, information flow control, logging, detection)
  9. Physical security (air gaps, side-channel attacks)
  10. Study cases (e.g., banks, mobile phones, cars)

See also previous years' courses (2013, 2014, 2015), but note that there are changes in the syllabus.

A significant part of the course material will be in English.

Course requirements:

  • Homework assignments every week, submitted individually. Many assignments will be “wet” exercises on attacking and defending mock systems. There will be plenty of work using low-level tools such as x86 assembly, network monitoring/injection tools, and mock attack targets
  • Final grade: 65% exam, 35% exercises

Requisite courses:

  • Operating Systems (0368-2162) or Introduction to Systems Programming (0512-4402) or equivalent

Recommended (not mandatory) courses:

  • Introduction to Modern Cryptography (0368-3049) or Cryptography and Computer Security (0510-7401) or Foundations of Cryptography (0368-4162) or equivalent