Course description
The Introduction to Information Security course surveys central concepts in applied information security and cyber security, and offers a hands-on introduction to vulnerability analysis and exploitation techniques, secure programming and secure system architecture.
High-level goals:
- Make students aware of major security risks and attack vectors
- Gain concrete hands-on experience with vulnerability analysis and exploitation
- Teach about good tools and practices for building secure systems
- Instill the state of mind and conceptual vocabulary for reasoning about systems security
High-level list of topics that will be covered:
- Cryptography (symmetric and asymmetric, hashing, signatures, etc.)
- Reverse engineering and binary patching
- Low level vulnerabilities and their exploitations (BoF, ROP, Polymorphic shellcodes, etc.)
- Networking vulnerabilities and defense mechanisms
- Logical vulnerabilities and permission models
- Secure web applications and authentication methods
The course includes weekly hands-on exercises of analysis and exploitation, which require significant time and effort.
The course grade consists of 35% homework and 65% final exam (see past exams here).
Requisite courses:
- Operating Systems (0368-2162) or Introduction to Systems Programming (0512-4402) or equivalent
Recommended (not requisite) courses and knowledge:
- It is recommended (but not mandatory) to have completed courses on computer networking and/or cryptography.
- Exercises will vary across programming languages, depending on the system being discussed: Python, SQL, JavasScript, x86 Assembly). Good understanding of the C programming language is needed for the low-level part of the course.
