Course description

The Introduction to Information Security course surveys central concepts in applied information security and cyber security, and offers a hands-on introduction to vulnerability analysis and exploitation techniques, secure programming and secure system architecture.

High-level goals:
- Make students aware of major security risks and attack vectors
- Gain concrete hands-on experience with vulnerability analysis and exploitation
- Teach about good tools and practices for building secure systems
- Instill the state of mind and conceptual vocabulary for reasoning about systems security

High-level list of topics that will be covered:

- Cryptography (symmetric and asymmetric, hashing, signatures, etc.)
- Reverse engineering and binary patching
- Low level vulnerabilities and their exploitations (BoF, ROP, Polymorphic shellcodes, etc.)
- Networking vulnerabilities and defense mechanisms
- Logical vulnerabilities and permission models
- Secure web applications and authentication methods

The course includes weekly hands-on exercises of analysis and exploitation, which require significant time and effort.

The course grade consists of 35% homework and 65% final exam (see past exams here).

Requisite courses:

• Operating Systems (0368-2162) or Introduction to Systems Programming (0512-4402) or equivalent

Recommended (not requisite) courses and knowledge:

• It is recommended (but not mandatory) to have completed courses on computer networking and/or cryptography.

• Exercises will vary across programming languages, depending on the system being discussed: Python, SQL, JavasScript, x86 Assembly). Good understanding of the C programming language is needed for the low-level part of the course.