CS279 - Advanced Topics in Security
Computer security issues have become increasingly important, as the Internet
has become the infrastructure that supports the economy, critical services,
and our social life.
To address the ever-changing set of security issues that affect applications,
operating systems, and networks, it is necessary to understand the details of
both the vulnerabilities that make security compromises possible and the
countermeasures that are required to detect and block the attacks that exploit
This course focuses on how to analyze the security of a computer system.
Therefore, this course will present concepts and approaches that allow one
evaluate the security posture of applications and services.
The course mixes a practical, hands-on approach with a discussion of the
current research in the field. Participants will learn how vulnerabilities are
found and how these vulnerabilities can be exploited to compromise the
security of a system. This knowledge is a fundamental prerequisite for the
correct design of protection mechanisms. The course includes also live
security exercises in a protected environment, where the knowledge about both
attack and defense techniques is validated in the field.
The course also addresses and discusses in depth the ethical issues associated
with vulnerability analysis.
The course requires very good programming/development skills (C/C++,
Python), a solid background in operating systems (especially GNU/Unix), and
some basic knowledge about networks.
Office: Harold Frank Hall 2159
Class Schedule: Tuesdays and Thursdays, 9:00 am to 10:50 am in Phelps 2510
Office Hours: By appointment
To be determined.
Contacting the instructor/TA
The instructor and the TA can be contacted by sending an
email to the cs279-admin mailing list
Every student must have a CS account and must subscribe to
the cs279-users mailing list.
The mailing list will
be used to distribute last-minute information about the
- Introduction, History
- Ethics of Vulnerability Analysis
- A Crash Course On Cryptography
- Network Vulnerability Analysis
- Web Vulnerability Analysis
- Application Vulnerability Analysis
The course does not have a textbook.
Several of the topics covered during the course will be
supported by material distributed by the instructor.
There will be homework assignments, a midterm, and a
final. In addition, students will participate in a
live security exercises.
The final grade will be determined according to the
- Homeworks: 70%
- Midterm: 10%
- Final: 10%
- Live Exercise: 10%