NDAA09031U Proactive Computer Security (PCS)
MSc Programme in Computer Science
MSc Programme in Computer Science with a minor subject
The goal of this course is to give students an introduction to IT security on a deeper technical level. The syllabus primarily takes on the viewpoint of the attacker, with excursions into defensive techniques motivated by the concrete attacks.
The course focuses on gaining a deep hands-on understanding of a few selected topics rather than covering more material with the use of specialised tools.
After completing the course, the successful student will have:
- Fuzzing, web security, stack and heap buffer overflows, shellcode, reverse engineering.
- Details of the interaction between user programs and the operating system.
- Tools used for IT security, especially reverse engineering.
- Vulnerabilities and how to correct them and/or mitigate attacks against them.
- Analyse simple web applications from a security perspective, locate vulnerabilities, and demonstrate how to rectify them.
- Describe and apply exploitation techniques such as return-oriented programming and stack and heap buffer overflows, as well as counter mechanisms.
- Do basic reverse engineering of binary programs and locate vulnerabilities.
- Understand the link between vulnerabilities in binary programs and the insecure source code that produce them.
- Recognise insecure source code and suggest corrections.
- Use and develop shellcode.
- Determine a vulnerability by reviewing an exploit of it, and suggest corrections.
- Find and evaluate security issues using fuzzing, reverse engineering, and source code auditing.
See Absalon when the course is set up.
The practical work in the course is based on command-line UNIX tools, thus you are expected to have access to a Linux box and have a working knowledge of how to use Linux via a command prompt.
Academic qualifications equivalent to a BSc degree is recommended.
- Practical exercises
- Project work
PhD’s can register for MSc-course by following the same procedure as credit-students, see link above.
- 7,5 ECTS
- Type of assessment
- Continuous assessmentContinuous assessment based on student presentation and 6-8 written, individual assignments. Each assignment will have equal weight towards the final grade, with the exception of the final assignment which will count as double. Submission in Absalon.
- All aids allowed
- Marking scale
- 7-point grading scale
- Censorship form
- No external censorship
Several internal examiners
Oral examination of maximum 40 minutes (including grading) without preparation, based on resubmission of mandatory assignments.
The assignments must be submitted no later than two weeks before the re-exam week to qualify for the re-exam.
Criteria for exam assesment
See Learning Outcome.