COMP-4721 Details

COMP 4721 Computer Security

Course description

A general objective of this course is to get a glimpse at the tools and techniques that hackers have employed in the past, with the main goal of understanding some fundamental concepts that will be useful in developing defensive tools. Specifically, this course gives you an overview of information and computer security along with some cryptography. Some concepts from network security are also included. Other material includes

  • Assets, risks and vulnerabilities
  • The CIA triad
  • Cryptography basics (asymmetric vs. symmetric, block vs. stream, etc.), old-school cryptosystems (substitution, rotation, transposition)
  • Cryptanalysis (frequency analysis, brute force, weaknesses)
  • Cryptography details (RSA, DSA, DH, EC)
  • Security policies, access controls and protection methods
  • Role-based access controls
  • Database security
  • Authentication technologies
  • Host-based and network-based security issues and defensive technology and techniques
  • Software vulnerabilities, exploitation and prevention (buffer over/underflows, untrusted input, numerical errors, ROP chains, etc.)
  • Threat modeling and attack surface

Course learning objectives

Upon completion of this course you will be able to, for a given scenario:

  • Assess risks, threats and vulnerabilities
  • Develop a threat model
  • Write a proposal to fortify the network against a given threat model
  • Read and understand the specifics of a given intrusion
  • Identify general principles that underlie different intrusions
  • Develop vocabulary common to information security
  • Understand the mathematical foundations on which the modern cryptography is built
  • Detailed understanding of database SQL injection attacks
  • In-depth knowledge of common types of software attacks, vulnerabilities and exploits
  • Understand the trade offs offered different security models to enforce policies
  • Use off the shelf software for encryption/decryption, key management
  • Write code that utilizes crypto libraries for encryption/decryption/signing
  • Use security controls in modern operating systems (Unixes/Windows) and understand the access control policies and implementation