Proactive Computer Security (PCS)

Course content

The goal of this course is to give students an introduction to IT security on a deeper technical level. The syllabus primarily takes on the viewpoint of the attacker, with excursions into defensive techniques motivated by the concrete attacks.

The course focuses on gaining a deep hands-on understanding of a few selected topics rather than covering more material with the use of specialised tools.

 

 

Education

MSc Programme in Computer Science

MSc Programme in Computer Science with a minor subject 

Learning outcome

After completing the course, the successful student will have:

Knowledge of

  • Fuzzing, stack and heap buffer overflows, shellcode, reverse engineering.
  • Details of the interaction between user programs and the operating system.
  • Tools used for IT security, especially reverse engineering.
  • Vulnerabilities and how to correct them and/or mitigate attacks against them.

 

Skills to

  • Analyse simple applications from a security perspective, locate vulnerabilities, and demonstrate how to rectify them.
  • Describe and apply exploitation techniques such as return-oriented programming and stack and heap buffer overflows, as well as counter mechanisms.
  • Do basic reverse engineering of binary programs and locate vulnerabilities.
  • Understand the link between vulnerabilities in binary programs and the insecure source code that produce them.
  • Recognise insecure source code and suggest corrections.
  • Use and develop shellcode.
  • Determine a vulnerability by reviewing an exploit of it, and suggest corrections.

 

Competences to

  • Find and evaluate security issues using fuzzing, reverse engineering, and source code auditing.

Lectures, exercise labs, student presentations, and mainly work on practical individual mandatory assignments.

See Absalon when the course is set up.

You need to be proficient in both high-level and low-level programming, and will be expected to hand-in solutions written in C, assembler, and perhaps PHP or Python. You are expected to have an understanding of the low-level architecture of computers.

The practical work in the course is based on command-line UNIX tools, thus you are expected to have access to a Linux box and have a working knowledge of how to use Linux via a command prompt.

Academic qualifications equivalent to a BSc degree is recommended.

Written
Individual
Continuous feedback during the course
ECTS
7,5 ECTS
Type of assessment
Continuous assessment
Type of assessment details
Continuous assessment based on student presentation and 6-8 written, individual assignments. Each assignment will have equal weight towards the final grade, with the exception of the final assignment which will count as double. Submission in Absalon.
Aid
All aids allowed
Marking scale
7-point grading scale
Censorship form
No external censorship
Several internal examiners
Criteria for exam assessment

See Learning Outcome.

Single subject courses (day)

  • Category
  • Hours
  • Lectures
  • 14
  • Practical exercises
  • 14
  • Project work
  • 164
  • Seminar
  • 14
  • English
  • 206

Kursusinformation

Language
English
Course number
NDAA09031U
ECTS
7,5 ECTS
Programme level
Full Degree Master
Duration

1 block

Placement
Block 4
Schedulegroup
A
Capacity
60
The number of seats may be reduced in the late registration period
Studyboard
Study Board of Mathematics and Computer Science
Contracting department
  • Department of Computer Science
Contracting faculty
  • Faculty of Science
Course Coordinator
  • Ken Friis Larsen   (8-6f6a70657677697244686d326f7932686f)
Saved on the 28-02-2022

Are you BA- or KA-student?

Are you bachelor- or kandidat-student, then find the course in the course catalog for students:

Courseinformation of students