Description:
The course provides an introduction to designing secure systems. It covers popular hardware, operating system, and application layer vulnerabilities.
Course Content:
- Unit 1 � Hardware Security Hardware Trojans and Detection � PUFs - Power Analysis Attacks and Countermeasures -Fault Attacks - Implementation Aspects of Crypto Algorithms (A case study of AES and ECC)
- Unit 2 � Micro Architectural Security Timing attacks and Covert Channels - RAM based attacks - Cold boot - Rowhammer
- Unit 3 � Operating System Security Stack Smashing Attacks - Dynamic Memory Allocation Attacks - Format String Vulnerabilities - return-to-libc attacks - ROP attacks - Side Channel Attacks in Operating Systems � Countermeasures - Non-executable stacks - Capability based Systems - Canaries - Malware Analysis Techniques
- Unit 4 � Application Security SQL Insertion - Shell Shock - Heart bleed bug
- Unit 5 � Formal Verification of Security Protocols Practicals � Power Analysis Attacks. Given power traces of an encryption system such as AES, the participants would need to build algorithms to determine the secret key. � Fault Attacks. Given a faulty and a fault free ciphertext, the participants would need to write code to determine the secret key. � Timing Attacks. In this assignment, participants would develop a timing attack on encryption systems like the RSA or/and AES. � Stack Smashing Attacks. The intent of this assignment is to understand stack smashing and how they can be used to develop malicious software. � Operating System Side Channels. Demonstrate an OS side channel attack. For instance, using memory footprints to determine the web page browsed.
Text Books:
Published work in IEEE and ACM will be used for this course
Reference Books:
