Course

Basic operating system concepts – Processes, Threads, Virtual memory, File system

Security Goals, Secure Design Principles, Authentication, Linux Password scheme, Password Security, Authorization – Access control, MAC, DAC, ACL, Capabilities, Information flow control, Privilege Escalation Attacks, constraining and sandboxing users and applications. Assembly Primer, Shell coding, ELF File Format. Memory Exploits – Buffer Overflow, Off by one overflow, Format String Attacks, Integer Overflow, Return to Libc, Heap Overflow, Exploit prevention mechanisms : stack canaries, Data Execution Prevention, Address Space Layout Randomization, bypassing DEP & ASLR. Trusted Execution Environment – Case Study on Intel SGX. Fuzzing – Types of fuzzers, Bug detection, Case study – AFL fuzzer. Vulnerability and exploit analysis: spectre, meltdown, foreshadow, dirty COW.

1. Andrew S. Tanenbaum, “Modern Operating Systems”, Fourth Edition, Pearson Education India, 2016
2. Neil Daswani, Christopher Kern, Anita Kesavan, “Foundations of Security, What Every Programmer Needs to Know”,Apress, 2007
3. James C. Foster and Vincent T. Liu, “Writing Security Tools and Exploits”, Syngress Publishing
4. Gary McGraw, John Viega, “Building Secure Software”, Addison-Wesley Professional, 2001.
5. Jon Ericson, “Hacking: The Art of Exploitation”, Second Edition, No Starch Press, 2008, ISBN 978-1593271442
6. Chris Anley, John Heasman, Felix Linder, Gerardo Richarte, The Shellcoder’s Handbook : Discovering and Exploiting Security Holes, Second Edition, Addison-Wiley, ISBN 978- 0470080238

• CO1.  A quick refresher to the fundamentals of Operating Systems
• CO2.  Describe security goals and principles which is used in designing a secure system(PO2, PSO2, PSO3)
• CO3. Explain the basics of system organization, assembly language and linux systemcalls. (PO3, PSO2, PSO4)
• CO4. Demonstrate the exploitation of Access control vulnerabilities and develop its mitigation (PO1, PO3, PSO1, PSO2, PSO3)
• CO5. Demonstrate buffer overflow attack,Format string attack and Return to libc attack with examples (PO1,PO2, PO3, PSO1, PSO2, PSO4)
• CO6. Explain the preventive mechanisms for different exploits (PO1,PSO1, PSO2)