Course Title: 
Systems Security
Course Code: 
Year Taught: 
Postgraduate (PG)
School of Engineering
Cyber Security

"Systems Security" is a course offered in the second semester of M. Tech. in Cyber Security Systems & Networks program at School of Engineering, Amrita Vishwa Vidyapeetham, Amritapuri.

Security Goals, Secure Design Principles, Authentication, Linux Password scheme, Password Security, Privilege Escalation Attacks, Assembly Primer, Shellcoding, ELF File Format, Memory Exploits – Buffer Overflow, Off by one overflow, Format String Attacks, Integer Overflow, Return to Libc, Heap Overflow, Case Study of Local and Remote Attacks, Exploit Development with Metasploit, Web Security – HTML/DOM Refresher, JavaScript, Browser Security Model, Authentication and Session Management, Cookies, Same Origin Policy, Security Policy for Windows and Frames, Web Vulnerabilities - Cookie protocol problems, SQL Injection, XSS, CSRF, SSL/TLS Vulnerabilities, Session Hijacking, Guninski Attack, Defenses, Understanding Threats - Classification, Rootkits, Virus, Worm, Clickjacking, Phishing, Pharming, Exploit kits, Botnets, Defenses- ASLR, DEP, Stack Canaries, Secure Coding Techniques for C Programs, Trusted Execution Environment- Case Study on TrustZone, Security Vulnerability Tools , Static and Dynamic Analysis overview

  1. Neil Daswani, Christopher Kern, Anita Kesavan, “Foundations of Security, What Every Programmer
  2. Needs to Know”,Apress, 2007
  3. James C. Foster and Vincent T. Liu, “Writing Security Tools and Exploits”, Syngress Publishing
  4. Gary McGraw, John Viega, “Building Secure Software”, Addison-Wesley Professional, 2001.
  5. Jon Ericson, “Hacking: The Art of Exploitation”, Second Edition, No Starch Press, 2008, ISBN 978-1593271442
  6. Chris Anley, John Heasman, Felix Linder, Gerardo Richarte, The Shellcoder’s Handbook : Discovering and Exploiting Security Holes, Second Edition, Addison-Wiley, ISBN 978-0470080238