With the increase in the threat of cyber-security attacks, it is important to develop computer systems that are not only efficient but also secure. This course will discuss various vulnerabilities in systems and mechanisms by which these vulnerabilities can be mitigated. The first part of the course will discuss various security vulnerabilities in software code that, if left unfixed, can potentially lead to major cyber-attacks. We will see how these vulnerabilities can arise from simple programming flaws like a buffer that overflows, to complex application runtime characteristics that get manifested through side-channels such as the execution time and power consumption of the device. We will look at some recent cyber-attacks such as Meltdown and Spectre, Heartbleed, and Stagefright. The pre-requisites are a good understanding of C and a basic understanding of computer organization and operating systems.
INTENDED AUDIENCE :BTech/BE/ME/MTech/MS/MCA/BCA studentsIn computer science/information technology/electrical engineering / electronics engineering /instrumentation engineering PREREQUISITES : C programming must be strongMinimum understanding of digital logic /operating systems/computer organization INDUSTRY SUPPORT :All companies developing embedded products /IoT etc.
Week 1: Introduction / gdb / buffer overflow Week 2: Preventing buffer overflow based malware Week 3: Integer overflow and buffer overread and heap overflow Week 4: More on heap overflow; Access Control Week 5: Confinement Week 6: SGX and Trustzone Week 7:Micro-architectural Attacks Week 8: Hardware Security.