Course Description
Explores security-related aspects of host-based computer security. Covers the elements of systems that make them secure or vulnerable, defense architectures, forensics, reverse engineering, metrics, virtualization, and other topics. Conveys key concepts through hands-on examples.
Course Description
After completing this course, students should be able to:
- Describe how host and application security relates more generally to computer security
- Apply security concepts to the challenge of providing host and application security
- Describe the host environment and the way applications interact with the underlying host architecture
- Apply basic security concepts to the operating system in order to evaluate the functions provided by the OS from a security perspective
- Explain malware, its implications, and remediation strategies
- Analyze the threat of malicious code in different contexts, and apply this evaluation to the selection of remediation strategies
- Assess how the Web works from a client perspective, and apply this knowledge to web-based security threats for the client
- Describe common vulnerability types, and apply knowledge of the underlying architecture to analyze the dependencies that exist between vulnerability, OS, and architecture
- Explain some of the implications of the cloud and host virtualization
- Apply concepts learned to shape and evaluate security policies in a corporate environment
Week 1
Module: Introduction & Overview
Lecture: Introduction & Overview
Outcomes
After completing this module, students should be able to:
- Describe the goals and scope of this class
- Identify basic terms associated with host based security
Module: What is Security?
Lecture: What is Security?
Outcomes
After completing this module, students should be able to:
- Recognize security in the context of the host/application
- Explain the differences between confidentiality and integrity
- Deduce the impact of malice when analyzing a system
- Describe systems from the perspective of an attacker
Week 2
Module: How the Host Boots
Lecture: The Host: Boot Sequence
Lecture: The Host, Part 2
Outcomes
After completing this module, students should be able to:
- Describe the way modern computers boot
- Analyze the ways in which the boot sequence can be leveraged by an attacker
- Explain the role of trusted components in the boot sequence
Week 3
Module: How the OS Works
Lecture: Operating System Security, Part 1
Lecture: Operating System Security, Part 2
Outcomes
After completing this module, students should be able to:
- Describe common approaches for protecting memory and other resources
- Describe the common access control approaches in detail
- Explain why modern operating systems are designed the way they are
Week 4
Module: Vulnerabilities
Lecture: Vulnerabilities: How Things Go Wrong, Part 1
Lecture: Vulnerabilities: How Things Go Wrong, Part 2
Outcomes
After completing this module, students should be able to:
- List the different types of vulnerability that applications have
- Describe how a buffer overrun can be exploited
- Describe how return-oriented programming works
- Exploit different vulnerabilities
Week 5
Module: Malware History
Lecture: Malware History
Outcomes
After completing this module, students should be able to:
- Place current events in malware in their historical perspective
- Describe the evolution of malware from the very beginning of the problem
Module: Computer Viruses
Lecture: Computer Viruses: The Art of the Attacker
Outcomes
After completing this module, students should be able to:
- Describe how boot viruses work
- Describe how parasitic file viruses work
- Describe how stealth works for malware
- Describe how polymorphism and metamorphism work
Week 6
Module: Virus Defense
Lecture: Virus Defense
Outcomes
After completing this module, students should be able to:
- Contrast benefits and disadvantages of different protection schemes
- Explain how scanners work
- Explain how stealth and polymorphism impact the defender
- Describe heuristics, checksumming, and generic detection
Module: Case Study: Web Security, Part 1
Lecture: Case Study: Web Security, Part 1
Outcomes
After completing this module, students should be able to:
- Explain, from a client perspective, how the Web works, with particular emphasis on state
- Exploit simple XSS vulnerabilities
- Analyze an application and determine how it poses risk to the client
- Enumerate and explain the different primary sources of vulnerability
Week 7
Module: Case Study: Web Security, Part 2
Lecture: Case Study: Web Security, Part 2
Outcomes
After completing this module, students should be able to:
- Explain, from a client perspective, how the Web works, with particular emphasis on state
- Exploit simple XSS vulnerabilities
- Analyze an application and determine how it poses risk to the client
- Enumerate and explain the different primary sources of vulnerability
Module: Virtualization
Lecture: Virtualization
Outcomes
After completing this module, students should be able to:
- Describe how OS virtualization works
- Describe issues that impact the development of economic models for security and explain how corporate culture can affect economic decision making
Week 8
Module: Management of the Host
Lecture: Management, Part 1
Lecture: Management, Part 2
Outcomes
- Apply lessons learned to the problem of security for hosts within the enterprise
- Describe different levels of risk
The course description, objectives and learning outcomes are subject to change without notice based on enhancements made to the course. November 2013