CS6570 - Secure Systems Engineering

Course Data :

Description:

The course provides an introduction to designing secure systems. It covers popular hardware, operating system, and application layer vulnerabilities.

Course Content:

  • Unit 1 � Hardware Security Hardware Trojans and Detection � PUFs - Power Analysis Attacks and Countermeasures -Fault Attacks - Implementation Aspects of Crypto Algorithms (A case study of AES and ECC)
  • Unit 2 � Micro Architectural Security Timing attacks and Covert Channels - RAM based attacks - Cold boot - Rowhammer
  • Unit 3 � Operating System Security Stack Smashing Attacks - Dynamic Memory Allocation Attacks - Format String Vulnerabilities - return-to-libc attacks - ROP attacks - Side Channel Attacks in Operating Systems � Countermeasures - Non-executable stacks - Capability based Systems - Canaries - Malware Analysis Techniques
  • Unit 4 � Application Security SQL Insertion - Shell Shock - Heart bleed bug
  • Unit 5 � Formal Verification of Security Protocols Practicals � Power Analysis Attacks. Given power traces of an encryption system such as AES, the participants would need to build algorithms to determine the secret key. � Fault Attacks. Given a faulty and a fault free ciphertext, the participants would need to write code to determine the secret key. � Timing Attacks. In this assignment, participants would develop a timing attack on encryption systems like the RSA or/and AES. � Stack Smashing Attacks. The intent of this assignment is to understand stack smashing and how they can be used to develop malicious software. � Operating System Side Channels. Demonstrate an OS side channel attack. For instance, using memory footprints to determine the web page browsed.

Text Books:

Published work in IEEE and ACM will be used for this course

Reference Books:


Pre-Requisites

Parameters

Credits Type Date of Introduction
4-0-0-0-8-12 Elective Jan 2017

Previous Instances of the Course


© 2016 - All Rights Reserved - Dept of CSE, IIT Madras
Website Credits