7CCSMSEN: Security Engineering
Revised Agenda
Lorenzo Cavallaro
http://s2lab.kcl.ac.uk
Systems Security Research Lab – Cybersecurity Research Group Department of Informatics, King’s College London
Lorenzo Cavallaro (S2 Lab) 7CCSMSEN 1 / 5
Administrivia
Coursework & Exam
Coursework (aka practical assessments/challenges) CW0: Nov 8 – Nov 15
CW1: (tentative) w/c Nov 11 – Dec 20
A number of per-topic hands-on and hacking-oriented CTF-like challenges You may be asked to explain how you have solved the challenges Per-challenge marks range from 0 to 100
Normalized marks contribute to 30% of the overall exam mark
Lorenzo Cavallaro (S2 Lab) 7CCSMSEN 2 / 5
7CCSMSEN: Security Engineering Revised Agenda I
2pm–5pm @ Bush House Lecture Theatre 1 BH(S)1.01 – 50’ slot + 10’ break
W1 Sep 27, 2019: Introduction (+ AppSec) W2–W4 Oct 4, 11, 18 2019: AppSec
Memory errors vulnerabilities x86 asm primer
Code injection attacks
Other exploits
W5 Oct 25, 2019: NO CLASS (Instructor @ CyberSec AI) W6 Nov 1, 2019: NO CLASS (Reading Week)
W7 Nov 8, 2019: AppSec (cont.)
Code injection attacks (cont.) Format string vulnerabilities Defenses against memory errors
Lorenzo Cavallaro (S2 Lab) 7CCSMSEN 3 / 5
7CCSMSEN: Security Engineering Revised Agenda II
W8 Nov 15, 2019: NO CLASS (Instructor @ CCS)
W9 Wed Nov 20, 2019 at Stamford Street Lecture Theatre (Catch-up Lecture)
Defenses against memory errors (cont.)
Memory safety
Control flow integrity (tentative if we have time)
W9 Nov 22, 2019: Secure Software Development
Threat modeling
Security requirements Security principles
Case study – qmail or vsftpd
Lorenzo Cavallaro (S2 Lab) 7CCSMSEN 4 / 5
7CCSMSEN: Security Engineering Revised Agenda III
W10 Nov 29, 2019: Program Analysis
Static analysis
Symbolic execution
W11 Dec 6, 2019: Authentication & Authorization
Authentication Authorization Security models
W12 Dec 13, 2019: Revision Q&A / catch up
Lorenzo Cavallaro (S2 Lab) 7CCSMSEN 5 / 5