COMPUTER SCIENCE AND ENGINEERING DEPARTMENT

IIT Kanpur

 

CS964: Introduction to Application Security, Mobile Security and Critical Infrastructure Security 

 

 

Instructor: 

Dr. Sandeep K. Shukla
 Computer Science and Engineering   Department

 

 


 

 

Major, Measurable Learning Objectives

 

Having successfully completed this course, the student will be able to:

 

  • Discover software bugs that pose cyber security threats, explain and recreate exploits of such bugs in realizing a cyber attack on such software, and explain how to fix the bugs to mitigate such threats
  • Articulate the urgent need for cyber security in critical computer systems, networks, and world wide web, and explain various threat scenarios
  • Articulate the issues of Cyber Security in Mobile Computing Systems such as Android 
  • Articulate the well known cyber attack incidents, explain the attack scenarios, and explain mitigation techniques
  • Articulate the cyber threats to critical infrastructures

 

  • Prerequisites and Co-requisites

 

Prerequisites for this course is a very strong programming background with knowledge of program run-time environment, usage of debuggers, and knowledge of shared libraries or dynamically linked libraries. Some knowledge of x86 assembly language or similar assembly language will be assumed. Some knowledge of Operating Systems especially memory management, virtual memory etc will be assumed. Prior familiarity with preliminaries of cyber security would be helpful but not required.  

 

 

  • Texts and Special Teaching Aids

 

 There is no specific text. We will provide all material via course website. All students are required to register on that website for this class. Most communications, assignments, course material will be only available via the course website. All class videos will also be available there.  

 

  • Syllabus

                                                                                                

            Here is a tentative syllabus for the course -- but this is not set in stone. Some topics may be excluded, and some other topics may be included depending on the progress of the course. 

 

 

 

 Application  Security [60%]

 

1.        Control hijacking attacks – buffer overflow, integer overflow, bypassing browser memory protection

2.        Sandboxing and Isolation

3.        Privilege, access control, and Operating System Security

4.        Tools and techniques for writing robust application software

 

 

Security in Mobile Platforms [20%]

  1. Android vs. iOS security model, threat models, information tracking, rootkits
  2. Threats to mobile applications, analyzers for Mobile Applications to discover Security vulnerabilities
  3. Android Security Architecture, TrustZone Architecture, SE Linux

 

Issues of Critical Infrastructure Security and SCADA Security

  1. Security Issues in Industrial Control Systems (ICS) and Operational Technology (OT)
  2. NIST Cyber Security Framework for ICS
  3. SCADA Security and Threat Models
  4. Intrusion Detection in ICS/OT systems

 

 

Module

Topic

No. of Hours

Introduction

Introduction to Application Security, Standards, Best Practices 

1

Application Security 

Control hijacking attacks – buffer overflow, integer overflow, bypassing browser memory protection

 

3

Sandboxing and Isolation

Privilege Escalation, Access Control, OS protections

5

Tools and techniques for writing robust application software page replacement policies

3

Mobile Security

 

Android vs. iOS security model, threat models, information tracking, rootkits

 

1

 

Threats to mobile applications, analyzers for Mobile Applications to discover Security vulnerabilities

1

 

Android Security Architecture, TrustZone Architecture, SE Linux

2

Critical Infrastructure Security 

Security Issues in Industrial Control Systems (ICS) and Operational Technology (OT)

 

NIST Cyber Security Framework for ICS

SCADA Security and Threat Models

 

Intrusion Detection in ICS/OT systems

 

4

Total 

 

20