This course is designed to present the students a "host" centric approach to various aspects of computer software security. Broadly, the course would cover: Traditional multi-level security models (Bell La-Padula, Biba etc.), access controls, security in traditional computer programs and attacks against them (buffer/heap overflow attacks), defences against such attacks, writing secure programs (Secure Coding), Viruses/Malware and Trojans, OS level hardening, application and system level security primitives and APIs, cryptographic system primitives and APIs (how to (not) use (and break) them), system level authentication frameworks, introduction to allied topics-IDS, network security etc.
1. Students are able to comprehend and put to practice different forms of access control primitives in different software systems.
2. Students are able to identify software vulnerabilities especially those related to buffer overflows, and ways to overcome such vulnerabilities.
3. Students have hands on experience with different security primitives in modern Oses and platforms.
4. Students are able to use various libraries to achieve various security postures – e.g. confidentiality, integrity protection and authentication.