Course

Syllabus

Program- processes- Binaries-Libraries- Concurrency control in OS and databases- Statistical inferencing in databases, Private information retrieval viewed as a database access problem. Privacy in data publishing, Virtual Private Databases- Access control in OS and databases- Access control Models – DAC- MAC- RBAC- SELinux – Sandboxing- SetUID Programs, Environmental variable based Attacks – Shellshock attack- Process memory organization- Stack management- Stack overflow – Runtime protection strategies, Return-to-libc, ROP, Format string vulnerabilities – File I/O Race conditions – TOCTOU – Dirty COW Attack – Virtualization techniques for security – Malware and its mitigation strategies- viruses, worms and Trojans- Rootkits- Ransomwares- Polymorphic malware- Fileless malware- AI-based malware- Packers – Trusted computing- TEE – SIEM- Auditing in Databases and OS- Zero Trust Security. 

Prerequisites

Basic knowledge on concurrency and access control. Practical experience in installation, monitoring, and troubleshooting of databases ( MySql, Oracle ) and operating systems ( Windows and Linux ) 

Course Outcome

CO-PO Mapping

1. Wenliang Du, Computer Security – A hands-on Approach , First Edition, Createspace Independent Pub, 2017 
2. M. Gertz and S. Jajodia, Handbook of Database Security-Applications and Trends , Springer, 2008. 
3. T. Jaeger, Operating System Security , Vol. 1 of Synthesis Lectures on Information Security, Privacy and Trust, Morgan & Claypool Publishers, 2008. 
4. W. Mauerer, Professional Linux Kernel Architecture , John Wiley and Sons, New York, 2008. 
5. R Anderson, Security engineering , John Wiley & Sons, 2008. 
6. Matt Bishop, Computer security: Art and Science , Vol. 2, Addison-Wesley, 2012.