Then we will look at methods to protect the system against these exploits. The costs and limitations of these prevention methods will be assessed.
Finally, an introduction to computer virology will be given.
At the end of this learning unit, the student is able to :
|1||In view of the AA repository of the "Master  program in computer science, this course contributes to the development, acquisition and evaluation of the following learning achievements:
SINF6.1, SINF6.3, SINF6.4 T
he students that have successfully completed this course will be sensitive to cyber security and the protection of the information system.
They will be able to:
The objective of the course is to give an introduction to software security. We will first discuss the concepts of security and software attack. We will then analyze software vulnerabilities and we will study protections. Finally, an introduction to malware analysis will be presented.
- Introduction to notions of vulnerabilities, threats and attacks
- Introduction to fishing
- Introduction to privilege escalation
- Integer overflow
- Buffer overflow: assembler, protection and counterattack
- String format and vulnerabilities of C language
- Writing of "shellcode"
- Introduction to static and dynamic analysis of malware
- Honey pots
- Dynamic memory analysis
- Packing and cracking
- External stakeholders: security at UCLouvain, at CISCO and at NVISO.
- Practical exercises on computers
- Lab: setting up traps, intrusion, malware analysis
Due to the COVID-19 crisis, the information in this section is particularly likely to change.Theory classes, practical classes. Seminar by external experts.
Due to the COVID-19 crisis, the information in this section is particularly likely to change.On first session:
- an exam for 60% of the final mark
- two works for 40% of the final grade
- INGI2347 is an introduction to network and application security.
- INGI2144 is an advanced course on application security.
- computer systems and programming. It is not necessary to follow INGI2347 in order to follow INGI2144
- Students who do no know whether their background allows them to attend the course (e.g. students from ELEC, ELME or MAP) should contact the lecturer.
Disponible sur moodle.
In the first session: Students who wish can keep the points for their two assignments. They also have the opportunity to take an oral exam on the whole subject. In the latter case, the assignments count for 40% and the oral exam for 60%. In the second session: an oral exam (theoretical and practical) on the whole subject.