Lectures
| 1-up | 4-up | Topic | Video |
| Lecture 01 | Lecture 01 | Introduction | Intro, software, gcc |
| Lecture 02 | Lecture 02 | The stack | 1, 2, 3, 4, 5, 6 |
| Lecture 03 | Lecture 03 | Linking | 1, 2, 3, 4 |
| Lecture 04 | Lecture 04 | Processes | 1, 2, 3 |
| Lecture 05 | Lecture 05 | Insecure C | 2, 3, 4 |
| Lecture 06 | Lecture 06 | Shellcode | 1, 2, 3 |
| Lecture 07 | Lecture 07 | Defences | 1, 2, 3 |
| Lecture 08 | Lecture 08 | Permissions | 1, 2, 3, 4, 5, 6 |
| Lecture 09 | Lecture 09 | Guidelines | 1, 2, 3 |
| Lecture 10 | Lecture 10 | Integers | 1, 2, 3, 4, 5, 6 |
| Lecture 11 | Lecture 11 | Arc injection | 1, 2, 3, 4 |
| Lecture 12 | Lecture 12 | Web security | 2, 3 |
| Lecture 13 | Lecture 13 | Web security | 1, 2, 3, 4 |
| Lecture 14 | Lecture 14 | Web security | 1, 2, 3, 4, 5 |
| Lecture 15 | Lecture 15 | Security policy | No video |
| Lecture 16 | Lecture 16 | Access control | 1, 2, 3 |
| Lecture 17 | Lecture 17 | Bell-La Padula | 1, 2, 3, 4 |
| Lecture 18 | Lecture 18 | Common criteria | 1, 2, 3, 4, 5 |
| Lecture 19 | Lecture 19 | Auditing | 1, 2, 3 |
| Lecture 20 | Lecture 20 | Auditing | 1, 2 |
| Lecture 21 | Lecture 21 | Summary | No video |
Labs
Lab #01, video [Process layout]Lab #02 [Vulnerabilities]
Lab #03 [Shellcode]
Lab #04 [Revision]
Lab #05 [Permissions]
Lab #06 [Integers]
Lab #07 [Defences]
Lab #08 [Revision]
Lab #09 [Web security]
Lab #10 [Lab exam]
Lab #11 [Auditing (optional)]
Lab exam
Microsoft virtual labs
SEED labs
Lab exam
- The exam takes place Tuesday 8 December in LG.25
- The exam is worth 15% of your overall mark
- Arrive by 11am
- The exam will last 2 hours
- You will receive a temporary username and password on the day
- On logging in open exam.txt (it contains the questions)
- In the same directory you will also find a set of C files
- Some answers go directly into exam.txt and others involve making changes to the C files
- Questions cover skills acquired doing labs 1-7
- Bring along whatever printed materials you require
- Bring along your student ID card
- No sharing of materials allowed
- No use of laptops allowed
- No Internet access allowed
- No USB devices allowed
- You will not have access to your home directory
- Remember to save your work as you go along
- If you are stuck write down how were attempting to solve the problem
- If you miss the lab exam due to illness, submit a sick note to cover your absence and you can repeat it next summer
Tutorials
UnixArc and heap overflow attacks
Integers
Web security
Access control
Bell-La Padula
Common Criteria
Auditing
VMWare
If you do not want to go to the trouble of installing gcc yourself a VMWare appliance with gcc-3.4.6 already installed is available for download here. The image is 1.5Gb in size so download it on our network. The virtual machine is configured to use the School of Computing's network. Usernames (and corresponding passwords) are student and root. To unpack the appliance you will need the software available here. To use it you will have to install the free VMWare Player.
FAQ
Q. How do I unpack the appliance?
A. You can use the software available
here.
Q. How do I change the keyboard layout in Linux?
A. Go to Applications->System->Configuration->
Configure X11 System (Sax2). From there select keyboard
and configure it appropriately.
Q. How do I disable/enable address space randomisation?
A. sudo /sbin/sysctl kernel.randomize_va_space=0|1.
Q. How do I do so permanently?
A. Add kernel.randomize_va_space=0 to /etc/sysctl.conf
and reboot.
Assignments
Continuous assessment results
ResultsAssignment 01 solution
Lab exam solution