NWI-IPC025
Hacking in C
Course infoSchedule
Course moduleNWI-IPC025
Credits (ECTS)3
CategoryPB (Propaedeutic)
Language of instructionEnglish
Offered byRadboud University; Faculty of Science; Informatica en Informatiekunde;
Lecturer(s)
Lecturer
dr. ing. P.J.M. van Aubel
Other course modules lecturer
Lecturer
prof. dr. P. Schwabe
Other course modules lecturer
Coordinator
prof. dr. P. Schwabe
Other course modules lecturer
Contactperson for the course
prof. dr. P. Schwabe
Other course modules lecturer
Academic year2017
Period
KW3  (05/02/2018 to 15/04/2018)
Starting block
KW3
Course mode
full-time
Remarks-
Registration using OSIRISYes
Course open to students from other facultiesYes
Pre-registrationNo
Waiting listNo
Placement procedure-
Aims
After the course students can:
  • explain how standard C data types are represented, and write C programs to inspect and manipulate these representations
  • explain how the stack and heap are used to allocate data in C programs
  • write C programs that makes use of pointers and pointer arithmetic
  • explain how the stack is used to administer procedure calls
  • explain how buffer overflows work
  • explain some of the countermeasures against these vulnerabilities, how these work, and apply some of them
  • develop simple exploits for code with buffer overflow weaknesses.
Content
Most security problems have their origin in software, esp.  software that is accessible via the internet. This course is about software security vulnerabilities, standard types of such vulnerabilities, what the causes are, what can be done about them and how they can be detected and exploited.
This course concentrates on typical security problems in C(++) programs and machine code, related to memory management: buffer overflows (on heap and stack), integer overflows, and format string attacks.
Literature
Online, distributed via Blackboard. Optionally, students can use Chapter 3 of Introduction of Computer Security, by Michael Goodrich & Roberto Tamassia , Pearson New International Edition, ISBN 10: 1-292-025490-9, ISBN 13: 9781292025407, 2013. Buying the book for this course is not necessary, but the book is used in other security courses, notably Software en Web Security 2.

Teaching formats
• 16 hours computer course
• 16 hours lecture
• 52 hours individual study period

Extra information teaching methods: The course consists of lectures that explain the principles, and a computer lab where students work with the problems in practice, by writing and exploiting C programs.

Additional comments
This course is taught in English.

Topics
• representatie of data in C
• allocatie of data on stack and heap
• pointers, malloc, calloc, free, and pointer arithmetic
• organisation of information on the stack
• buffer overflows (heap- and stack-based), format string attacks and integer overflows
• simple prevention, detection (both dynamic and static) and exploitation of such weaknesses

Test information
Project work and written exam.

Prerequisites
Processoren and Imperatief Programmering

Required materials
Blackboard
Necessary materials will be posted on the course website.

Recommended materials
Book
Studenten can also use chapter 3 from "Introduction of Computer Security", by Michael Goodrich & Roberto Tamassia, Pearson New International Edition.
ISBN:9781292025407

Instructional modes
Course

Lecture

Practical computer training

Zelfstudie

Tests
Tentamen
Test weight1
OpportunitiesBlock KW3, Block KW4