PROGRAM


Please do not contact instructors on their personal email id. In case of any question, see faq or email at summerschool@cse.iitk.ac.in.

All classes will be held in classroom KD-101, CSE only from 27th May - 07th June.

Module Name Instructor Name Time of the Modules
Cyber Security
Show Details

About Course

Cyber Security is the area comprising of tools, technologies and practices that are designed to protect sensitive data, networks and systems from malicious intents and unauthorized access. We do wide range of activities online including banking, shopping and even connecting with other people. Software systems in places to help facilitate these activities have loop holes and over the years malicious persons have taken advantage of such loopholes either financially or mischievously. This course aims to familiarize participants with security loopholes in systems and also to familiarize themselves with tools, techniques and practices that can help them defend against such loopholes. Primary focus of the course will be Web Security, Network Security and Systems Security. Sessions will be more like workshops where participants will be encouraged to do things themselves that are taught rather than just listening.

Objective

We assume that significant audience of this course will be either Non-IITK students or Non-CSE IITK students. We will try to keep the prerequisite to a bare minimum. Computer security is a very vast field and it's hard to cover it properly even in a full-semester course. Very short duration of the course and lack of prerequisites limits us in covering a single topic in much technical depth. We plan to make it a practical course with each session containing hands-on/demo/casestudy. This will ensure that even a non-CSE student can also connect with it. Prerequisites Some familiarity to Linux. We can even cover installation part in the first session.

Proposed Plan

Below is a 10-session proposed-plan which mainly focuses on computer security in general, web security and network security.

  1. Introduction Comptuer Security basics, intro to CVEs(Common vulnerabilities and Exposures), interesting vulnerabilities, attacks and bugs of recent times, marketplace for bugs.
  2. Web Security 1
    • Basics: IP addresses, ports, html, http, https, status bar
    • Hands-on: Bruteforcing password using Burp Suite, more sophisticated Rainbow Table attack
  3. Web Security 2
    • Introduction: CSS, Javascript, Browsers, DOMs, Authentication using Cookies
    • Web Attacks: XSS(Cross Site Scripting)
    • Hands-on: Session hijacking(Cookie stealing)
  4. Web Security 3
    • Basics: SQL
    • Web Attacks: CSRF(Cross Site Request Forgery), SQL injection
    • Case study: Myspace worm, AirBnB XSS+CSRF vulnerability
  5. Network Security 1
    • Basics: TCP/IP protocol stack, DNS, UDP
    • Hands-on: Network packet analysis using Wireshark
  6. Network Security 2
    • Basics: OSPF, BGP, Autonomous Systems
    • Case studies: Guadalajara-Washington DC path hijack, DoS attacks, Youtubepakistan mishap, DNS cache poisoning
  7. Network Security 3
    • HTTPS, SSL/TLS, Certificates, HTTPS in the browsers, Lock icon, problems with SSL
    • Case study: POODLE, Heartbleed (SSL/TLS vulnerabilities)
    • Hands-on: Testing websites for TLS vulnerabilities (using one of many available tools)
  8. Computer Security 1
    • Bugs in softwares. Basic introduction to buffer/integer overflows
    • Fuzz testing, Valgrind
    • Hands on: Memory leak checking with Valgrind
  9. Computer Security 2
    • Principle of Least Privilege, Confinement and Isolation, Chroot Jail, Virtual Machines, Dockers, Android Permissions
    • Demos: 1)Isolation and confinement in a simple Online Judge, 2) Dockerized Microservices Architecture example with a Java movie review WebApp
  10. Computer Security 3
    • Unix permissions, passwd and Shadow Files, Salts, Access Control in Windows
    • Intrusion Detection Systems, Malwares
    • Honeypots, Firewalls, Sandboxes
    • Demo: WannaCry demo in Cuckoo Sandbox

Fenil Fadadu
4-5:30 PM
Introduction to Machine Learning    
Show Details

Supervised Learning:

  1. Linear regression
    • Maximum likelihood estimation
    • Regularization/Maximum a posteriori estimation
  2. Logistic regression/ Classification
    • Gradient Descent
    • Multiclass classification
  3. Support Vector Machine
    • Duality
    • Hard/Soft margin SVM
Unsupervised Learning:
  1. Clustering
    • K-means Hard / Soft
    • Expectation Maximization
  2. Principal Component Analysis
    • Singular value decomposition
Non-linear methods:
  1. Decision trees, Nearest Neighbours (on transformed features)
  2. Neural networks
    • Backpropagation
    • Dropout
    • CNN, RNN
  3. Kernel learning
    • regression, SVM, k-means, k-NN
Ensemble methods:
  • Boosting and Bagging
  • Adaboost, Random Forest, Gradient boosting

Bhaskar Mukhoty

Shivam Bansal
6:00-7:30 PM
Small Scale System Development (For Web, Android and IoT Systems)
Show Details

Course Description
• This course is all about practical implementation of engineering.
• It's a project based course where learning takes place through practical
implementation of several live projects.
• In this course we will teach, how to develop
1) Web systems
2) Android Apps
3) IoT based systems
4) Architecture of small scale systems which integrate above listed
systems together
• Course content is designed in such a way that you will learn something new
even if you are new to programming.
• In this course we will
 Teach you technology.
 Teach you how to implement it as small scale system, which can be used
at home.
 Teach you how practical comes first than theory

Course Content

• Introduction to basic switching units (like GATES, MUX, DECODER, etc.) 
• Implementing these units to design a new circuit (like Adder)
• How to control the designed circuit using computer through microcontroller
  like Arduino.
• Introduction to web basics (HTML, JavaScript, PhP, etc.)
• Implementing these technologies to create small scale web applications.
• How to link our web applications with hardware designed in above phase.
• Introduction to Android.
• Migration from web applications towards app development.
• Controlling the designed hardware through app.
• Issues in system architectures.
• Quality Attributes and achieving them through Solution Architecture.
• Basics of System Architecture.
• Relating software engineering with software architecture.
• Course Project (for interested candidates only).
Note: 
-	Students who don't know programming can also join this course. 

-	We will make sure that by the end of the course they get some 
        depth in small scale system development and programming basics.

Siddharth Srivastava

8:00-9:30 PM

Registrations has been closed no further payments should be made.

Important Links
Local Information

Venue

KD-101, Kadim Diwan Building, Dept. of Computer Science, IIT Kanpur
Developed at CSE, IIT Kanpur