《计算机安全》实验教学大纲

课程代码

045102091

课程名称

计算机安全

英文名称

ComputerSecurity

课程类别

选修课

课程性质

选修

学时

16

学分

2.5

开课学期

第五学期,第七学期

开课单位

计算机科学与工程学院

适用专业

网络工程,计算机科学与技术

授课语言

中文

先修课程

计算机网络,操作系统,数据库

毕业要求(专业培养能力)

本课程对学生达到毕业要求有如下贡献:

1.(工程知识)掌握扎实的计算机安全基础知识,掌握相关安全技术和工具,能够将工具应用于解决复杂的计算机安全问题。

2.(问题分析)能够应用计算机安全的基本原理和技术,并通过文献研究分析复杂的安全问题。

3.(设计/开发解决方案)能够设计针对复杂计算机安全问题的解决方案,或设计解决安全问题的工具。

4.(研究)能够针对计算机安全现状进行研究,提取和解决问题。

课程培养学生的能力(教学目标)

使学生对计算机安全获得全面的理解和掌握,包括:了解计算机面临的主要安全威胁;掌握计算安全的基本概念、原理和方法;了解计算机安全系统的设计方法;利用所学知识实施和构建安全防范体系和安全系统。

课程简介

通过以下实验,帮助学生掌握计算机安全的有关理论,原理,开发与使用相关技术。

1.利用CryptoAPI实现密码学的简单应用

2.网络嗅探抓包工具的使用

3. 缓冲区溢出实验

4. Snort工具的使用

主要仪器设备与软件

密码函数库:CryptoAPIV2.0函数库;操作系统:支持CryptoAPI的系统,Windows 2000/XPC++编译器;VisualC++ 6.0/Visual studio 2008

实验报告

说明实验原理(理念)并进行方案选择,阐明为什么要选择这个实验方案以及所采用方案的特点。并重点说明实验是如何实现的,包括:对实验工作的详细表述。要求层次分明、表达确切。

考核方式

1)本门实验课将结合出勤、实验操作以及实验报告等进行考核,其中出勤占实验课总评成绩的10%,实验操作占实验总评成绩的40%,实验报告占实验总评成绩的50%

2)本门实验课总评成绩占课程总评成绩的30%

教材、实验指导书及教学参考书目

[1]王清贤等,《网络安全实验教程》,电子工业出版社,2016

[2]刘嘉勇,《信息安全技术实验教程》,四川大学出版社,2007

[3]曹晟陈峥,《计算机网络安全实验教程》,清华大学出版社,2011

制定人及发布时间

徐玲玲,201955


《计算机安全》实验教学内容与学时分配

实验项目编号

实验项目名称

实验学时

实验内容提要

实验类型

实验要求

每组人数

主要仪器设备与软件

1

利用CryptoAP实现密码学的简单应用

4

掌握密码学的基本原理及密码学应用的基本原理;了解微软加密服务体系结构以及CryptoAPI体系结构;掌握CryptoAPI的使用方法,掌握加/解密、导入/导出密钥、签名/验证、消息摘要等函数的调用。

通过对CryptoAPI的学习,掌握CryptoAPI在编程中的使用;用CryptoAPI/解密文件;用CryptoAPI实现公开密钥加密;用CryptoAPI实现数字签名。

设计性

必做

1

密码函数库:CryptoAPIV2.0函数库;操作系统:支持CryptoAPI的系统,Windows2000/XP

C++编译器:VisualC++ 6.0/Visual studio 2008

2

网络嗅探抓包工具的使用

4

了解网络嗅探抓包工具sniffer(或Wireshark)的主要功能,以及其能处理什么网络问题。

用工具进行抓包协议分析,分析ARP攻击(ARP欺骗)实施过程。

验证性

必做

1

操作系统:Windows2000WindowsXP

工具:SnifferPro4.70.530Wireshark2.4.1.0

3

缓冲区溢出实验

4

掌握缓冲区溢出原理;了解基于堆栈的缓冲区溢出的调试方法。

编写一个能实现缓冲区溢出(堆栈溢出)的程序,在调试状态下查看寄存器和相应存储单元内容的变化情况。分析并解释缓冲区溢出的原因。掌握利用堆栈溢出进行攻击的原理,学习shellcode的编写和调试技术。

综合性

必做

1

操作系统:WindowsXP;编程语言:C++,其他语言也可(cc#java

4

Snort工具的使用

4

通过实验深入理解入侵检测系统与入侵防御系统的原理和工作方式,熟悉入侵检测系统snor,配置snort来使用规则集创建规则、给定指定攻击的特征。

综合性

选做

1

操作系统: WindowsXP


Computersecurity” Syllabus

CourseCode

045102091

CourseTitle

ComputerSecurity

CourseCategory

ElectiveCourses

CourseNature

ElectiveCourse

ClassHours

16

Credits

2.5

Semester

Fifth SemesterSevenSemester

Institute

Schoolof Computer Science & Engineering

ProgramOriented

ComputerScience and Technology, Network Engineering

TeachingLanguage

Chinese

Prerequisites

ComputerNetworkOperatingSystemDatabase

StudentOutcomes (Special Training Ability)

This course has the followingcontributions to students' graduation requirements:

1. Engineering knowledge:master solid basic knowledge of computer security, relatedsecurity technologies and tools, so as to solve complicatedsecurity problems.

2. Problem analysis: using thebasic principles and techniques of computer security, combiningwith references, analyze complicated security problems.

3. Design/developmentsolutions: design solutions or tools to the complicated securityproblems.

4.Research: propose and solve problems after analyzing the researchstatus of computer security.

TeachingObjectives

Throughexperiments, we require students master the relevant theories andprinciples of computer security, and master the relatedtechnologies of computer secure development and application.Therefore, the content of the experiment is mainly combined withthe above content.

CourseDescription

Thiscourse is an experimental course of computer security principlesand techniques, which includes the following experiments:

1.Using CryptoAPI to realize simple application of cryptology;

2.The Use of network sniffing tool;

3.Buffer overflow experiment;

4.Use of Snort tools.

Instrumentsand Equipments

CryptoAPIV2.0Windows 2000/XP/7Visual C++6.0/Visual studio 2008


ExperimentReport

Explainthe experimental principle and scheme, and explain why we shouldchoose the experimental scheme and the characteristics of theadopted scheme. It focuses on how the experiment is achieved,including a detailed description of the experiment. Therequirements are clear and exact.

Assessment

1. the experiment course will combine the attendance, experimentaloperation and experimental report assessment, including attendancegrades experimental class accounted for 10%, accounting for theoverall results of experiment 40%, experiment report forexperimental grades 50%.

2. the experiment course grades for courses grades 30%.

TeachingMaterials and Reference Books

[1]WangQingxian,NetworkSecurity Experiments,Electronicsindustry Press, 2016

[2]Liu Jiayong,InformationSecurity Technology Experiments,SichuanUniversity Press, 2007

[3]Cao Sheng, ChenZheng,《ComputerNetwork Security Experiments,Tsinghua University Press, 2011

Preparedby Whom and When

XuLingling, 5thMay 2019

Computersecurity” ExperimentalTeaching Arrangements


No.

ExperimentItem

ClassHours

ContentSummary

Category

Requirements

Numberof StudentsEach Group

Instruments,Equipments and Software

1

UsingCryptoAPI to realize the simple application of cryptography

4

Masterthe basic principle and application of cryptography; Microsoftencryption service architecture and CryptoAPI architecture; masterthe use of CryptoAPI master encryption/decryption, import/exportkey signature/verification, message digest function call.

Throughthe study of CryptoAPI, master the use of CryptoAPI inprogramming; encrypt/ decrypt files with CryptoAPI; implementpublic key encryption with CryptoAPI; implement digital signaturewith CryptoAPI.

Design

Compulsory

1

Cryptographiclibraries: CryptoAPI V2.0 libraries; operating systems: systemsthat support CryptoAPI, Windows, 2000/XP;

C++compiler: Visual C++ 6.0/Visual Studio 2008

2

Useof SnifferorWireshark

4

Understandthe main functions of the well-known protocol analysis softwaresniffer (or Wireshark), and what network problems sniffer canhandle.

Captureprotocol analysis using sniffer, analysis of the ARP attack (ARPspoofing) implementation process.

Verification

Compulsory

1

Operatingsystem: Windows 2000, Windows XP;

Tools:SnifferPro4.70.530Wireshark2.4.1.0

3

Bufferoverflow

4

Graspthe principle of buffer overflow; understand the debug method ofstack based buffer overflow.

Writea program to achieve buffer overflow (stack overflow), in thedebug state to view the register and the corresponding storageunit content changes. Analyze and explain the reason for bufferoverflow. Grasp the use of stack overflow attack principle,learning shellcode writing and debugging techniques.

Comprehensiveness

Compulsory

1

Operatingsystem: Windows XP; programming language: C++, other languages canalso be (C, c#, Java)

4

Useof Snort tools

4

Throughexperiments, we deeply understand the principles and workingmethods of intrusion detection system and intrusion preventionsystem, familiarize ourselves with intrusion detection systemsnor, configure snort to use rule set to create rules and give thecharacteristics of specified attacks.

Comprehensiveness

Elective

1

Operatingsystem: Windows XP;