Computing Systems Security

Code

11161

Academic unit

Faculdade de Ciências e Tecnologia

Department

Departamento de Informática

Credits

6.0

Teacher in charge

Henrique João Lopes Domingos, José Augusto Legatheaux Martins

Weekly hours

4

Total hours

56

Teaching language

Português

Objectives

The course aims at the acquisition of the knowledge and the know-how required to deal with the several facets of security in software projects, namely security requirements, properties, foundations, mechanisms and security services in computing systems, as well as the domain of techniques for systems development, and while managing and operating secure computing systems.

Prerequisites

Pre-Requisites

As prerequisites students should have previous acquaintance and knowledge bases to design algorithms, programming, theoretical foundations and practice on computer networks and principles of operating systems.

Lab work and practical work-assignments require good skills in Java Programming and autonomy to use Java programming tools and IDEs (for example: Eclipse or Netbeans), as well as, practice in internetworking programming with socketd TCP/IP and Web/HTTP environment.

However, for students that are more familiar with other technologies the work-assignments are also feasible in other optional environments (for example: Windows Operating Systems, Visual Studio .Net or C# Programming language).

Subject matter

• Overview: concepts and terminology. Attacks and security properties. Security mechanisms and services; Distributed computing security model: Network security model and computer-based security model. Adversary model definition. Trust computing bases; Security frameworks and standardization. Secure channels. Ehical and legal issues.
• Cryptographic tools: foundations and techniques. Symmetric encryption. Asymmetric cryptography. Secure hash-functions. Message authentication codes. Digital signatures. Combined use of different cryptographic methods.Cryptographic protocols.
• Authentication. User authentication. Authentication protocols. Authentication and key-distribution. Kerberos Authentcation Service. OAuth Protocol. X509 Authentication and Public Key Infrastructures.
• Access Control. Access control models and case studies. DAC model. Case study: File systems and Process management. RBAC model and examples.
• Network Security: TCP/IP security stack and security applications: TLS and HTTPS; SSH, PGP and S/MIME. 
• Intrusion Prevention and Intrusion Detection. Host-based IDS, Network-Based IDS and Distributed Systems Intrusion Detection. Case studies: Honeypots and Snort
• Software security.Types of malicious software; Viruses and types of contrameasures. Worms, Bots and Rootkits

Bibliography

Reference book

• William Stallings, L. Brown, Computer Security - Principles and Practice, Pearson/Prentice Hall, 2nd Edition, ISBN-10: 0132775069, 2012
• William Stallings, Network Security Essentials - Applications and Standards, Prentice Hall, 5th Edition, ISBN-10: 0133370437, 2014

Other references

• Dieter Gollmann, Computer Security, 3rd Edition, J. Wiley & Sons, ISBN 978-0-470-74115-3, 2011
• Charles P. Pfleeger, S. Pfleeger, Analysing Computer Security - A Threat / Vulnerability / Countermeasure Approach,  Pearson Education, ISBN 978-0-13-278946-2, 2012
• William Stallings, Cryptography and Network Security, 6th Edition, Pearson International Edition, ISBN: 0133354695, 2013
• S. Oaks, Java Security, O''''Reilly, 2nd Edition, 2001
• OWASP - The Open Web Application Security Portal: Java Security (www.owasp.org)

Teaching method

The course is organized in lectures for presenting and discussing foudations, concepts, principles, paradigms,  techniques or algorithms.

Labs are organized for presenting computer and network security techniques (following the program), involving the demonstration of such techniques or related components. Some sessions are planned for discussing practical solutions on proposed problems, as well as support for implementation of the assessment projects or work-assignments.

Evaluation method

Components

• T1, T2: two mid-term tests (each test is 30% of the final assessment).
• WA1, WA2: two work-assignments, (each one is 10% of the final assessment).
• FMP: Final Mini Project (20% of the final assessment)
• E: Final Exam (Appeal)

Assessment of components

• Tests T1 and T2: rounded to the tenth of point (in a 0-20 scale)
• Tests with closed book and open book parts
• WA1, WA2 and FMP (in a 0-5 scale, 0.5 intervals).
• To obtain the grade with frequency is required a positive evaluation of all components above.

Final Assessment

To obtain the grade with frequency the final assessment (NF):

• NF = 30% (T1) + 30% (T2)+ 10% (WA1) + 10% (WA2) + 20% (FMP)

To obtain the grade with the final exam, the final assessment (NF):

Courses

• Computer Science and Engineering