Network and Computer Systems Security

Code

11619

Academic unit

Faculdade de Ciências e Tecnologia

Department

Departamento de Informática

Credits

6.0

Teacher in charge

Henrique João Lopes Domingos, José Augusto Legatheaux Martins

Weekly hours

4

Total hours

52

Teaching language

Português

Objectives

Know-how skills

• Concepts, terminology and security services in reference standards for secuirty frameworks for computer networks and systems security
• Methods, algorithms, tools and techniques for applied cryptography and use of cryptographic methods for the design of security mechanisms and services for computer networks, computer security and security services for distributed systems.  
• TCP/IP security stack: applications and standards
• Operating system-level security and security layering with virtualization techniques
• Systems security: Intrusion detection, intrusion prevention and solutions for perimeter defenses 
• Trusted computing: software stack attestation, trusted execution environments and hardware-enabled solutions

Application skills

• Programming with cryptographic algorithms, libraries and tools
• Design, implementation and experimental evaluation of security protocols and services for internetworked applications
• Design and implementations of secure services for internet-based large-scale distributed systems
• Operation and setup of security services and mechanisms for operating system level security and virtualization of software services’ stacks.
• Design and implementation of services for secure data-management and privacy-enhanced data protection
• Design and implementation of security services and solutions for intrusion detection 

Prerequisites

Prior knowledge on:

• Foundations of computer networks, protocols and services, particularly standard protocols and services in the TCP/IP stack;
• Foundations, principles and programming paradigms for the design and operation of distributed systems and applications
• Operating systems foundations

Previous practical skills on programming and use of software development tools  are strongly  recommended (ex, Eclipse IDE or any other programming environment) and practice with programming languages (ex., Java, Go or C#). It is also required initial experience in using UNIX-based systems (ex, Linux distributions or Mac-OS), as well as the use and setup of virtualization environments (ex, VBox or VMware), or containerized software components (ex, Docker). Previous practice in TCP/IP and distributed systems programming (using sockets and REST or WebServices) is strongly recommended for the development of mini-projects and work-assignments.

Subject matter

Topics (summary)

• Introduction
• Security foundations for computer networks and distributed systems
• Applied cryptography: algorithms, techniques, tools and stamdards for cryptographic constructions 
• Authentication systems and services
• Access control systemas, models and mechanisms; AAA Systems
• TCP/IP security stack: standards, protocols, applications and  services
• Systems security: operating system security, virtualization, intrusion prevention and detection, software attestation and trusted computing environments

---

Detailed program

1. Introduction

2. Security foundations for distributed systems and computer networks security

• Security Frameworks: standards, concepts and terminology
• ISO 27000, OSI X.800, IETF e NIST/FIPS PUB
• Security models for internetworked systems 
• Secure communications: secure channels and TCP/IP security
• Perimeter defenses
• Systems security: computer security, software attestation and trusted comuting

3. Applied cryptography: algorithms, techniques and cryptographic tools

• Symmetric encryption: algorithms, standards and secure constructions 
• Asymmetric cryptography: algorithms, standards and secure constructions
• Secure hash functions and methods for message-authentication coding 
• Digital signatures: standards and secure constructions for qualified signature proofs
• Other cryptosystems: identity-based cryptography, secret-sharing and threshold cryptography and homomorphic encryption
• Distribution, establishment and management of security associations and keys
• Secure channels
• Establishment of secure channels with zero-knowledge proofs (ZKP)

4. Authentication systems and protocols

• Simple authentication protocols: PAP, CHAP and RADIUS
• Kerberos (V4/V5)
• X509 authentication: X509v3 certification and PKI frameworks
• User authentication
• Authentication proofs, factors and technology: multifactor authentication systems
• Oauth and XACML authentication services
• Authentication and identity-management: Federated identity management (FIM), Single Sign On systems (SSO) and AAA Systems: OpenID and SAML case studies.

5. Access Control 

• Access control and policy models 
• MAC, DAC, RBAC, ABAC e CBAC models
• Access control and complete mediation enforcements
• Permissions: definition and control mechanisms: ACLs, matrix-mechanisms and capability-tickets or cookies. Case-studies.

6. TCP/IP security: protocols, services and standards

• WEB security and HTTPS
• TLS and TLS subprotocols: RLP, Handshake, CCSP, AP and HB
• SSH suite
• IPSec, IPSec modes and IPSec subprotocols: ESP, AH, IKE and ISAKMP
• Virtual Private Networks and encapsulation technology
• Access channels, LAN and WLAN security: EAP,  802.1x e 802.11i
• Security at IP routing level: SBGP
• Email security protocols and standards
• POP3S, IMAPS, SMTPS, S/MIME, PGP, DKIM e DMARC
• DNS security: DNSSEC

7. Systems security

• Operating system security
• Security with virtualization: OS Virtualization and SW isolation with containerized environments
• Perimeter defenses: Techniques, technology and solutions
• Intrusion prevention and intrusion detection systems: HIDS, NIDS, Hybrid Intrusion Detection and Honeypots
• Attestation of software stacks
• Trusted computing technology and trusted execution environments (TEE)

Bibliography

Main references

• W. Stallings, Network Security Essentials - Applications and Services, Pearson, 6/E, 2017
• W. Stallings, L. Brown,  Computer Security: Principles and Practice, Pearson 4/E, 2014

Additional References 

Teaching method

Obs) The course can be taught in English or in Portuguese languages, according to the audience and registered students.

The course is organized in lectures for presenting and discussing foudations, concepts, principles, paradigms,  techniques or algorithms.

Labs are organized for presenting computer and network security techniques (following the program), involving the demonstration of such techniques or related components and developmengt of practical work assignmentsm including the mandatory assessment assignments. Some sessions are planned for discussing practical solutions on proposed problems, as well as support for implementation of the assessment projects or work-assignments.

Evaluation method

• 2 frequency tests (midterm): T1, T2
• Cover the program topics/bibliography
• Tests with 2h30m (ref)
• 1h-1h30m: closed book questions
• 1h-1h30m: open book questions (printed and individual sources)

• 2 Work-Assignments as mini-projects: TP1,  TP2
• Developed in workgroups of two students
• Evaluation includes: development, completness, quality, correctness and evalation
• Students can be scheduled for oral demontration and discussion.

Courses

• Computer Science and Engineering