Security Technologies (ETF RII TS 5955) |
|
General information |
|
Module title | Security Technologies |
Module code | ETF RII TS 5955 |
Study | ETF-B |
Department | Computing and Informatics |
Year | 2 |
Semester | 3 |
Module type | Elective |
ECTS | 5 |
Hours | 55 |
Lectures | 30 |
Exercises | 25 |
Tutorials | 0 |
Module goal - Knowledge and skill to be achieved by students |
|
| Module goal is to present theory, mechanisms, techniques and tools that can be used to improve information system security. Students will acquire knowledge that will enable them understanding and implementation of services for protection from attacks on data and information confidentiality, integrity and availability. | |
Syllabus |
|
| 1.Information systems security: Concept of security policy and trust. Confidentiality, integrity and availability. Information system security components. Economical aspects of security. <br> 2.Cryptography: Symmetric (secret) and asymmetric (public) key cryptosystems. RC4, DES, AES, RSA, ECC. Hash functions. Authentication. Electronic signature. Message integrity. Key management. Needham-Schroeder protocol. Kerberos. Key escrow. Shared secrets. Digital certificates. Public key infrastructure (PKI). Trust models. PGP. Electronic voting. Electronic money. <br> 3.Authentication: Passwords, challenge-response protocols, onetime passwords, Smart cards, biometric authentication. Trusted paths. Attacks: spoofing, phishing, sniffing, key loggers. <br> 4.Access control: Discretional (DAC) and mandatory (MAC) access control. Matrix models. Access control lists (ACL). Access recall. Multilevel security. Information flow. <br> 5.Attacks on availability: denial of service <br> 6.Network security: Insecurity of existing network protocols. E-mail, Web and wireless networks security. Firewall. IDS. Secure network protocols: SSL/TLS, S/MIME, IPsec, VPN, WEP, WPA <br> 7.Application security: Secure program development. Buffer overflow attacks and protection. Confinement and Sandboxing. <br> 8.Malware: Viruses, Worms, Trojans, Spyware, Spam, Hoaxes <br> 9.Physical security: Physical access. Power supply and radiation analysis. Tamper resistance. <br> 10.Human factor: Social engineering. Usability. Security education and user awareness. <br> 11.Formal information security models: Bell-LaPadula, Biba, Clark-Wilson models. Need-to-know. Least privilege. Separation of duties. Covert channels. <br> 12.Security engineering: Risk minimization or transfer. Due care & due diligence. Insurance role. Threats, risk models, robustness and reliability. Verification and evaluation: TCSEC, ITSEC and Common Criteria (ISO 15408). Security Management Practices. <br> 13.Laws, investigation and ethics: Computer misdemeanor and crime legislative. Copyright. Intellectual property right. Digital rights management. Forensics. Ethic. <br> |
|
Literature |
|
| Recommended | 1. Notes and slides from lectures (See Faculty WEB Site) <br> 2. M Bishop, "Introduction to Computer Security", Addison-Wesley, 2005. <br> 3. A.J. Menezes, et al.,"Handbook of Applied Cryptography", CRC Press, 1997. <br> 4. R. Anderson, "Security Engineering", Wiley, 2001. <br> 5. B. Schneier, "Applied Cryptography", John Wiley, 1996. <br> |
| Additional | |
Didactic methods |
|
| Students will learn about the theory, problems and applicative examples within thematic units, through lectures. Lectures consist of theoretical part, presentational descriptive examples, genesis and resolution of specific tasks. In this way, students will have basis for application of studied material in engineering applications. Additional examples and exam tasks are discussed and solved during the laboratory exercises. Laboratory practice and home assignments will enable students continuous work and knowledge verification. | |
Exams |
|
| During the course students will earn points according to the following system: <br> - Attending lectures, exercises and tutorial classes: 10 points, student with more than three absences from lectures, exercises and/or tutorials cannot earn these points; <br> - Home assignments: maximum of 10 points, assuming solving 5 to 10 assignments evenly distributed throughout the semester; <br> - Partial exams: two written partial exams, maximum of 20 points for each positively evaluated partial exam; <br> Student who during the semester earned less than 20 points must retake this course. <br> Student who during the semester earned 40 or more points will take a final oral exam; the exam consists of discussion of the problems from partial exams, home assignments and answers to simple questions related to course topics. <br> Final oral exam provides maximum of 40 points. To get a positive final grade, students must earn a minimum of 20 points at this exam. Students who do not earn this minimum will take a makeup oral exam. <br> Student who during the semester earned 20 or more points and less than 40 points takes a makeup exam. The makeup exam is structured as follows: <br> - Written part structured in the same way as a partial written exam, during which students solve problems in topics they failed on partial exams (achieved less than 10 points), <br> - Oral part structured in the same way as a final oral exam. <br> Only students who, after passing the written part of the makeup exam managed to earn a total score of 40 or more points, can take an oral makeup exam, where the score consists of points earned through attending classes, home assignments, passing partial exams and passing the written part of makeup exam. <br> Oral makeup exam provides maximum of 40 points. To get a positive final grade, students in this exam must earn a minimum of 20 points. Students who do not earn this minimum must retake this course. <br> |
|
Aditional notes |
|