Subject description - A4M33BIS

Summary of Study | Summary of Branches | All Subject Groups | All Subjects | List of Roles | Explanatory Notes               Instructions
A4M33BIS Information and System Security Extent of teaching:2P+2C
Guarantors:  Roles:  Language of
teaching:
CS
Teachers:  Completion:Z,ZK
Responsible Department:13136 Credits:6 Semester:Z

Anotation:

The goal of the course is to give the students a basic gasp of information/system security problems and solutions. Rather than teaching specific current technologies and vulnerabilities/threats, we will introduce general problems, formalize them if appropriate and illustrate them with a wide range of examples, both with current and legacy technologies. We put emphasis on problems that will be encountered by most programmers and developers through their careers.

Study targets:

Introductory course for network security. The goal is to acquaint the students with the elements of secure system design.

Course outlines:

1. Introduction, Security models, threat models (Anderson, Ch.1)
a. Security properties: confidentiality, integrity, non-repudiation, availability, ?
b. Methods: Authorization, Authentication, ciphering, replication?
c. Attacker/threat models: sophistication, resources, time
d. Assumptions
e. Security by obscurity vs. guaranteed system properties
2. Protocols and Access Control (I) (Anderson, Ch. 3)
a. Importance of protocol, assumptions
b. Why protocols, their properties
c. Attack surface, Attacks on protocols
d. API
3. Cryptography (I) (Anderson, Ch. 5)
a. Ciphering basics and terms - invertibility, key, plaintext, ciphertext...
b. Block/Stream ciphers
c. Vernam
d. DES, AES
e. Cipher modes, practicalities, side-channel attacks
4. Cryptography (II) (Anderson, Ch. 5)
a. Asymmetric cryptography (DH,EG,RSA)
b. Cryptographic hash functions
c. Electronic signatures
d. Certificates
e. WEP failures, A4/A8 failures
5. Protocols and Access Control (II) (Anderson, Ch. ¾, GSM/3GPPS spec,?)
a. Kerberos
b. Protocols for authorization, authentication, integrity, non-repudiation
c. GSM login, UMTS3G login
d. Banking, electronic transactions
6. Protocols and Access Control (III) (Anderson, Ch. 3/4/6)
a. SSL, MITM attacks, phishing
b. Key distribution, key distribution in wireless networks
c. Access control
d. Rights management - satellite broadcasts use-case
7. Multi-Level Security (Anderson, Ch. 8)
a. Bell-La Padua model
b. Technical solutions and implementations
c. Networking in MLS
d. Data pumps
e. SE Linux, security policies, access controls, policies and modifiers?
8. Multi-Lateral Security, Inference Security, Privacy (Anderson, Ch. 9)
a. Census data security
b. Workplace home pairs as a practical example
c. Location based services security
d. Social network mining
9. Steganography, Information hiding, covert channels (TBD)
a. Steganography introduction and motivation
b. Current problems
c. Steganography
d. Steganalysis
10. Economic Considerations (Anderson, Ch.7)
a. Game theory
b. Electronic marketplaces
c. Botnet economic model, e-crime economic models
d. Reputation systems, their strengths, attacks-on, misuse
11. Network Security (I) (Northcutt: Inside Network Perimeter Security)
a. Threat analysis
b. Attacks (vulnerabilities: e.g. buffer overflows, weak passwords,)
c. Transmission vectors,
d. Rootkits, malware
12. Network Security (II)( Northcutt: Network Intrusion Detection: An Analyst's Handbook)
a. Host security
b. Firewalls, network policies, routers, VPN, tunnels
c. Network monitoring, Intrusion detection
13. Monitoring and Attacks on Monitoring (Anderson, Ch.12)
a. Importance of monitoring
b. Monitoring phases: observation, data processing, recognition, decision, feedback action
c. Attacks on sensors
d. Attacks on cognition, misleading, confusion,?
e. Disinformation

Exercises outline:

1. Threat models and security analysis [1/2 labs]
2. Cryptography and protocols: [4/5 labs]
a. SSL connection bit-by bit, vulnerabilities, key management, algorithms and other issues
b. Protocols: GSM/3G networks, MITM, API security, access control
3. Multi-level security: SELinux, BLP model, defense in depth [3 labs]
4. Student`s choice [4 labs]:
a. Steganography
b. Network security

Literature:

Ross Anderson, Security Engineering 2nd/1st edition (major part available online), chapter numbers refer to second edition Northcutt: Inside Network Perimeter Security Northcutt: Network Intrusion Detection: An Analyst's Handbook

Requirements:

no formal requirements, basic knowledge of operating systems, basics of discrete mathematics and introductory cryptography course

Webpage:

http://agents.felk.cvut.cz/wiki/doku.php?id=teaching:bis

Keywords:

security, protocols, network security

Subject is included into these academic programs:

Program Branch Role Recommended semester


Page updated 6.12.2019 17:52:32, semester: Z,L/2020-1, L/2018-9, Z,L/2019-20, Send comments about the content to the Administrators of the Academic Programs Proposal and Realization: I. Halaška (K336), J. Novák (K336)