Subject description - A4M33BIS
Summary of Study |
Summary of Branches |
All Subject Groups |
All Subjects |
List of Roles |
Explanatory Notes
Instructions
| A4M33BIS | Information and System Security | ||
|---|---|---|---|
| Roles: | Extent of teaching: | 2P+2C | |
| Department: | 13136 | Language of teaching: | CS |
| Guarantors: | Completion: | Z,ZK | |
| Lecturers: | Credits: | 6 | |
| Tutors: | Semester: | Z | |
Web page:
http://agents.felk.cvut.cz/wiki/doku.php?id=teaching:bisAnotation:
The goal of the course is to give the students a basic gasp of information/system security problems and solutions. Rather than teaching specific current technologies and vulnerabilities/threats, we will introduce general problems, formalize them if appropriate and illustrate them with a wide range of examples, both with current and legacy technologies. We put emphasis on problems that will be encountered by most programmers and developers through their careers.Study targets:
Introductory course for network security. The goal is to acquaint the students with the elements of secure system design.Course outlines:
| 1. | Introduction, Security models, threat models (Anderson, Ch.1) | |
| a. | Security properties: confidentiality, integrity, non-repudiation, availability, ? | |
| b. | Methods: Authorization, Authentication, ciphering, replication? | |
| c. | Attacker/threat models: sophistication, resources, time | |
| d. | Assumptions | |
| e. | Security by obscurity vs. guaranteed system properties | |
| 2. | Protocols and Access Control (I) (Anderson, Ch. 3) | |
| a. | Importance of protocol, assumptions | |
| b. | Why protocols, their properties | |
| c. | Attack surface, Attacks on protocols | |
| d. | API | |
| 3. | Cryptography (I) (Anderson, Ch. 5) | |
| a. | Ciphering basics and terms - invertibility, key, plaintext, ciphertext... | |
| b. | Block/Stream ciphers | |
| c. | Vernam | |
| d. | DES, AES | |
| e. | Cipher modes, practicalities, side-channel attacks | |
| 4. | Cryptography (II) (Anderson, Ch. 5) | |
| a. | Asymmetric cryptography (DH,EG,RSA) | |
| b. | Cryptographic hash functions | |
| c. | Electronic signatures | |
| d. | Certificates | |
| e. | WEP failures, A4/A8 failures | |
| 5. | Protocols and Access Control (II) (Anderson, Ch. ¾, GSM/3GPPS spec,?) | |
| a. | Kerberos | |
| b. | Protocols for authorization, authentication, integrity, non-repudiation | |
| c. | GSM login, UMTS3G login | |
| d. | Banking, electronic transactions | |
| 6. | Protocols and Access Control (III) (Anderson, Ch. 3/4/6) | |
| a. | SSL, MITM attacks, phishing | |
| b. | Key distribution, key distribution in wireless networks | |
| c. | Access control | |
| d. | Rights management - satellite broadcasts use-case | |
| 7. | Multi-Level Security (Anderson, Ch. 8) | |
| a. | Bell-La Padua model | |
| b. | Technical solutions and implementations | |
| c. | Networking in MLS | |
| d. | Data pumps | |
| e. | SE Linux, security policies, access controls, policies and modifiers? | |
| 8. | Multi-Lateral Security, Inference Security, Privacy (Anderson, Ch. 9) | |
| a. | Census data security | |
| b. | Workplace home pairs as a practical example | |
| c. | Location based services security | |
| d. | Social network mining | |
| 9. | Steganography, Information hiding, covert channels (TBD) | |
| a. | Steganography introduction and motivation | |
| b. | Current problems | |
| c. | Steganography | |
| d. | Steganalysis | |
| 10. | Economic Considerations (Anderson, Ch.7) | |
| a. | Game theory | |
| b. | Electronic marketplaces | |
| c. | Botnet economic model, e-crime economic models | |
| d. | Reputation systems, their strengths, attacks-on, misuse | |
| 11. | Network Security (I) (Northcutt: Inside Network Perimeter Security) | |
| a. | Threat analysis | |
| b. | Attacks (vulnerabilities: e.g. buffer overflows, weak passwords,) | |
| c. | Transmission vectors, | |
| d. | Rootkits, malware | |
| 12. | Network Security (II)( Northcutt: Network Intrusion Detection: An Analyst's Handbook) | |
| a. | Host security | |
| b. | Firewalls, network policies, routers, VPN, tunnels | |
| c. | Network monitoring, Intrusion detection | |
| 13. | Monitoring and Attacks on Monitoring (Anderson, Ch.12) | |
| a. | Importance of monitoring | |
| b. | Monitoring phases: observation, data processing, recognition, decision, feedback action | |
| c. | Attacks on sensors | |
| d. | Attacks on cognition, misleading, confusion,? | |
| e. | Disinformation |
Exercises outline:
| 1. | Threat models and security analysis [1/2 labs] | |
| 2. | Cryptography and protocols: [4/5 labs] | |
| a. | SSL connection bit-by bit, vulnerabilities, key management, algorithms and other issues | |
| b. | Protocols: GSM/3G networks, MITM, API security, access control | |
| 3. | Multi-level security: SELinux, BLP model, defense in depth [3 labs] | |
| 4. | Student`s choice [4 labs]: | |
| a. | Steganography | |
| b. | Network security |
Literature:
Ross Anderson, Security Engineering 2nd/1st edition (major part available online), chapter numbers refer to second edition Northcutt: Inside Network Perimeter Security Northcutt: Network Intrusion Detection: An Analyst's HandbookRequirements:
no formal requirements, basic knowledge of operating systems, basics of discrete mathematics and introductory cryptography courseKeywords:
security, protocols, network security Subject is included into these academic programs:| Program | Branch | Role | Recommended semester |
| Page updated 18.4.2024 17:51:04, semester: L/2023-4, Z/2024-5, Z/2023-4, Send comments about the content to the Administrators of the Academic Programs | Proposal and Realization: I. Halaška (K336), J. Novák (K336) |