Subject description - A4M33BIS
Summary of Study |
Summary of Branches |
All Subject Groups |
All Subjects |
List of Roles |
Explanatory Notes
Instructions
A4M33BIS | Information and System Security | ||
---|---|---|---|
Roles: | Extent of teaching: | 2P+2C | |
Department: | 13136 | Language of teaching: | CS |
Guarantors: | Completion: | Z,ZK | |
Lecturers: | Credits: | 6 | |
Tutors: | Semester: | Z |
Web page:
http://agents.felk.cvut.cz/wiki/doku.php?id=teaching:bisAnotation:
The goal of the course is to give the students a basic gasp of information/system security problems and solutions. Rather than teaching specific current technologies and vulnerabilities/threats, we will introduce general problems, formalize them if appropriate and illustrate them with a wide range of examples, both with current and legacy technologies. We put emphasis on problems that will be encountered by most programmers and developers through their careers.Study targets:
Introductory course for network security. The goal is to acquaint the students with the elements of secure system design.Course outlines:
1. | Introduction, Security models, threat models (Anderson, Ch.1) | |
a. | Security properties: confidentiality, integrity, non-repudiation, availability, ? | |
b. | Methods: Authorization, Authentication, ciphering, replication? | |
c. | Attacker/threat models: sophistication, resources, time | |
d. | Assumptions | |
e. | Security by obscurity vs. guaranteed system properties | |
2. | Protocols and Access Control (I) (Anderson, Ch. 3) | |
a. | Importance of protocol, assumptions | |
b. | Why protocols, their properties | |
c. | Attack surface, Attacks on protocols | |
d. | API | |
3. | Cryptography (I) (Anderson, Ch. 5) | |
a. | Ciphering basics and terms - invertibility, key, plaintext, ciphertext... | |
b. | Block/Stream ciphers | |
c. | Vernam | |
d. | DES, AES | |
e. | Cipher modes, practicalities, side-channel attacks | |
4. | Cryptography (II) (Anderson, Ch. 5) | |
a. | Asymmetric cryptography (DH,EG,RSA) | |
b. | Cryptographic hash functions | |
c. | Electronic signatures | |
d. | Certificates | |
e. | WEP failures, A4/A8 failures | |
5. | Protocols and Access Control (II) (Anderson, Ch. ¾, GSM/3GPPS spec,?) | |
a. | Kerberos | |
b. | Protocols for authorization, authentication, integrity, non-repudiation | |
c. | GSM login, UMTS3G login | |
d. | Banking, electronic transactions | |
6. | Protocols and Access Control (III) (Anderson, Ch. 3/4/6) | |
a. | SSL, MITM attacks, phishing | |
b. | Key distribution, key distribution in wireless networks | |
c. | Access control | |
d. | Rights management - satellite broadcasts use-case | |
7. | Multi-Level Security (Anderson, Ch. 8) | |
a. | Bell-La Padua model | |
b. | Technical solutions and implementations | |
c. | Networking in MLS | |
d. | Data pumps | |
e. | SE Linux, security policies, access controls, policies and modifiers? | |
8. | Multi-Lateral Security, Inference Security, Privacy (Anderson, Ch. 9) | |
a. | Census data security | |
b. | Workplace home pairs as a practical example | |
c. | Location based services security | |
d. | Social network mining | |
9. | Steganography, Information hiding, covert channels (TBD) | |
a. | Steganography introduction and motivation | |
b. | Current problems | |
c. | Steganography | |
d. | Steganalysis | |
10. | Economic Considerations (Anderson, Ch.7) | |
a. | Game theory | |
b. | Electronic marketplaces | |
c. | Botnet economic model, e-crime economic models | |
d. | Reputation systems, their strengths, attacks-on, misuse | |
11. | Network Security (I) (Northcutt: Inside Network Perimeter Security) | |
a. | Threat analysis | |
b. | Attacks (vulnerabilities: e.g. buffer overflows, weak passwords,) | |
c. | Transmission vectors, | |
d. | Rootkits, malware | |
12. | Network Security (II)( Northcutt: Network Intrusion Detection: An Analyst's Handbook) | |
a. | Host security | |
b. | Firewalls, network policies, routers, VPN, tunnels | |
c. | Network monitoring, Intrusion detection | |
13. | Monitoring and Attacks on Monitoring (Anderson, Ch.12) | |
a. | Importance of monitoring | |
b. | Monitoring phases: observation, data processing, recognition, decision, feedback action | |
c. | Attacks on sensors | |
d. | Attacks on cognition, misleading, confusion,? | |
e. | Disinformation |
Exercises outline:
1. | Threat models and security analysis [1/2 labs] | |
2. | Cryptography and protocols: [4/5 labs] | |
a. | SSL connection bit-by bit, vulnerabilities, key management, algorithms and other issues | |
b. | Protocols: GSM/3G networks, MITM, API security, access control | |
3. | Multi-level security: SELinux, BLP model, defense in depth [3 labs] | |
4. | Student`s choice [4 labs]: | |
a. | Steganography | |
b. | Network security |
Literature:
Ross Anderson, Security Engineering 2nd/1st edition (major part available online), chapter numbers refer to second edition Northcutt: Inside Network Perimeter Security Northcutt: Network Intrusion Detection: An Analyst's HandbookRequirements:
no formal requirements, basic knowledge of operating systems, basics of discrete mathematics and introductory cryptography courseKeywords:
security, protocols, network security Subject is included into these academic programs:Program | Branch | Role | Recommended semester |
Page updated 18.4.2024 17:51:04, semester: L/2023-4, Z/2024-5, Z/2023-4, Send comments about the content to the Administrators of the Academic Programs | Proposal and Realization: I. Halaška (K336), J. Novák (K336) |