Logo ČVUT
CZECH TECHNICAL UNIVERSITY IN PRAGUE
STUDY PLANS
2019/2020

Introduction to Computer Security

Login to KOS for course enrollment Display time-table
Code Completion Credits Range Language
B4M36BSY Z,ZK 6 2P+2C Czech
The course cannot be taken simultaneously with:
Introduction to Computer Security (BE4M36BSY)
Lecturer:
Tomáš Pevný (guarantor)
Tutor:
Tomáš Pevný (guarantor), Sebastián García, Maria Rigaki
Supervisor:
Department of Computer Science
Synopsis:
Requirements:
Syllabus of lectures:

1. 6.10.2016 Basic terms and problems in security, Access rights. (TP)

2. 13.10.2016 Support of operating systems to isolate processes. (TP)

3. 20.10.2016 (double lecture) Confinement, Security of web browsers (TP)

4. 27.10.2016 (double labs) Examine foreign binary --- Reverse engineering (TP)

5. 3.11.2016 Guidelines to write the secure code (TP)

6. 10.11.2016 Security of web applications (TP7.)

7. 24.11.2016 DOS --- attacks on server availability (TP)

8. 1.12.2016 Protection of computer networks (TP)

9. 8.12.2016 Malware I (SG)

10. 15.12.2016 Covert channels (TP)

11. 22.12.2016 Security of mobile devices (SG)

12. 5.1.2017 Malware for mobile devices (SG)

13. 12.1.2017 Value of the privacy (open discussion) (TP, SG, JL))

Syllabus of tutorials:

1. 6.10.2016 SE Linux (JL)

2. 13.10.2016 Local resource exhaustion (JL)

3. 20.10.2016 double lecture (TP)

4. 27.10.2016 (double labs) Examine foreign binary --- Reverse engineering (JL)

5. 3.11.2016 Buffer overflow, integer overflow, ROI (JL)

6. 10.11.2016 Top ten OWASP attacks (JL)

7. 24.11.2016 Network and resource amplifications attacks (JL)

8. 1.12.2016 Protection of networks (JL)

9. 8.12.2016 Analyze your own malware (SG)

10. 15.12.2016 Design your own covert channel (TP)

11. 22.12.2016 Security of mobile devices (SG)

12. 5.1.2017 Malware of mobile devices (SG)

13. 12.1.2017 TBD. (???)

Links for Labs 6

https://labs.nettitude.com/blog/fuzzing-with-american-fuzzy-lop-afl/

https://www.invincealabs.com/blog/2016/08/fuzzing-nginx-with-afl/

https://gitlab.labs.nic.cz/labs/knot/tree/master/tests-fuzz

Study Objective:
Study materials:

Resources used to prepare lecture and some materials 1

Matt Bishop, Introduction to Computer Security, 2004, Ch 1,2,4

Ryan Ausanka-Crues, Methods for Access Control: Advances and Limitations

https://www.cs.hmc.edu/~mike/public_html/courses/security/s06/projects/ryan.pdf

Resources used to prepare lecture 3

Matt Bishop, Introduction to Computer Security, 2004, Ch 1,2,4

Trent Jaeger, Operating system security, 2008, Ch 1--4

Resources used to prepare lecture 5

Du, W., Jayaraman, K., Tan, X., Luo, T., & Chapin, S. Position paper: Why are there so many vulnerabilities in web applications?. In Proceedings of the 2011 workshop on New security paradigms workshop (pp. 83-94). ACM.

Bortz, A., Barth, A., & Czeskis, A. (2011). Origin cookies: Session integrity for web applications. Web 2.0 Security and Privacy (W2SP).

Barth, A., Jackson, C., & Mitchell, J. C. (2008, October). Robust defenses for cross-site request forgery. In Proceedings of the 15th ACM conference on Computer and communications security (pp. 75-88). ACM.

Finifter, M., Weinberger, J., & Barth, A. (2010, March). Preventing Capability Leaks in Secure JavaScript Subsets. In NDSS (Vol. 99, pp. 1-14).

Resources used to prepare lecture 6

Writing Secure Code (Best Practices), Michale Howard, David LeBlanc, 2004

Note:
Time-table for winter semester 2019/2020:
06:00–08:0008:00–10:0010:00–12:0012:00–14:0014:00–16:0016:00–18:0018:00–20:0020:00–22:0022:00–24:00
Mon
Tue
Fri
Thu
roomKN:E-301
Pevný T.
12:45–14:15
(lecture parallel1)
Karlovo nám.
Šrámkova posluchárna K9
roomKN:E-307

18:00–19:30
(lecture parallel1
parallel nr.103)

Karlovo nám.
HW-lab K307
roomKN:E-307
Pevný T.
García S.

14:30–16:00
(lecture parallel1
parallel nr.102)

Karlovo nám.
HW-lab K307
roomKN:E-307
Pevný T.
García S.

16:15–17:45
(lecture parallel1
parallel nr.101)

Karlovo nám.
HW-lab K307
Fri
Time-table for summer semester 2019/2020:
Time-table is not available yet
The course is a part of the following study plans:
Data valid to 2019-10-18
For updated information see http://bilakniha.cvut.cz/en/predmet4702106.html