Introduction to Computer Security
Code | Completion | Credits | Range | Language |
---|---|---|---|---|
B4M36BSY | Z,ZK | 6 | 2P+2C | Czech |
- Vztahy:
- It is not possible to register for the course B4M36BSY if the student is concurrently registered for or has already completed the course BE4M36BSY (mutually exclusive courses).
- The requirement for course B4M36BSY can be fulfilled by substitution with the course BE4M36BSY.
- It is not possible to register for the course B4M36BSY if the student is concurrently registered for or has previously completed the course BE4M36BSY (mutually exclusive courses).
- Garant předmětu:
- Tomáš Pevný
- Lecturer:
- Tomáš Pevný
- Tutor:
- Sebastián García, Ondřej Lukáš, Tomáš Pevný, Maria Rigaki, Veronica Valeros
- Supervisor:
- Department of Computer Science
- Synopsis:
-
The aim of this course is to acquaint students with current security risks of operating systems and web applications, such as getting access through the network and escalation of rights. Students will gain an overview of the principles of operating systems administration minimizing security risks, writing safe applications and verifying their security, setting up firewalls and forensic analysis of already infected systems.
- Requirements:
- Syllabus of lectures:
-
1. 6.10.2016 Basic terms and problems in security, Access rights. (TP)
2. 13.10.2016 Support of operating systems to isolate processes. (TP)
3. 20.10.2016 (double lecture) Confinement, Security of web browsers (TP)
4. 27.10.2016 (double labs) Examine foreign binary --- Reverse engineering (TP)
5. 3.11.2016 Guidelines to write the secure code (TP)
6. 10.11.2016 Security of web applications (TP7.)
7. 24.11.2016 DOS --- attacks on server availability (TP)
8. 1.12.2016 Protection of computer networks (TP)
9. 8.12.2016 Malware I (SG)
10. 15.12.2016 Covert channels (TP)
11. 22.12.2016 Security of mobile devices (SG)
12. 5.1.2017 Malware for mobile devices (SG)
13. 12.1.2017 Value of the privacy (open discussion) (TP, SG, JL))
- Syllabus of tutorials:
-
1. 6.10.2016 SE Linux (JL)
2. 13.10.2016 Local resource exhaustion (JL)
3. 20.10.2016 double lecture (TP)
4. 27.10.2016 (double labs) Examine foreign binary --- Reverse engineering (JL)
5. 3.11.2016 Buffer overflow, integer overflow, ROI (JL)
6. 10.11.2016 Top ten OWASP attacks (JL)
7. 24.11.2016 Network and resource amplifications attacks (JL)
8. 1.12.2016 Protection of networks (JL)
9. 8.12.2016 Analyze your own malware (SG)
10. 15.12.2016 Design your own covert channel (TP)
11. 22.12.2016 Security of mobile devices (SG)
12. 5.1.2017 Malware of mobile devices (SG)
13. 12.1.2017 TBD. (???)
Links for Labs 6
https://labs.nettitude.com/blog/fuzzing-with-american-fuzzy-lop-afl/
https://www.invincealabs.com/blog/2016/08/fuzzing-nginx-with-afl/
- Study Objective:
- Study materials:
-
Resources used to prepare lecture and some materials 1
Matt Bishop, Introduction to Computer Security, 2004, Ch 1,2,4
Ryan Ausanka-Crues, Methods for Access Control: Advances and Limitations
https://www.cs.hmc.edu/~mike/public_html/courses/security/s06/projects/ryan.pdf
Resources used to prepare lecture 3
Matt Bishop, Introduction to Computer Security, 2004, Ch 1,2,4
Trent Jaeger, Operating system security, 2008, Ch 1--4
Resources used to prepare lecture 5
Du, W., Jayaraman, K., Tan, X., Luo, T., & Chapin, S. Position paper: Why are there so many vulnerabilities in web applications?. In Proceedings of the 2011 workshop on New security paradigms workshop (pp. 83-94). ACM.
Bortz, A., Barth, A., & Czeskis, A. (2011). Origin cookies: Session integrity for web applications. Web 2.0 Security and Privacy (W2SP).
Barth, A., Jackson, C., & Mitchell, J. C. (2008, October). Robust defenses for cross-site request forgery. In Proceedings of the 15th ACM conference on Computer and communications security (pp. 75-88). ACM.
Finifter, M., Weinberger, J., & Barth, A. (2010, March). Preventing Capability Leaks in Secure JavaScript Subsets. In NDSS (Vol. 99, pp. 1-14).
Resources used to prepare lecture 6
Writing Secure Code (Best Practices), Michale Howard, David LeBlanc, 2004
- Note:
- Further information:
- https://moodle.fel.cvut.cz/courses/B4M36BSY
- Time-table for winter semester 2024/2025:
-
06:00–08:0008:00–10:0010:00–12:0012:00–14:0014:00–16:0016:00–18:0018:00–20:0020:00–22:0022:00–24:00
Mon Tue Wed Thu Fri - Time-table for summer semester 2024/2025:
- Time-table is not available yet
- The course is a part of the following study plans:
-
- Open Informatics - Cyber Security (compulsory course of the specialization)
- Open Informatics - Software Engineering (compulsory course of the specialization)