Logo ČVUT
CZECH TECHNICAL UNIVERSITY IN PRAGUE
STUDY PLANS
2024/2025

Introduction to Computer Security

The course is not on the list Without time-table
Code Completion Credits Range Language
BE4M36BSY Z,ZK 6 2P+2C English

During a review of study plans, the course B4M36BSY can be substituted for the course BE4M36BSY.

It is not possible to register for the course BE4M36BSY if the student is concurrently registered for or has already completed the course B4M36BSY (mutually exclusive courses).

It is not possible to register for the course BE4M36BSY if the student is concurrently registered for or has previously completed the course B4M36BSY (mutually exclusive courses).

Garant předmětu:
Lecturer:
Tutor:
Supervisor:
Department of Computer Science
Synopsis:

The aim of this course is to acquaint students with current security risks of operating systems and web applications, such as getting access through the network and escalation of rights. Students will gain an overview of the principles of operating systems administration minimizing security risks, writing safe applications and verifying their security, setting up firewalls and forensic analysis of already infected systems.

Requirements:
Syllabus of lectures:

1. 6.10.2016 Basic terms and problems in security, Access rights. (TP)

2. 13.10.2016 Support of operating systems to isolate processes. (TP)

3. 20.10.2016 (double lecture) Confinement, Security of web browsers (TP)

4. 27.10.2016 (double labs) Examine foreign binary --- Reverse engineering (TP)

5. 3.11.2016 Guidelines to write the secure code (TP)

6. 10.11.2016 Security of web applications (TP7.)

7. 24.11.2016 DOS --- attacks on server availability (TP)

8. 1.12.2016 Protection of computer networks (TP)

9. 8.12.2016 Malware I (SG)

10. 15.12.2016 Covert channels (TP)

11. 22.12.2016 Security of mobile devices (SG)

12. 5.1.2017 Malware for mobile devices (SG)

13. 12.1.2017 Value of the privacy (open discussion) (TP, SG, JL))

Syllabus of tutorials:

1. 6.10.2016 SE Linux (JL)

2. 13.10.2016 Local resource exhaustion (JL)

3. 20.10.2016 double lecture (TP)

4. 27.10.2016 (double labs) Examine foreign binary --- Reverse engineering (JL)

5. 3.11.2016 Buffer overflow, integer overflow, ROI (JL)

6. 10.11.2016 Top ten OWASP attacks (JL)

7. 24.11.2016 Network and resource amplifications attacks (JL)

8. 1.12.2016 Protection of networks (JL)

9. 8.12.2016 Analyze your own malware (SG)

10. 15.12.2016 Design your own covert channel (TP)

11. 22.12.2016 Security of mobile devices (SG)

12. 5.1.2017 Malware of mobile devices (SG)

13. 12.1.2017 TBD. (???)

Links for Labs 6

https://labs.nettitude.com/blog/fuzzing-with-american-fuzzy-lop-afl/

https://www.invincealabs.com/blog/2016/08/fuzzing-nginx-with-afl/

https://gitlab.labs.nic.cz/labs/knot/tree/master/tests-fuzz

Study Objective:
Study materials:

Resources used to prepare lecture and some materials 1

Matt Bishop, Introduction to Computer Security, 2004, Ch 1,2,4

Ryan Ausanka-Crues, Methods for Access Control: Advances and Limitations

https://www.cs.hmc.edu/~mike/public_html/courses/security/s06/projects/ryan.pdf

Resources used to prepare lecture 3

Matt Bishop, Introduction to Computer Security, 2004, Ch 1,2,4

Trent Jaeger, Operating system security, 2008, Ch 1--4

Resources used to prepare lecture 5

Du, W., Jayaraman, K., Tan, X., Luo, T., & Chapin, S. Position paper: Why are there so many vulnerabilities in web applications?. In Proceedings of the 2011 workshop on New security paradigms workshop (pp. 83-94). ACM.

Bortz, A., Barth, A., & Czeskis, A. (2011). Origin cookies: Session integrity for web applications. Web 2.0 Security and Privacy (W2SP).

Barth, A., Jackson, C., & Mitchell, J. C. (2008, October). Robust defenses for cross-site request forgery. In Proceedings of the 15th ACM conference on Computer and communications security (pp. 75-88). ACM.

Finifter, M., Weinberger, J., & Barth, A. (2010, March). Preventing Capability Leaks in Secure JavaScript Subsets. In NDSS (Vol. 99, pp. 1-14).

Resources used to prepare lecture 6

Writing Secure Code (Best Practices), Michale Howard, David LeBlanc, 2004

Note:
Further information:
No time-table has been prepared for this course
The course is a part of the following study plans:
Data valid to 2024-03-28
Aktualizace výše uvedených informací naleznete na adrese https://bilakniha.cvut.cz/en/predmet4878706.html