Computer Security

* Exchange students do not have to consider this information when selecting suitable courses for an exchange stay.

Course Unit Code460-2040/01
Number of ECTS Credits Allocated4 ECTS credits
Type of Course Unit *Compulsory
Level of Course Unit *First Cycle
Year of Study *Third Year
Semester when the Course Unit is deliveredSummer Semester
Mode of DeliveryFace-to-face
Language of InstructionCzech, English
Prerequisites and Co-Requisites
PrerequisitiesCourse Unit CodeCourse Unit Title
460-2006Computer Networks
460-2010Programming Languages I
460-2012Programming Languages II
460-2016Operating Systems
Name of Lecturer(s)Personal IDName
OH140RNDr. Eliška Ochodková, Ph.D.
OLI10Ing. Petr Olivka, Ph.D.
MOR03Ing. Pavel Moravec, Ph.D.
KRU13Mgr. Ing. Michal Krumnikl, Ph.D.
Summary
The aim of this subject is to is to familiarize students with the basic principles of computer security, vulnerabilities, attacks and defence against them. The topics cover the security of operating systems and their vulnerabilities, security applications (web, databases), malicious software, etc. Great emphasis is placed on the practical coverage of individual topics.
Learning Outcomes of the Course Unit
Familiarize students with the basic principles of computer security.

After completing the course the student will be able to:
- identify and recognize different attacks
- discern typical errors that are exploitable by an attacker and avoid them when creating software components
- use intrusion detection and prevention techniques
- identify and use a known block and stream ciphers
- implement secure applications and write safe code
Course Contents
Lectures

1. Basic concepts and principles of security (security vs usability, security functions and mechanisms, attack types, threats, vulnerabilities, risks, backup mechanisms, ...).
2. OS Security (ACL, AAA).
3. Hardware level security, kernel-space and user-space (SandBox, SE Linux, virtualized environment).
4. Detection, prevention and mitigation of the effects of individual attacks on the service (load balancers, proxy, honeypot).
5. Implementation of block and stream ciphers in network protocols (implementation of a secure channel, data encapsulation of serializable objects).
6. Security of Internet application protocols (MITM, RPC, SOAP, CORBA, MySQL, replay attack)
7. Development of safe applications (general principles, the most common vulnerabilities, database security, security of web applications).
8. Security of mobile devices (data transfer and storage, security features of mobile OS, application distribution and signatures)
9. Hardware security features (cards, chips, reverse engineering)
10. Malware (viruses, spyware, infection, detection of malware, social engineering)
11. Creating secure code (static code analysis, obfuscation, buffer overflow, boundary conditions)

Computer labs

Labs follow the issues discussed in the lectures. Their main aim is the practical demonstration and evaluation of individual topics as well as the analysis, administration, configuration and testing of security mechanisms.

1. OS security, demonstration of SE Linux configuration.
2. Virtualization of OS + snapshots for vulnerability testing.
3. In-depth protocol analysis with packet analyzer (social networks, ...).
4. Honeypot, log analysis and forensic analysis of recorded attack.
5. Configuration of AAA infrastructure.
6. Usage of modern computation technologies for implementation of attacks against wireless networks.
7. Application of block ciphers in network protocols
8. Attacks on application layer protocols
9. Demonstration of known vulnerabilities: XSS, SQL injection, buffer overflow, ...
10. Reverse engineering, code protection - obfuscation
Recommended or Required Reading
Required Reading:
1. Stallings, W.:Cryptography and Network Security: Principles and Practice, Prentice Hall 5th edition 2010, ISBN: 0136097049
2. Seacord, R. C.: Secure Coding in C and C++, Addison-Wesley 2005, ISBN 0321335724
1. Stallings, W.:Cryptography and Network Security: Principles and Practice, Prentice Hall 5th edition 2010, ISBN: 0136097049
2. Seacord, R. C.: Secure Coding in C and C++, Addison-Wesley 2005, ISBN 0321335724
Recommended Reading:
1. Tanenbaum, A.S.: Computer Networks, Prentice Hall 5th edition 2010, ISBN: 0132126958
2. Menezes, A. J., Van Oorschot, P. C., Vanstone, S. A.: Handbook of Applied Cryptography, CRC Press, 1997, ISBN: 9780849385230
3. Scarfone, K. and Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS), NIST 2007, http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
1. Tanenbaum, A.S.: Computer Networks, Prentice Hall 5th edition 2010, ISBN: 0132126958
2. Menezes, A. J., Van Oorschot, P. C., Vanstone, S. A.: Handbook of Applied Cryptography, CRC Press, 1997, ISBN: 9780849385230
3. Scarfone, K. and Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS), NIST 2007, http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
Planned learning activities and teaching methods
Lectures, Tutorials, Experimental work in labs, Project work, Other activities
Assesment methods and criteria
Task TitleTask TypeMaximum Number of Points
(Act. for Subtasks)
Minimum Number of Points for Task Passing
Exercises evaluation and ExaminationCredit and Examination100 (100)51
        Exercises evaluationCredit45 (45)20
                Bezpečnost operačních systémůLaboratory work15 7
                Analýza logů a protokolůLaboratory work10 4
                Útoky na infrastrukturu a protokolyLaboratory work10 4
                SW zranitelnosti a kryptografieLaboratory work10 4
        ExaminationExamination55 20