Introduction to Computer Security

Semestr: Winter

Range: 2+2c

Completion:

Credits: 6

Programme type:

Study form: Fulltime

Course language: English

Time table at FEE

Summary:

Keywords:

Course syllabus:

1. 6.10.2016 Basic terms and problems in security, Access rights. (TP)
2. 13.10.2016 Support of operating systems to isolate processes. (TP)
3. 20.10.2016 (double lecture) Confinement, Security of web browsers (TP)
4. 27.10.2016 (double labs) Examine foreign binary --- Reverse engineering (TP)
5. 3.11.2016 Guidelines to write the secure code (TP)
6. 10.11.2016 Security of web applications (TP7.)
7. 24.11.2016 DOS --- attacks on server availability (TP)
8. 1.12.2016 Protection of computer networks (TP)
9. 8.12.2016 Malware I (SG)
10. 15.12.2016 Covert channels (TP)
11. 22.12.2016 Security of mobile devices (SG)
12. 5.1.2017 Malware for mobile devices (SG)
13. 12.1.2017 Value of the privacy (open discussion) (TP, SG, JL))

Seminar syllabus:

1. 6.10.2016 SE Linux (JL)
2. 13.10.2016 Local resource exhaustion (JL)
3. 20.10.2016 double lecture (TP)
4. 27.10.2016 (double labs) Examine foreign binary --- Reverse engineering (JL)
5. 3.11.2016 Buffer overflow, integer overflow, ROI (JL)
6. 10.11.2016 Top ten OWASP attacks (JL)
7. 24.11.2016 Network and resource amplifications attacks (JL)
8. 1.12.2016 Protection of networks (JL)
9. 8.12.2016 Analyze your own malware (SG)
10. 15.12.2016 Design your own covert channel (TP)
11. 22.12.2016 Security of mobile devices (SG)
12. 5.1.2017 Malware of mobile devices (SG)
13. 12.1.2017 TBD. (???)

Links for Labs 6

https://labs.nettitude.com/blog/fuzzing-with-american-fuzzy-lop-afl/
https://www.invincealabs.com/blog/2016/08/fuzzing-nginx-with-afl/
https://gitlab.labs.nic.cz/labs/knot/tree/master/tests-fuzz

Literature:

Resources used to prepare lecture and some materials 1

Matt Bishop, Introduction to Computer Security, 2004, Ch 1,2,4
Ryan Ausanka-Crues, Methods for Access Control: Advances and Limitations
https://www.cs.hmc.edu/~mike/public_html/courses/security/s06/projects/ryan.pdf

Resources used to prepare lecture 3

Matt Bishop, Introduction to Computer Security, 2004, Ch 1,2,4
Trent Jaeger, Operating system security, 2008, Ch 1--4

Resources used to prepare lecture 5

Du, W., Jayaraman, K., Tan, X., Luo, T., & Chapin, S. Position paper: Why are there so many vulnerabilities in web applications?. In Proceedings of the 2011 workshop on New security paradigms workshop (pp. 83-94). ACM.
Bortz, A., Barth, A., & Czeskis, A. (2011). Origin cookies: Session integrity for web applications. Web 2.0 Security and Privacy (W2SP).
Barth, A., Jackson, C., & Mitchell, J. C. (2008, October). Robust defenses for cross-site request forgery. In Proceedings of the 15th ACM conference on Computer and communications security (pp. 75-88). ACM.
Finifter, M., Weinberger, J., & Barth, A. (2010, March). Preventing Capability Leaks in Secure JavaScript Subsets. In NDSS (Vol. 99, pp. 1-14).

Resources used to prepare lecture 6

Writing Secure Code (Best Practices), Michale Howard, David LeBlanc, 2004

Examiners:

Lecturers:

Instructors: