- explain basic terms and concepts in computer security
- describe types of security threats and attacks and most common defense mechanisms
- describe the properties of most common cryptographic primitives
- explain the role of the public key infrastructure and the TLS protocol
- apply basic concepts of defensive programming
- describe basic principles of digital forensics
- implement an simple exploit of a vulnerable system
Forms of Teaching
Week by Week Schedule
- Confidentiality, integrity, and availability (CIA); Concepts of risk, threats, vulnerabilities, and attack vectors.
- Authentication and authorization, access control (mandatory vs; discretionary); Concept of trust and trustworthiness.
- Attacker goals, capabilities, and motivations (e.g., underground economy, digital espionage, cyberwarfare, insider threats, hacktivism, advanced persistent threats); Examples of malware (e.g., viruses, worms, spyware, botnets, Trojan horses or rootkits); Denial of Service (DoS) and Distributed Denial of Service (DDoS).
- Control hijacking attacks; Injection attacks; Social engineering (e.g., phishing).
- Attacks on privacy and anonymity; Malware/unwanted communication such as covert channels and steganography.
- Perfect secrecy and one-time pad; Basic Cryptography Terminology covering notions pertaining to the different (communication) partners, secure/unsecure channel, attackers and their capabilities, encryption, decryption, keys and their characteristics, signatures; Cipher types (e.g., Caesar cipher, affine cipher) together with typical attack methods such as frequency analysis; Block ciphers and modes of operation.
- Message integrity and hashing; Public Key Infrastructure support for digital signature and encryption and its challenges; Authenticated key exchange protocols, e.g., TLS.
- Midterm exam.
- Protection of computers and networks; Types of threats and attacks (e.g., denial of service, spoofing, sniffing and traffic redirection, man-in-the-middle, message integrity attacks, routing attacks, and traffic analysis), levels of defense; Case studies focused on vulnerabilities of Internet protocols and applications; Protection methods on the network layer; TCP/IP protocol stack security: network and transport layer; Protocol vulnerabilities and attacks.
- Firewall: traffic filtering; Firewall architectures; Network address translation (NAT); Techniques and tools for vulnerability scaning; Intrusion detection systems; Host-based, network-based approaches, and hybrid approaches; Virtual private networks (VPNs): security protocols, design, and advantages and disadvantages of various models.
- Defense mechanisms and countermeasures (e.g., network monitoring, intrusion detection, firewalls, spoofing and DoS protection, honeypots, tracebacks); Input validation and data sanitization.
- Choice of programming language and type-safe languages; Examples of input validation and data sanitization errors (Buffer overflow, integer errors, SQL injection, XSS).
- Operating system support (e.g., address space randomization, canaries).
- Basic principles and methodologies for digital forensics.
- Final exam.
Computing (study)(6. semester)
(.), L. Budin, M. Golub, D. Jakobović, L. Jelenković. Operacijski sustavi. Izdavač Element. Prvo izdanje 2010, drugo izdanje 2011, treće izdanje 2013. ISBN 978-953-197-610-7.,
(.), Hal Tipton, Mickie Krause, Consulting Editors, Information Security Management Handbook, CRC Press LLC, ISBN: 0849374952, 6. izdanje 2007.,
L0 English Level
5 Laboratory exercises
0 Project laboratory