Computer Security

Learning Outcomes

  1. explain basic terms and concepts in computer security
  2. describe types of security threats and attacks and most common defense mechanisms
  3. describe the properties of most common cryptographic primitives
  4. explain the role of the public key infrastructure and the TLS protocol
  5. apply basic concepts of defensive programming
  6. describe basic principles of digital forensics
  7. implement an simple exploit of a vulnerable system

Forms of Teaching

Lectures

Laboratory

Week by Week Schedule

  1. Confidentiality, integrity, and availability (CIA), Concepts of risk, threats, vulnerabilities, and attack vectors
  2. Authentication and authorization, access control (mandatory vs. discretionary), Concept of trust and trustworthiness
  3. Attacker goals, capabilities, and motivations (e.g., underground economy, digital espionage, cyberwarfare, insider threats, hacktivism, advanced persistent threats), Examples of malware (e.g., viruses, worms, spyware, botnets, Trojan horses or rootkits), Denial of Service (DoS) and Distributed Denial of Service (DDoS)
  4. Control hijacking attacks, Injection attacks, Social engineering (e.g., phishing)
  5. Attacks on privacy and anonymity, Malware/unwanted communication such as covert channels and steganography
  6. Perfect secrecy and one-time pad, Basic Cryptography Terminology covering notions pertaining to the different (communication) partners, secure/unsecure channel, attackers and their capabilities, encryption, decryption, keys and their characteristics, signatures, Cipher types (e.g., Caesar cipher, affine cipher) together with typical attack methods such as frequency analysis, Block ciphers and modes of operation
  7. Message integrity and hashing, Public Key Infrastructure support for digital signature and encryption and its challenges, Authenticated key exchange protocols, e.g., TLS
  8. Midterm exam
  9. Protection of computers and networks; Types of threats and attacks (e.g., denial of service, spoofing, sniffing and traffic redirection, man-in-the-middle, message integrity attacks, routing attacks, and traffic analysis), levels of defense; Case studies focused on vulnerabilities of Internet protocols and applications; Protection methods on the network layer, TCP/IP protocol stack security: network and transport layer; Protocol vulnerabilities and attacks
  10. Firewall: traffic filtering; Firewall architectures; Network address translation (NAT), Techniques and tools for vulnerability scaning; Intrusion detection systems; Host-based, network-based approaches, and hybrid approaches, Virtual private networks (VPNs): security protocols, design, and advantages and disadvantages of various models
  11. Defense mechanisms and countermeasures (e.g., network monitoring, intrusion detection, firewalls, spoofing and DoS protection, honeypots, tracebacks), Input validation and data sanitization
  12. Choice of programming language and type-safe languages, Examples of input validation and data sanitization errors (Buffer overflow, integer errors, SQL injection, XSS)
  13. Operating system support (e.g., address space randomization, canaries)
  14. Basic principles and methodologies for digital forensics
  15. Final exam

Study Programmes

University undergraduate
Computing (study)
(6. semester)

Literature

(.), L. Budin, M. Golub, D. Jakobović, L. Jelenković. Operacijski sustavi. Izdavač Element. Prvo izdanje 2010, drugo izdanje 2011, treće izdanje 2013. ISBN 978-953-197-610-7.,
(.), Hal Tipton, Mickie Krause, Consulting Editors, Information Security Management Handbook, CRC Press LLC, ISBN: 0849374952, 6. izdanje 2007.,

General

ID 183503
  Summer semester
4 ECTS
L0 English Level
L1 e-Learning
45 Lectures
0 Exercises
5 Laboratory exercises
0 Project laboratory

Grading System

Excellent
Very Good
Good
Acceptable