UniveWiki

Appearance

SYSTEM SECURITY

Alt text

METADATA

Website

We can study from the slides in the website.

EXAM

  • Written exam giving a base score;
  • Challenges giving bonus on the base score.

Course material and books

All of the slides will be made available online here. The course is mainly based on:

William Stallings, Lawrie Brown. Computer Security: Principles and Practice, 4th Edition. Pearson, 2018. (chapters 1, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 22, 27) online resources The official moodle page contains: recordings of classes (only for eligible students) instruction to join the virtual meeting point for the course in Slack Examples and practical case studies are made available as docker images

Program

[20/09/2023] Introduction and basic concepts (slides) [22/09/2023] Security Design Principles (slides), User Authentication 1 (slides) [27/09/2023] Password cracking lab (online class) [29/09/2023] User Authentication 2 (slides) [04/10/2023] Access control (slides) 8:45 Aula A [06/10/2023] Unix access control lab (online class) We meet on slack at 8:45! [11/10/2023] Malware 1 (slides) [13/10/2023] Malware 2 (slides) [18/10/2023] Denial of service (slides) [20/10/2023] Database security (slides) [25/10/2023] SQL injection challenge (online class) [27/11/2023] Intrusion detection (slides) [03/11/2023] Buffer and stack overflow (slides) [08/11/2023] Buffer overflow challenge (online class) [10/11/2023] Software security (slides) [15/11/2023] Software security challenge (online class) [17/11/2023] Operating system security (slides) [22/11/2023] Trusted computing (slides) [24/11/2023] Security APIs (slides) [29/12/2023] Security API challenge (online class) [01/12/2023] Formal methods for security (slides) (examples) [06/12/2023] Formal analysis lab (online class) [13/12/2023] Side-channel (slides) [15/12/2023] Side-channel lab (online class)

What is computer security?

Measures and controls that ensure confidentiality, integrity, and availability of the information processed, stored (and communicated) by a computer.
The National Institute of Standards and Technology (NIST)

CIA Triad

  • Confidentiality
  • Integrity
  • Availability
  • extra:
    • Authenticity
    • Accountability

Impact (cf. FIPS 199)

Examples with quiz (which properties are violated?)