1. Home
  2. NOVA School of Science and Technology
  3. Computer Science and Engineering
  4. Network and Computer Systems Security

Network and Computer Systems Security

Objectives

Know-how:

  • Concepts, terminology and security services in reference standards for secuirty frameworks for computer networks and systems security
  • Methods, algorithms, tools and techniques for applied cryptography and use of cryptographic methods for the design of security mechanisms and services for computer networks, computer security and security services for distributed systems.  
  • TCP/IP security stack: applications and standards
  • Operating system-level security and security layering with virtualization techniques
  • Systems security: Intrusion detection, intrusion prevention and solutions for perimeter defenses 
  • Trusted computing: software stack attestation, trusted execution environments and hardware-enabled solutions

Practical Skills:

  • Programming with cryptographic algorithms, libraries and tools
  • Design, implementation and experimental evaluation of security protocols and services for internetworked applications
  • Design and implementations of secure services for internet-based large-scale distributed systems
  • Operation and setup of security services and mechanisms for operating system level security and virtualization of software services’ stacks.
  • Design and implementation of services for secure data-management and privacy-enhanced data protection
  • Design and implementation of security services and solutions for intrusion detection 
  • Programming with trusted execution environments enabled by hardware-based solutions


General characterization

Code

11619

Credits

6.0

Responsible teacher

Henrique João Lopes Domingos, José Augusto Legatheaux Martins

Hours

Weekly - 4

Total - 52

Teaching language

Inglês

Prerequisites

Prior knowledge on:

  • Foundations of computer networks, protocols and services, particularly standard protocols and services in the TCP/IP stack;
  • Foundations, principles and programming paradigms for the design and operation of distributed systems and applications
  • Operating systems foundations

Previous practical skills on programming and use of software development tools are strongly recommended (ex, Eclipse IDE or any other programming environment) and practice with programming languages (ex., Java, Go or C#). It is also advised some initial experience in using UNIX-based systems (ex, Linux distributions or Mac-OS), as well as initial experience in installing and using virtualization environments (ex, VBox or VMware), or containerized and virtualized software components and applications (ex, Docker). 

Previous practice in TCP/IP and distributed systems programming (using sockets and REST or

Bibliography

Main references

  • W. Stallings, Network Security Essentials - Applications and Services, Pearson, 6/E, 2017
  • W. Stallings, L. Brown, Computer Security: Principles and Practice, Pearson 4/E, 2014

Additional References 

  • W. Stallings, Cryptography and Network Security - Principles and Practice, Pearson 7/E, 2017
  • D. Gollmann, Computer Security, 3rd Ed, Wiley, 2011

Other References

  • B. Schneier, Applied Cryptography, 1996, Wiley
  • A. Zúquete, Segurança em Redes Informáticas, 5ª Ed., 2018, Ed. FCA
  • M. Correia, P. Sousa, Segurança no Softwarem, 2ª Ed. , 2017 Ed. FCA

Teaching method

The course is organized in lectures for presenting and discussing foundations, concepts, principles, paradigms, techniques or algorithms.

Labs are organized for presenting computer and network security techniques (following the program), involving the demonstration of such techniques or related components and development of practical work assignments including the mandatory assessment assignments. Some sessions are planned for discussing practical solutions on proposed problems, as well as support for implementation of the assessment projects or work-assignments.

Evaluation method

Assessment components

  • 2 frequency tests (midterm): T1, T2
    • Cover the program topics
    • Tests with 2h30m (ref)
      • 1h-1h30m: closed book questions
      • 1h-1h30m: open book questions (printed and individual sources). Can include practical questions from lab exercises, as well as, evaluation questions related to work-assignments
  • 2 Work-Assignments as mini-projects: TP1,  TP2
  • Developed in workgroups (2 students maximum)
    • Group members must have at least 60% presences in lab classes
    • Optionally, can be developed individually
  • Evaluation includes: development, completeness, quality, correctness and evaluation
  • Students may eventually be scheduled for proof of implementation, demonstration and discussion of assignments.

Grade conditions1

- Frequency

  • Frequency Assessment AF = 40% (TP1) + 60% (TP2)
  • Frequency condition (AF):

         AF >=9,5/20 and TP2 >= 7,5/20

- Grade with Frequency (AC)

  • Frequency condition
  • Midterm Evaluation AC = 40% AF + 25% (T1) + 35% (T2)
  • Grade condition (AC) 

         AC >= 9.5/20 and

         Average (T1, T2) >= 9,5/20 

- Grade with Appeal Exam (ER)

  • Frequency condition
  • Final assessment with Appeal Exam AER = 40% AF + 60% ER
  • Grade with Appeal Exam (AER)

              AER >= 9,5/20 and ER >= 9,5/20

1) Students with frequency and exam (appeal) access conditions obtained in 2016/2017 or 2017/2018 can use the obtained frequency classification (TP1, TP2) in 2017/2018.

Subject matter

  1. Introduction
  2. Foundations and models for computer systems and network security
    • Security Frameworks: OSI X.800, ANSI, NIST/FIPS PUB
    • Security model for distributed systems
    • TCP/IP stack and security services
    • Perimeter defense
    • Computer systems security and secure infrastructures
  3. Applied cryptography and cryptographic tools
    • Symmetric encryption: algorithms and secure constructions with symmetric ciphers
    • Public-key cryptography: algorithms and secure constructions with asymmetric cryptography
    • Digital signatures: standards and secure parameterizations
    • Secure hash functions and authentication codes
    • Asymmetric methods for key distribution and establishment of security associations
    • New emerging cryptographic methods
    • Design and implementation of secure channels
  4. Authentication and Access Control
    • Authentication protocols and services: PAP, CHAP and RADIUS
    • Kerberos system
    • X509 Authentication and PKI/PKIX model and framework
    • Single Sign On and AAA systems
    • Federated identity management
    • Systems and technology for user authentication
      • Authentication factors and multifactor authentication systems
    • Access control models and methods
      • MAC, DAC, RBAC, ABAC and CBAC policy models
      • Mechanisms for permissions control
  5. TCP/IP stack security services and standards
    • WEB security and HTTPS
    • TLS security stack
    • SSH
    • IPSec stack: ESP, AH, IKE and ISAKMP
    • Secure virtual private networks
    • Security at IP routing level: SBGP
    • EMail security services
      • POP3S, IMAPS, SMTPS, S/MIME, PGP, DKIM and DMARC
    • DNS security and DNSSEC
    • Network access control and LAN/WLAN Security: EAP,  802.1x and 802.11i
  6. Systems security
    • Security at operating system level
    • Virtualization
    • Software and Firmware Attestation: Trusted Platform Modules (TPMs)
    • HW technology for trusted execution environments (TEEs)
    • Intrusion detection and prevention
    • Techniques and systems for perimeter defenses

Programs

Programs where the course is taught: