Network and Computer Systems Security
Objectives
Knowledge
- Know and understand concepts and relevant terminology from reference security frameworks for security mechanisms, services and methods for computer systems and network security and Internet security
- Understand the fundamentals of computer systems security, network security services and security models and foundations for internet-based distributed systems
- Learn about the relevant security standards on mechanisms, services and protocols for security services at different levels of TCP/IP stack and Internet security solutions.
- Study of applied cryptography methods, techniques, tools and algorithms, knowing their security foundations, security properties and analysis models.
- Know how to design secure communication protocols based on secure cryptographic constructions
- Intrusion prevention, intrusion detection, intrusion recovery and mechanisms for intrusion tolerance
- Know the security mechanisms provided at the level of operating systems
- Know the security foundations for secure virtualization solutions in their different approach levels.
- Know about the security mechanisms and solutions used for isolation, confinement, and attestation of critical SW components
- Know solutions for trusted execution environments at software and isolated hardware level
- Know about the principles and foundations of trusted and confidential computing
- Know the principles, practical mechanisms and solutions for data privacy and privacy-preserved data-processing computations
Skills and competences
- Know how to conduct vulnerability assessment or auditing activities with means, tools and exploits, learning how to use such tools in specific cases
- Know how to implement security mechanisms for the protection of different security properties in communication protocols and secure communication channels for distributed systems
- Design, implementation and experimental assessment of security communication protocols and security services for distributed computer systems and networks
- Know how to program with cryptographic methods and tools and how to design and use correctly secure cryptographic constructions in the development of secure communication protocols and to protect data in computer systems, with end-to-end security arguments.
- Inspection tools for practical analysis, auditing and compliance of standard security protocols and good practices in the operation of security services in the TCP/IP stack for remote Internet services and applications
- Develop practical skills for security management and use of means of integrity inspection, authentication, and access-control protection, using the correct mechanisms at the operating system level
- Develop practical skills in using secure virtualization solutions, at different levels of approach
- Design and implementation of mechanisms for data management protection and privacy preservation of filesystems, databases, and outsourced cloud-storage solutions
- Know about the practical use of means to protect isolated components with technologies for software-enabled and hardware-backed isolation, and related support for trusted execution environments
General characterization
Code
11619
Credits
6.0
Responsible teacher
Henrique João Lopes Domingos
Hours
Weekly - 4
Total - 52
Teaching language
Português
Prerequisites
Students must have a prior background on distributed systems, computer networks and TCP/IP stack, foundations of operating systems, and good programming skills and practice in programmig distributed systems and applications, including the following:
- Foundations on Computer Networks, TCP/IP stack protocols and Internet operation
- Distributed Systems (DS): foundations, models, principles and paradigms
- DS application development with practical skills for related programming and debugging techniques
- Operating systems: foundations, operation of OS services and management of resources at the OS level with the use of shell-based OS tools and commands
- Good programming skills for the use of programming languages (ex., Java, Python, C# or C++ ), development and testing in shell/console environments (at operating system level), virtualization tools and solutions (ex., docker, use of VMs with hypervisors in solutions such as VMware or VirtualBox as examples), and common IDEs for software development environments (ex., Eclipse, IntelliJ, XCode or MS VStudio).
Bibliography
W. Stallings, Network Security Essentials - Applications and Services, Pearson, 6/E, 2021
W. Stallings, L. Brown, Computer Security: Principles and Practice, Pearson, 4/E, 2021
W. Stallings, Cryptography and Network Security - Principles and Practice, Pearson 8/E, 2020
P.C.Van Oorschot, Computer Security and the Internet, Springer, 2/E, 2021
Obs) Additional references for suggested readings of selected papers from scientific confereces and journals will be suggested in classes
Teaching method
Depending on the audience and enrolled students, classes may also be taught in English. The materials and bibliography are available in English language.
The lectures cover the various topics of the syllabus, where the topics presented, explained, and discussed. The methodology consists in presenting each topic with the related motivations, addressed problems, and related solutions, with a strong orientation for the analysis and discussion of benefits, issues, advantages, drawbacks, limitations or alternatives, and how to address the correct use of such solutions in system design and implementation purposes. Complementarily, short illustrative examples and practical demos can take place during the lectures, to address a more dynamic motivational for the learning objectives.
Laboratory classes follow a line of experimental examples in using tools and in addressing programming exercises with hand-on demonstrations in lab in a closely connection with the topics presented in lectures and in projecting practical experience for use in the course evaluation projects.
A significant part of lab actives are dedicated to the development of course projects in a follow-up methodology involving students in work-progress and evolutive demos, giving students the experience of how the concepts introduced in lectures can be applied in practice, with the related integration with the project goals.
Evaluation method
Evaluation components
Midterm frequency tests and final (apeal) exam
- T1: Midterm test with physical presence
- T2: Final frequency test with physical presence
- E: Final exam in appeal date, in case of necessary exam admission
Obs) Tests and exam with two parts: close-book part and open-book part (with only allowed use of paper-printed or hand-written and individual materials)
Practical frequency evaluation
- PI: Work/Mini-project assignment 1
- Project evaluation (group work): 80%
- Individual evaluation component: 20%
- PF: Final project assignment 2
- Project evaluation (group work): 80%
- Individual evaluation component: 20%
Observations on project assignments.
The development of PI and PF can be done individually or in a workgroup, wih two students/group. In addition to group work submission of materials in due dates, the evaluation requires demonstrations and discussions, with the persence of the group elements for lab and presencial demonstrations and possible discussion. Individualzed evaluation is conducted using the work-evolution and participation in lab activities, and individual contribution of each student for the groupwork if this is the case. Project assignments can include a summary-report (with a pre-defined format template), demonstration of experimentl results and compliance with the required objectives.
Other informations and delivery conditions of assigned projects or specific informations on the evaluation process will be included in project statements.
The evaluaton process can considerer optional or complementary elements of active individual participation and optional implementation of on-going exercises, during Lab practical activities. Beyond the mandatory project assignments and delivery, these elements can be used as optional elements for individual assessment valuation.
Evaluation rules and grade conditions
Frequency conditions for exam admission
- Evaluation equal than or above 7.5 in PI and PF components
- Frequency will be sufficient if PI is equal or above 7.5 and PF equal or above 7.5
- Evaluation equal than or above 9.5 combining PI (40%) and PF (60%)
Course grade conditions with frequency components
- Obtention of frequecy condition (above)
- Evaluation equal than or above 7.5 in each one of T1 and T2 components
- Evaluation equal than or above 9.5 combining T1 (40%) and T2 (60%)
- Final evaluation with frequency (NFF) equal than or above 9.5 in the combined weighing of PI, PF, T1 and T2, calculated in te following way:
- NFF = 20% PI + 25% PF + 25% T1 + 30% T2
- Exam admission:
- If frequency is obtained and NFF is less than 9.5
Course grade with final exam requires:
- Obtention of frequecy condition (above)
- Evaluation equal than or above to 9.5 in final exam (E)
- Final evaluation (NF) above or equal to 9.5 calculated in the following way:
- NF = 20% PI + 25% P2 + 55% E
Additional information
- All evaluation components (PI, PF, T1, T2 and E) will be published in a scale 0-20 points (rouding to decimals)
- Final evaluation will be published with rounding to units (scale 0-20 points)
Subject matter
Topics
- Introduction
- Applied cryptography: foundations, methods, algorithms and tools
- Authentication
- Access control models and methods
- Secure communication: secure communication protocols and Internet security
- Security protocols for computer networks
- Security standards in TCP/IP Stack
- Systems security
- Trusted computing and confidential computing