1. Home
  2. NOVA School of Science and Technology
  3. Master in Computer Science and Engineering
  4. Network and Computer Systems Security

Network and Computer Systems Security

Objectives

Knowledge

  • Know and understand concepts and relevant terminology from reference security frameworks for security mechanisms, services and methods for computer systems and network security and Internet security 
  • Understand the fundamentals of computer systems security, network security services and security models and foundations for internet-based distributed systems
  • Learn about the relevant security standards on mechanisms, services and protocols for security services at different levels of TCP/IP stack and Internet security solutions.
  • Study of applied cryptography methods, techniques, tools and algorithms, knowing their security foundations, security properties and analysis models.
  • Know how to design secure communication protocols based on secure cryptographic constructions
  • Intrusion prevention, intrusion detection, intrusion recovery and mechanisms for intrusion tolerance
  • Know the security mechanisms provided at the level of operating systems
  • Know the security foundations for secure virtualization solutions in their different approach levels.
  • Know about the security mechanisms and solutions used for isolation, confinement, and attestation of critical SW components
  • Know solutions for trusted execution environments at software and isolated hardware level
  • Know about the principles and foundations of trusted and confidential computing
  • Know the principles, practical mechanisms and solutions for data privacy and privacy-preserved data-processing computations

Skills and competences

  • Know how to conduct vulnerability assessment or auditing activities with means, tools and exploits, learning how to use such tools in specific cases
  • Know how to implement security mechanisms for the protection of different security properties in communication protocols and secure communication channels for distributed systems 
  • Design, implementation and experimental assessment of security communication protocols and security services for distributed computer systems and networks
  • Know how to program with cryptographic methods and tools and how to design and use correctly secure cryptographic constructions in the development of secure communication protocols and to protect data in computer systems, with end-to-end security arguments.
  • Inspection tools for practical analysis, auditing and compliance of standard security protocols and good practices in the operation of security services in the TCP/IP stack for remote Internet services and applications
  • Develop practical skills for security management and use of means of integrity inspection, authentication, and access-control protection, using the correct mechanisms at the operating system level
  • Develop practical skills in using secure virtualization solutions, at different levels of approach
  • Design and implementation of mechanisms for data management protection and privacy preservation of filesystems, databases, and outsourced cloud-storage solutions
  • Know about the practical use of means to protect isolated components with technologies for software-enabled and hardware-backed isolation, and related support for trusted execution environments

General characterization

Code

11619

Credits

6.0

Responsible teacher

Henrique João Lopes Domingos

Hours

Weekly - 4

Total - 52

Teaching language

Português

Prerequisites

Students must have a prior background on distributed systems, computer networks and TCP/IP stack, foundations of operating systems, and good programming skills and practice in distributed systems programming principles and paradigms, including the following aspects:

  • Foundations on Computer Networks, TCP/IP stack protocols and Internet operation
  • Distributed Systems (DS): foundations, models, principles and paradigms
  • DS application development with practical skills for related programming and debugging techniques
  • Operating systems: foundations, operation of OS services and management of resources at the OS level with the use of shell-based OS tools and commands
  • Good programming skills for the use of programming languages (ex., Java, or Python, or C or C# or C++ )
  • Practical skills for development and testing with shell/console environments (at operating system or virtual machine level), use of virtualization tools and solutions (ex., docker, use of  VMs with hypervisors in solutions (ex., VMware or VirtualBox), 
  • Practical skills with common IDEs for software development environments (ex., Eclipse, or IntelliJ, or XCode or MS VStudio).

Bibliography

W. Stallings, Network Security Essentials - Applications and Services, Pearson, 6/E, 2021

W. Stallings, L. Brown, Computer Security: Principles and Practice, Pearson, 4/E, 2021

W. Stallings, Cryptography and Network Security - Principles and Practice, Pearson 8/E, 2023

P.C.Van Oorschot, Computer Security and the Internet, Springer, 2/E, 2021

Obs) Additional references for suggested readings of selected papers from scientific confereces and journals will be suggested in classes

Teaching method

Depending on the audience and enrolled students, classes may also be taught in English. The materials and bibliography are available in English language.

The lectures cover the various topics of the syllabus, where the topics presented, explained, and discussed. The methodology consists in presenting each topic with the related motivations, addressed problems, and related solutions, with a strong orientation for the analysis and discussion of benefits, issues, advantages, drawbacks, limitations or alternatives, and how to address the correct use of such solutions in system design and implementation purposes. Complementarily, short illustrative examples and practical demos can take place during the lectures, to address a more dynamic motivational for the learning objectives. 

Laboratory classes follow a line of experimental examples in using tools and in addressing programming exercises with hand-on demonstrations in lab in a closely connection with the topics presented in lectures and in projecting practical experience for use in the course evaluation projects.

A significant part of lab actives are dedicated to the development of course projects in a follow-up methodology involving students in work-progress and evolutive demos, giving students the experience of how the concepts introduced in lectures can be applied in practice, with the related integration with the project goals.

Evaluation method

The evaliation is cmposed by two types of evaluation components:

  • Theoretical/Practical evaluation based on frequecy tests
  • Practical work development based on evaluation projects

Thoretical/practical evaluation

  • 2 frequency tests: T1, T2
    • T1:  midterm test (25%)
    • T2:  final test (30%)
  • E: Exam (55%)
  • Tests and exam in a closed-book model. Communication and computation device are not allowed. However students can use a summary of four printed pages, as a personal and non-transferable reference element for tests or final exam. These pages must be delivered together with the test or exam.

Lab / Practical evaluation

  • 2 Projects: P1, P2 developed individually or in group of 2 students maximum
    • P1: midterm project (20%)
    • P2: final project (25%)
  • Evaluation criteria for the projects
    • Project evaluation (individual or group evaluation (70%)
    • Individual evaluation (30%)
    • Project delivery conditions can involve the availability of dvelopment code in a Git project repository with the required elements, submission of an electronic evaluation form with an auto-evaluation of addrssed requirements and achieved criteria, and summary report on achieved results.
    • Any other specific evaluation criteria for each project will be described in project statements
  • Individual classification is defined by individual merit in the development process of the programming project.  This component is measured by weighting the distribution of work among the elements of the group, as reported by the students in the project report, with the amount, difficulty, and relevance of individual work perceived through the commits in the group''''''''s GIT repository. Inividual evaluation can contain a bonus (until 10% of project evaluation) based on information of presence and particpation of students in class questions (on lectures) and evolutive practical exercices or demonstrations during lab classes.




Frequency approval condition

  • Minimum of 7,5/20 in all practical evaluation components

Condition for the course approval with frequency

  • Obtention of frequency approval condition
  • Minimum of 7,5/20 in each frequency test (test 1 and test2)
  • Minimum of 9,5/20 considering all evaluation components


Additional information

*) Both the teacher or the students can request an oral evaluation (with all the group members or just a subset) to present and discuss the project work done and reported, considering the versins and delivered materials on delivery dates, as well as, a discussion on autoevaluation process in the case of group-developments

All intermediate grade components evaluated in 0-20 scale

*) Previous obtained frequency condition in 2022/2023 or 2023/2024 is valid for 2024/2025

Subject matter

Summary Topics

  • Introduction
  • Cryptography: methods, models, algorithms, techniques and cryptographic tools
  • Authentication and system level authentication
  • User authentication
  • Access control models and methods
  • Network security and Internet communication security
  • Systems'' security
  • Trusted systems and confidential computing

---

Detailed Topics

  • Introduction
    • Computer systems and network security foundations
    • Internet security and privacy foundations
  • Cryptography: methods, models, algorithms, techniques and tools
    • Symmetric cryptography: block ciphers, security block modes and stream ciphers
    • Asymmetric cryptography and security parameterizations
    • Digital signatures with public key methods and standards
    • Secure hash functions and keyed hashing
    • Message authentication codes (MACs, HMACs and CMACs)
    • Key-Distribution protocols and algorithms
    • Authentication, public key certification and public key infrastructures
    • Post-Quantum Cryptography: principles, use and standards
  • System level authentication
    • Authentication protocols
    • Remote software attestation
  • User authentication
    • Authentication methods, types and factors
    • Authentication devices
    • Multifactor and multimodal authentication means
    • Identity management and Federated Identity Management
  • Access control
    • Access control methods and models
    • Identity management access control
    • IAM - Integrated Access Management Platforms
  • Network security and Internet security
    • Secure communication protocols and services
    • Internet security
    • TCP/IP Security standards
      • TLS, DTLS and SSH
      • IPSec and VPNs
      • Secure messaging
      • EMail security
      • DNS security and alternative solutions
  • Computer systems security
    • Operating system security
    • Virtualization and virtualization level security
    • Perimeter defense systems
    • Intrusion prevention and intrusion recovery means
    • Means for intrusion tolerance
  • Trusted computing
    • Methods, means and solutions for trusted computing
    • Isolation at hardware level
    • TPMs and Isolation with Trusted Execution Environments
    • Principles of confidential computing

Programs

Programs where the course is taught: