System and Application SecurityFDA207, 2008VT
No of lectures
40 hours (25 lecture, 25 exercises)
100 hours self study
Both PhD students and MSc students can participate.
The course was last given
A relatively similar course was given ht 2006 (system and application security). If you have taken the earlier course, then this course is not recommended, due to the risk of content overlap.
This lecture introduces and discusses methods to secure computer
systems. The expected results of this lecture are that the attendees
know the security characteristics of individual computer systems
know how to build a secure system out of the above components
can analyze the security architecture of systems know best practices to exclude software flaws from design and implementation.
- Participants should have passed abasic security course.
- Basic knowledge in operating systems, distributed systems, software
engineering, and cryptography. Basic knowledge in programming in the C and Java programming languages in a Unix environment.
The theoretical material is presented at lectures. Case studies, laboratory work, and homework assignments are used to complement the lectures.
The first part of the course covers individual system's aspects starting with
tamperproof or tamper-resistant hardware in general over operating system
related security mechanisms to application software systems such as host based
intrusion detection systems. The main topics covered are:
tamperproof / tamper-resistant hardware, CPU support for security,
protection mechanisms in the kernel (virtual memory, system call
boundary), file system security (permissions / ACLs / network filesystem issues), IPC Security (sockets, bsd shared memory, sysv IPC), Windows Vista / SELinux / Solaris Zones, nmap os determination, intrusion detection (tripwire and others), user authentication (pw, kerberos, NIS, NIS+, etc.), secure file systems, monolithic vs other kernels.
In the second part, the focus is on system design and methodologies for large projects. The main question answered in this part is how to build a large secure system. Topics include: patch management, common
software faults (buffer overflows, etc.), writing secure software (design, architecture, QA, testing), compiler-supported security,
language-supported security (java...), logging and auditing (BSM audit, dtrace, ...), cryptographic support, TCG, secure file systems, common operating systems security issues.
Along the lectures, model cases will be elaborated and evaluated in the exercises.
Security in Computing, Charles P. Pfleeger, Shari Lawrence Pfleeger, 2006;
Security Engineering, Ross Anderson, 2001
more to come!
Germano Caronni, Nathalie Weiler.
To be determined later.
Page responsible: Director of Graduate Studies
Last updated: 2012-05-03