Hide menu

System and Application Security

2007HT

Status Cancelled
School Computer and Information Science (CIS)
Division ADIT
Owner Nahid Shahmehri

Moved to spring 2008.
This is an intensive course.
The planned period for lectures: 21.1 to 25.1, 2008.

  Log in  




Course plan

No of lectures

40 hours (25 lecture, 25 exercises)

100 hours self study

Recommended for

Both PhD students and MSc students can participate.

The course was last given

New course.

A relatively similar course was given ht 2006 (system and application security). If you have taken the earlier course, then this course is not recommended, due to the risk of content overlap.

Goals

This lecture introduces and discusses methods to secure computer
systems. The expected results of this lecture are that the attendees
know the security characteristics of individual computer systems
know how to build a secure system out of the above components
can analyze the security architecture of systems know best practices to exclude software flaws from design and implementation.

Prerequisites

- Participants should have passed abasic security course.

- Basic knowledge in operating systems, distributed systems, software
engineering, and cryptography. Basic knowledge in programming in the C and Java programming languages in a Unix environment.

Organization

The theoretical material is presented at lectures. Case studies, laboratory work, and homework assignments are used to complement the lectures.

Contents

The first part of the course covers individual system's aspects starting with tamperproof or tamper-resistant hardware in general over operating system related security mechanisms to application software systems such as host based intrusion detection systems. The main topics covered are:
tamperproof / tamper-resistant hardware, CPU support for security,
protection mechanisms in the kernel (virtual memory, system call
boundary), file system security (permissions / ACLs / network filesystem issues), IPC Security (sockets, bsd shared memory, sysv IPC), Windows Vista / SELinux / Solaris Zones, nmap os determination, intrusion detection (tripwire and others), user authentication (pw, kerberos, NIS, NIS+, etc.), secure file systems, monolithic vs other kernels.

In the second part, the focus is on system design and methodologies for large projects. The main question answered in this part is how to build a large secure system. Topics include: patch management, common
software faults (buffer overflows, etc.), writing secure software (design, architecture, QA, testing), compiler-supported security,
language-supported security (java...), logging and auditing (BSM audit, dtrace, ...), cryptographic support, TCG, secure file systems, common operating systems security issues.

Along the lectures, model cases will be elaborated and evaluated in the exercises.

Literature

Reference Material
Security in Computing, Charles P. Pfleeger, Shari Lawrence Pfleeger, 2006;

Security Engineering, Ross Anderson, 2001
more to come!

Lecturers

Germano Caronni, Nathalie Weiler.

Examiner

Nahid Shahmehri

Examination

To be determined later.

Credit

6 ects.

Comments


Page responsible: Director of Graduate Studies