2020-2021 / INFO0045-3

Introduction to computer security

Durée

30h Th, 6h Pr, 10h Labo., 30h Proj.

Nombre de crédits

 Master en science des données, à finalité5 crédits  
 Master : ingénieur civil en informatique, à finalité5 crédits  
 Master : ingénieur civil en informatique, à finalité (double diplômation avec HEC)5 crédits  
 Master : ingénieur civil en science des données, à finalité5 crédits  
 Master en sciences informatiques, à finalité5 crédits  
 Master en sciences informatiques, à finalité (double diplômation avec HEC)5 crédits  
 Master en sciences informatiques5 crédits  

Enseignant

Benoît Donnet

Langue(s) de l'unité d'enseignement

Langue anglaise

Organisation et évaluation

Enseignement au premier quadrimestre, examen en janvier

Horaire

Horaire en ligne

Unités d'enseignement prérequises et corequises

Les unités prérequises ou corequises sont présentées au sein de chaque programme

Contenus de l'unité d'enseignement

The course alternates theoretical lessons with practical ones. Three main themes  tackled during the semester are: cryptography, networking, and system security. The course is organized as follows:
Adminstrative Details
Introduction
Part 1: Cryptography

  • Chapter 1: Mathematics for Cryptography
  • Chapter 2: Concepts
  • Chapter 3: Symmetric Cryptography
  • Chapter 4: Asymmetric Cryptography
  • Chapter 5: Authentication
  • Chapter 6: Key Distribution
Part 2: Networking
  • Chapter 1: Networking Background
  • Chapter 2: Firewalls
  • Chapter 3: Proxies
  • Chapter 4: Intrusion Detection Systems
  • Chapter 5: Network Attacks
  • Chapter 6: Spam
  • Chapter 7: Virology
Part 3: System Security
  • Chapter 1: Passwords
  • Chapter 2: Exploits
  • Chapter 3: Web Security
  • Chapter 4: Biometry
  • Chapter 5: Access Control

Acquis d'apprentissage (objectifs d'apprentissage) de l'unité d'enseignement

The objective of this course is to provide a first vision of the computer security and raise students awareness of computers security.
At the end of the course, students will be able to:

  • defend needs of protection and security
  • identify advantages and drawbacks, in term of security, of a computer system
  • expose fundamental principles in the set-to against computer criminality
  • develop a computer-based solution to a security issue
In addition, each student will develop several practical skills related to computer security.  Finally, students will have the opportunity to improve their English skills.

Savoirs et compétences prérequis

Each student is supposed to be able to program with a classic programming language (C - equivalent to course INF0902 for CE students or to course INFO2050 for CS students).
In addition, the student must have a basic knowledge of networking (equivalent to course INFO0010) and computation structures (equivalent to course INFO0012).
To make easier laboratory sessions and assignments, each student should be familiar with a Unix environment (Linux, Mac OS X, Free BSD, OpenBSD).

Activités d'apprentissage prévues et méthodes d'enseignement

In addition to theoretical courses, several practical sessions are organized in order to illustrate the theoretical lessons.
First, two exercices sessions (cryptography, firewall rules) are proposed (in class).  Second, five labs (cryptography, firewall, network security, exploit, web attacks) are organised.  Those labs are based on VMs (available on the course website) and are supposed to be deployed on students' laptops.   Attending the labs is mandatory
Finally, two assignments (securying network + security news) are proposed over the semester.  Doing the assignmnents is mandatory.
The course is entirely given in English.

Mode d'enseignement (présentiel, à distance, hybride)

The course is given during the 1st semester. Theoretical lessons are based on slides. The audience is supposed to actively participate to lessons and to take additional notes. If possible, one or several seminars will be organized, seminars in which professional in computer security will give a talk.
Because of the Covid-19 pandemia, courses will be organized remotely (probably through eCampus/Collaborate), except the very first lesson (September 18th) that will be organized on-site (see the ULiège online calendar for the logistic).   All theoretical remote courses will be recorded and provided to students a few days after the session.

Adaptations organisationnelles liées au contexte sanitaire

The final exam of the course will be an oral exam.
On-Site Exam
If the sanitary situation is good enough, we will organize an on-site oral exam (same organization "as usual", i.e., closed book)
Remote Exam
The remote oral exam is open book. Students may thus have at their disposal all the course material (slides, labs, assignments, books). This means that questions will focus less on restitution and more on their understanding of the course concepts and on their capabilities to draw links between chapters/parts of the course.
Answers are supposed to be given orally, but the professor may allow students occasionally to draw a figure on paper and show it to the camera, if students feel more confortable with explaining a concept in this way.
The questions will be randomly chosen by the professor.
The oral exam will last 15min (no more) per student and will be organized through a video conference tool (Collaborate or WebEx).

Lectures recommandées ou obligatoires et notes de cours

Slides are available in electronic version (i.e., PDF) on the course web page. Exercises are also available on the web page. Students are supposed to have, before each lesson, the slides and exercises.  Lab and assignment subjects and VMs are made availabe on the course web page.
None book is mandatory. However, for students willing to go further, those books might be a good starting point (additional references are also provided in the slides):

  • N. Ferguson, B. Schneier, T. Kohno.  Cryptography Engineering: Design Principles and Practical Applications.  Ed. Wiley.  2010
  • B. Schneier.  Applied Cryptography: Protocols, Algorithms, and Source Code in C.  Ed. Wiley. 2015
  • M. T. Goodrich, R. Tamassia. Introduction to Computer Security. Ed. Pearson. 2010.
  • Wm. A. Conklin, G. G. White, C. Cothren, D. Williams, R. L. Davis. Principles of Computer Secrutiy. Security+ and Beyond. Ed. Mc Graw Hill Higher Eduction. 2004.
  • W. Stallings. Computer Security: Principles and Practice. Ed. Prentice Hall. 2011.
  • W. Stallings. Cryptography and Network Security: Principles and Practice. Ed. Pearson. 2010.
  • G. Avoine, P. Junod, P. Oechslin. "Computer System Security".  EPFL Press.  2007.
  • D. Vergnaud.  "Exercices et Problèmes de Cryptographie".  Editions Dunod. 2012.
  • W. Du.  "SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation". In Proc. ACM Technical Symposium on Computer Science Education.  March 2007.

Modalités d'évaluation et critères

Vous trouverez ci-dessous les modalités d'évaluation envisagées pour les examens en présentiel et à distance ainsi que celle souhaitée en cas de session hybride. En fonction de l'évolution sanitaire, la modalité choisie vous sera communiquée au plus tard un mois avant le début de la session d'examen.

Students are graded in two ways: continuous evaluation (45% of the final grade) and oral exam (55% of the final grade).
Continuous Evaluation
During the semester, students will be evaluated several times

  • Lab Reports.  A short report is expected at the end of each lab (a simple text file to fill in).  Those reports must be done individidually.  5 labs are scheduled, each of them accounting for 5% of the final grade
  • Assignment 1. this is about securying a network through NATs and firewalls configuration in iptables.  This assignment must be done by teams of two and counts for 15% of the final grade.
  • Assignment 2. each team (same as for Assignment 1) is required to give a 5 minute short presentation (+ 5min Q/A -- all in English) on recent information security related news published online (or in classic newspapers) after September, 18th, 2017.  The score will be given based on (1) the relevance of the news to the course; and (2) the cogency of the presentation. This assignment counts for 5% of the final grade.
Those continuous evaluations (assignments and lab reports) are all mandatory in order to access the oral exam.  In case of missing one (or more) of them, the student will not be allowed to present the exam and will get an absence grade.

Oral Exam
It is about the theoretical part of the course. Any student randomly selects one question and prepares its answer on the board. It counts for 55% of the final grade.
Resit
In case of failure in June, a student must:
  • improve Assignment 1 if the grade is below 10/20.  This must be done individually.  Assigment 1 will count for 15% of the final grade.  Note that if the assignment grade during the semester was above 10/20, the grade is automatically reported in the resit.  No support (Q/A, explanations) will be provided during the summer.
  • assignment 2 does count in the resit (there is no report neither improvement possible)
  • lab reports are taken into account if they turn to student advantage (i.e., lab report grades > oral exam grade).
  • the oral exam must be redone. It accounts either for 85% (no lab reports) or 60% (lab reports grades are integrated in the final grade)

Stage(s)

Remarques organisationnelles

The course is given during the first semester.

Contacts

Coordinator/Lecturer: Benoit Donnet -- Office 1.15 (B28)
TA: Justin Iurman -- Office 1.75 (B28)