2017-2018 / INFO0045-3

Introduction to computer security

Duration

30h Th, 10h Pr, 8h Labo., 30h Proj.

Number of credits

 Master in data science (120 ECTS)5 crédits 
 Master of science in computer science and engineering (120 ECTS)5 crédits 
 Master in data science and engineering (120 ECTS)5 crédits 
 Master in computer science (120 ECTS)5 crédits 
 Master in computer science (60 ECTS)5 crédits 

Lecturer

Benoît Donnet

Language(s) of instruction

English language

Organisation and examination

Teaching in the second semester

Units courses prerequisite and corequisite

Prerequisite or corequisite units are presented within each program

Learning unit contents

The course alternates theoretical lessons with practical ones. Three main themes  tackled during the semester are: cryptography, networking, and system security. The course is organized as follows:
Adminstrative Details
Introduction
Part 1: Cryptography

  • Chapter 1: Mathematics for Cryptography
  • Chapter 2: Concepts
  • Chapter 3: Symmetric Cryptography
  • Chapter 4: Asymmetric Cryptography
  • Chapter 5: Authentication
  • Chapter 6: Key Distribution
Part 2: Networking
  • Chapter 1: Firewalls
  • Chapter 2: Proxies
  • Chapter 3: Intrusion Detection Systems
  • Chapter 4: Network Attacks
  • Chapter 5: Spam
  • Chapter 6: Virology
Part 3: System Security
  • Chapter 1: Passwords
  • Chapter 2: Exploits
  • Chapter 3: Web Security
  • Chapter 4: Biometry
  • Chapter 5: Access Control

Learning outcomes of the learning unit

The objective of this course is to provide a first vision of the computer security and raise students awareness of computers security.
At the end of the course, students will be able to:

  • defend needs of protection and security
  • identify advantages and drawbacks, in term of security, of a computer system
  • expose fundamental principles in the set-to against computer criminality
  • develop a computer-based solution to a security issue
In addition, each student will develop several practical skills related to computer security. Each student will be able to use cryptographic Java libraries. Further, he will be able to set up firewall and NAT policies through iptables. Finally, any student will have the opportunity to improve his English skills.

Prerequisite knowledge and skills

Each student is supposed to be able to program with a classic programming language (C - course INF0902 for CE students or course INFO2050 for CS students) and object oriented language (Java - course INFO0062).
In addition, the student must have a basic knowledge of networking (course INFO0010), operating systems (course INFO0940) and computation structures (course INFO0012).
To make easier laboratory sessions, each student should be familiar with a Unix environment (Linux, Mac OS X, Free BSD, OpenBSD).

Planned learning activities and teaching methods

In addition to theoretical courses, weekly exercises lessons are organized in order to illustrate the theoretical lessons.  Those lessons are organized in class, or in front of a computer in the algorithmic laboratory.
Several assignments and labs will be proposed during the semester.
The course is entirely given in English

Mode of delivery (face-to-face ; distance-learning)

The course is given during the 2nd semester. Theoretical lessons are based on slides. The audience is supposed to actively participate to lessons and to take additional notes. If possible, one or several seminars will be organized, seminars in which professional in computer security will give a talk.

Recommended or required readings

Slides are available, in printed format, at the Centrale des Cours. An electronic version (i.e., PDF) is also available on the course web page. Exercises are also available on the web page. Students are supposed to have, before each lesson, the slides and exercises.
None book is mandatory. However, for students willing to go further, those books might be a good starting point:

  • M. T. Goodrich, R. Tamassia. "Introduction to Computer Security". Person Ed., International Edition. 2010.
  • Wm. A. Conklin, G. G. White, C. Cothren, D. Williams, R. L. Davis. "Principles of Computer Secrutiy. Security+ and Beyond". Mc Graw Hill Higher Eduction Ed. 2004.
  • W. Stallings. "Computer Security: Principles and Practice". Prentice Hall Ed. 2011.
  • W. Stallings. "Cryptography and Network Security: Principles and Practice". Pearson Ed., International Edition. 2010.
  • G. Avoine, P. Junod, P. Oechslin. "Computer System Security".  EPFL Press.  2007.
  • D. Vergnaud.  "Exercices et Problèmes de Cryptographie".  Editions Dunod. 2012.
  • W. Du.  "SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation". Syracuse University. 2011.

Assessment methods and criteria

Students are graded in two ways: continuous evaluation (55% of the final grade) and oral exam (45% of the final grade).
Continuous Evaluation
During the semester, students will be evaluated several times

  • Written Test.  It will be based on paper exercices about the Cryptography part of the course.  The written test lasts 2 hours and counts for 15% of the final grade.
  • Lab Report 1.  A short report is expected at the end of the lab on Exploit (a simple text file to fill in).  This report must be done individidually.  The report counts for 5% of the final grade.
  • Lab Report 2.  A short report is expected at the end of the lab on Web attacks (a simple text file to fill in).  This report must be done individually .  It counts for 5% of the final grade
  • Assignment 1. this is about securying a network through NATs and firewalls configuration in iptables.  This assignment must be done by teams of two and counts for 15% of the final grade.
  • Assignment 2. each team (same as for Assignment 1) is required to give a 5 minute short presentation (+ 5min Q/A -- all in English) on recent information security related news published online (or in classic newspapers) after September, 18th, 2017.  The score will be given based on (1) the relevance of the news to the course; and (2) the cogency of the presentation. This assignment counts for 5% of the final grade.
Those continuous evaluations are all mandatory in order to access the oral exam.  In case of missing one (or more) of them, the student will not be allowed to present the exam and will get an absence grade.
Oral Exam
It is about the theoretical part of the course. Any student randomly selects one question and prepares its answer on the board. It counts for 45% of the final grade.
Resit
In case of failure in June, a student must:
  • improve Assignment 1 if the grade is below 10/20.  This must be done individually.  Assigment 1 will count for 15% of the final grade.  Note that if the assignment grade during the semester was above 10/20, the grade is automatically reported in the resit.  No support (Q/A, explanations) will be provided during the summer.
  • assignment 2 does count in the resit (there is no report neither improvement possible)
  • the oral exam must be redone.  Note that, in case of failue to the written test and/or Lab 1 and/or Lab 2 reports, the student may also have a "practical question" (e.g., RSA calculation, Chinese Remainder Theorem, etc.).  The oral exam, during the resit, counts for 85% of the final grade.

Work placement(s)

Organizational remarks

The course is given during the second semester.

Contacts

Teacher: Benoit Donnet (email(benoit.donnet@ulg.ac.be) -- Office 1.15 (B28) )
TA: Yves Vanaubel (email(yves.vanaubel@run.montefiore.ulg.ac.be) -- Office R.85a (B28))

Items online

Course Web Site
The course Web site is of the highest importance as it covers contact information, PDFs, course agenda, and assignment subjects.