2023-2024 / INFO8013-1

Advanced Computer Security

Duration

20h Th, 20h Labo., 30h Proj.

Number of credits

 Master of Science (MSc) in Computer Science and Engineering (Odd years, organized in 2023-2024) 5 crédits  
 Master of Science (MSc) in Computer Science and Engineering (double degree programme with HEC) (Odd years, organized in 2023-2024) 5 crédits  
 Master of Science (MSc) in Computer Science (Odd years, organized in 2023-2024) 5 crédits  
 Master of Science (MSc) in Computer Science (joint-degree programme with HEC) (Odd years, organized in 2023-2024) 5 crédits  

Lecturer

Benoît Donnet, Laurent Mathy

Language(s) of instruction

English language

Organisation and examination

Teaching in the second semester

Schedule

Schedule online

Units courses prerequisite and corequisite

Prerequisite or corequisite units are presented within each program

Learning unit contents

This course is the natural follow-up of INFO0045 (Introduction to Computer Security). The objectives behind this course are to extend students' knowledge on Computer Security by discussing and practicing up-to-date Computer Security concepts.

The course is divided in two parts. In the first part, a few theoretical lessons are provided on advanced concepts based on cryptography mechanisms usage (see below for the table of content). In the second part, students practice advanced concepts in Computer Security, such as side-channel attacks

Table of Content (Theoretical lessons)
Part 1: Advanced Cryptography (B. Donnet)

  • Chapter 1: Advanced Digital Signatures 
  • Chapter 2: Bank Card Payment
  • Chapter 3: Merkle Tree
  • Chapter 4: BlockChains
  • Chapter 5: Securing Bitcoin (SCRIPT)
  • Chapter 6: Securing Smart Contract (Solidity)
Part 2: Advanced System Security (L. Mathy)

  • Chapter 1: Side-Channels
  • Chapter 2: Trusted Computing
  • Chapter 3: Fuzzing

Learning outcomes of the learning unit

Upon completing this course, students will have a better understanding on how cryptography can be used through several use cases.  Students will also have a theoretical and practical introduction on how to secure smart contracts through the solidity programming language.

Finally, Students will improve their practical knowledge of Computer Security

This course contributes to the learning outcomes I.2, II.2, III.1, III.4, IV.3, IV.4, VI.1, VII.1, VII.6 of the MSc in computer science and engineering.

 

Prerequisite knowledge and skills

Good knowledge of basics in Computer Security (INFO0045 or assimilated), in Computer Networking (INFO0010 or assimilated), in Operating Systems (INFO0940 or assimilated), and in Computation Structure (INFO0012 or assimilated).

Being comfortable with programming in C (Students must be comfortable with pointers and memory management) and in Object-Oriented programming (e.g., Java) is also suitable.

Planned learning activities and teaching methods

The course is organized as follows:

  • Lectures (max 30 hours) describing in details the theoretical and practical concepts of the course
  • Lab sessions.  Labs are done individually and a short report (a simple text file to fill in or pieces of code) must be completed by the end of the lab

Mode of delivery (face to face, distance learning, hybrid learning)

Face-to-face course


Additional information:

Face-to-face lectures, lab sessions, and seminars.
The course is entirely given in English.

Recommended or required readings

Slides, labs, and assignment subjects are available on the course web page.

Following books have been used for building the theoretical lessons:

  • A. J. Menezes, P. C. van Oorschot, S. A. Vanstone. Handbook of Applied Cryptography. CRC Press. 5th Edition. August 2001
  • K. Finkenzeller. RFID Handbook, Fundamentals and Applications in Contactless Smartcards, Radio Frequency Identification, and Near-Field Communication. Ed. Wiley (3rd Edition). 2010.
  • A. Antonopoulos.  Mastering Bitcoin: Programming the Open Blockchain.  Ed. O'Reilley (2nd Edition).  2017.
  • A. Antonopoulos, G. Wood.  Mastering Ethereum: Building Smart Contracts and DApps.  Ed. O'Reilly (1st Edition).  2018
Additional references are provided throughout the slides, labs, assignment subject.

Exam(s) in session

Any session

- In-person

oral exam

Other : Labs


Additional information:

The evaluation will be based on supervised practical sessions (i.e., labs).  An oral exam will also be organized on theoretical lessons and possible seminars.

In more details:

  • Labs will account for 40% of the final grade
  • The Oral Exam (in June) will focus on theoretical lesson (1 or 2 question(s)).  It will account fro 60% of the final grade.
Presence at labs is mandatory.  Attending all the labs  is required for attending the oral exam.  In case of Lab absence, the student will receive an "Absence" grade (and automatically be postponed to the resit). 

Resit

Labs cannot be redone for the resit.  However, if the grade of the labs is favorable to the students, the resit session is identical to the first one, with the same weighting.

On the other hand, if the grade of the labs is not favorable to the student, it will not be taken into account in the weighting in September, which becomes 100% for the exam. Oral exam must be, obviously, redone.

Work placement(s)

Organisational remarks and main changes to the course

The course is organized during the Second term (from early February to mid-May), on Monday morning. All lectures are in English.

Contacts

Lecturers:

  • Benoit Donnet (mail -- office 1.87b/B28)
  • Laurent Mathy (mail -- office 1.15/B37)
Teaching Assistants:

  • Vincent Jacquot (mail -- office 1.72b/B28)
 

Association of one or more MOOCs

Items online

Course Web Site
The course web site contains PDF of the slides, labs/assignments subjects, details about gradings, and the course agenda.  It also allows students to interact with the Pedagogical Team through the Discussion forum.