Systems Security

Lectures are on Mondays in room MS020 from 12.15 to 14.05. The practicals are in room MF124 from 14.15 to 17:05. The Syllabus lists some of the core texts and finer details of this module from an administrative viewpoint.  The Syllabus is here.

The philosophy of this module is to introduce the student to the issues that arise when we consider the security of computer networks, from both a “white-hat” (defensive), and “black-hat” (offensive) perspective.

Notes

Lecture 1: Overview and Crytographic Tools
Optional additional reading: Tor: The Second-Generation Onion Router by Dingledine et al.
Optional video clip Drinking from the caffeine firehose we know as shodan

Lecture 2: Database Security & Malicious Software
Optional additional reading: Cloud Security – A short primer by Joel-Ahmed Mondol.
Optional video clip: Importance of Good Cloud Security

Lecture 3: DoS, Intrusion Detection & Firewalls
Optional additional reading: Microsoft vs. Apple: Resilience against Distributed DoS Attack by Altunbasak et al.
Optional video clip: Three Generations of DoS Attacks

Lecture 4: Buffer Overflow & Software Security
Optional additional reading: A Taxonomy of Buffer Overflow Characteristics by Matt Bishop et al.
Optional video clip: Credit Cards: Everything You have Ever Wanted to Know

Lecture 5: Operating System Security Linux Security Windows Security
Optional additional reading: Can we make operating systems reliable and secure by Tanenbaum et al.
Optional video clip: 
You spent all that money and you still got owned

Lecture 6: Symmetric Encryption & Message Confidentiality
Optional additional reading: Securing Distributed Systems Using Symmetric Key Cryptography by Babu et al.
Optional video clip: Owning Bad Guys With Javascript Botnets

Lecture 7: Public Key Cryptography & Message Authentication
Optional additional reading: Why I wrote PGP by Phil Zimmermann.
Optional video clip: RFID Mythbusting

Lecture 8: Internet Security Protocols & Standards
Optional additional reading: A Survey on Security for Mobile Devices by La Polla et al.
Optional video clip: Cryptohaze Cloud Cracking by Bitweasil

Lecture 9: User Authentication & Internet Authentication Applications
Optional additional reading: Keystroke Dynamics for User Authentication by Zhong et al.
Optional video clip: More tricks for defeating SSL

Lecture 10: Wireless Network Security
Optional additional reading: A Lightweight Authentication Protocol for Secure Communications between Resource-Limited Devices and
Wireless Sensor Networks
by Ksiazak et al.
Optional video clip: My life as a spyware developer

Lecture 11: HR Security & Legal-Ethical Aspects
Optional additional reading: Legal, Ethical & Social Issues in the case of an Intrusive Remote Monitoring Software by McBrearty et al.
Optional video clip: Steal Everything, Kill Everyone, Cause Total Financial Ruin!

Lecture 12: Physical Security & Trusted Computing
Optional additional reading: It is Time for Trustworthy Systems by Hesier et al.
Optional video clip: Google Hacking for Penetration Testers

 

Labs

All practicals are placed on BlackBoard each week. Here are the contents of each lab during the 12 weeks.

 

Assignments

CLASS ASSIGNMENT 1 – 50% (Date: Week 6)
Class test during lab session on material covered in lab classes during weeks 1 to 5.

CLASS ASSIGNMENT 2 – 50% (Date: Week 12) 
Class test during lab session on material covered in labs during weeks 6 to 11.

Comments are closed.