Computer Security -- EDA263
Spring semester, study period 3, 2015
(Course code DIT641 for Göteborg University)
News:
- [2015-12-28] The course homepage for 2015/2016 can be found here.
- [2015-05-15] Re-exam has been corrected and you should have gotten your results. The exam review is scheduled for Friday May 22, 12:00-12:45 (room EDIT 5128).
- [2015-04-13] Exam has been corrected and you should have gotten your results. The exam review is scheduled for Monday April 27, 11:30-12:30 (room EDIT 6128).
- [2015-03-13] Some of you asked for the original buffer overflow animation from class, so I added the original slide deck to lecture 3 below. Also updated the PDF for the base-rate fallacy (lecture 8, slide 26) as there was a typo.
- [2015-02-12] A version of the course book is available as an e-book
from the library but note that it is not exactly the same as the
printed official course book. Contact the lecturer if you would like to
compare the contents with the printed book.
- [2015-01-26] Reading instructions for version 3 of the book are now available and will be updated during the course. The offprint is also available on PingPong under "Documents".
- [2015-01-21] Reading instructions for version 3 of the book will be published during the weekend.
- [2014-12-02] The site for 2015 is up but under constructions. Last year's homepage is found here.
- [2014-10-01]
The course will participate in the Syssec 10k challenge to increase awareness.
Course Description
Examiner: Assistant Professor Magnus Almgren, phone: 031-772 1702, email: magnus.almgren
The Computer Security course gives a broad overiew of the security
area. The approach is largely technical, but the course will also
address the important societal implications of security (or rather lack
of security). Roughly, security deals with how to protect your system
against intentional intrusions and attacks. The purpose of intrusions
can be made to change or delete resourses (data, programs, hardware,
etc), to get unauthorized access to confidential information or
unauthorized use of the system's services. The course covers threats
and vulnerabilities as well as rules, methods and mechanisms for
protection. During a few lectures, a holistic security approach is
taken and organizational, business-related, social, human, legal and
ethical aspects are treated.
The Computer security course is the first within our Security specialization.
Recommended text book
Stallings & Brown: Computer Security,
Pearson, second edition, ISBN: 978-0-273-76449-6
Course Memo
The Course memo summarizes relevant information of the course.
Reading Instructions
Here are the reading instructions for the recommended course book (edition
two): reading instructions for 2nd edition, rev 150225-A.
Here are the reading instructions for the third edition: reading instructions for 3rd edition, rev 150225-A.
There are differences between the versions of the book, so we recommend
that you use the 2nd edition book (and always check the latest version
of the reading instructions for the 2nd edition for changes).
Lab Information
All information concerning the labs is found on the Lab page.
Course Material
The following course material is electronically available. Please note
that the lecture slides alone do not give a full coverage of the course
contents.
All lectures are given in a (lecture hall). As per the course memo, we
will only have Friday lectures for the first couple of weeks.
Lectures and slides
- Lecture 1: Introduction, Threats, Vulnerabilities, Protection
(Mon 2015-01-19, 13-15)
Course Introduction, Lab Intro, Vulnerabilities, threats, and protection mechanisms.
See also "Extra reading" = ER1 below.
- Lecture 2: UNIX Security, Malware 1
(Thu 2015-01-22, 10-12)
UNIX security, Introduction to Malware
DL 1: Salami attack
- Lecture 3: Malware II (cont'd)
(Fri 2015-01-23, 15-17)
Malware II, Loveletter virus, buffer overflow intro, buffer overflow detailed
See also "Extra reading" = ER3 below.
- Lecture 4: Authentication, Authorization and Access Control
(Mon 2014-01-26, 13-15)
Digital Watermarking,
Authentication and Access control, Passwords, smartphone malware,
DL 2: Password trading, DL 3: Password guessing, DL 4: Smartphone malware, DL 5: Testing biometric methods, DL 6: Bank card skimming
- Lecture 5: Introduction to Cryptology, Signatures, PKI, CA
(Thu 2015-01-29, 10-12)
An introduction to cryptology, Certificates and Trust
See also "Extra reading" = ER4 below.
- Lecture 6: Malware Defences, Firewalls (and Network Security Basics), Link and End-to-End Encryption, Operating Systems Security
(Thu 2015-01-30, 15-17)
Link and End-to-End encryption, Firewalls and NW Security Basics, Operating System Security, Malicious Code Defences, DL 7: Attacking Malicious Code
- Lecture 7: Network Attacks and Controls, Network Authentication, Kerberos, Denial-of-Service attacks
(Mon 2015-02-02, 13-15)
Denial-of-service attacks, Network attacks + network authentication -- Kerberos, Certificates and Trust
- Lecture 8: Intrusion Detection Systems, Intrusion Tolerance
(Thu 2015-02-05, 10-12)
Intrusion detection systems and honeypots, Intrusion tolerance, Kerberos vulnerability example
- Friday, 2015-02-06: NO LECTURE
- Lecture 9: Security Policies and Models
(Mon 2015-02-09, 13-15)
Security Policies and Models
- Lecture 10: Database security and Defensive programming
(Thu 2015-02-12, 10-12)
Database security, Defensive programming
Information for Lab 3
- Lecture 11: Security and Dependability Modelling and Metrics
(Mon 2015-02-16, 13-15)
Security and dependabiliy Modelling and Metrics
DL8:Identifying Suitable Attributes for Security and Dependability Metrication
See also "Extra reading" below
- Lecture 12: Risk Analysis, Human and Organisational Factors
(Thu 2015-02-19, 10-12)
Risk Analysis, Human and Organisational Factors, DL9:Why cryptosystems fail
- Lecture 13: Common Criteria, guest lecture by Magnus Ahlbin and Emilie Barse + key escrow, Swedish security actors and spam economics
(Mon 2015-02-23, 13-15)
Common criteria,
Key escrow,
Computer Forensics,
Swedish security actors,
DL10: Common Criteria - Introduction and General Model (partly)
DL11: Key Escrow systems taxonomy,
DL12: The Risks of Key Recovery,
DL13: Spam Economics
- Lecture 14: Side-channel attacks, ethics, course summary, examination
(Thu 2015-02-26, 10-12)
Side-channel attack, data remanence,
Ethics
DL14: Introduction to Side-channel attacks
DL15: Data remanence
DL16:The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research Companion (overviewish)
See also "Extra reading" = ER10 below.
Extra Reading
- Lecture 1: Here is a description of an attack and the resulting problems for a
private individual. Note the difference in assumptions between Amazon
and Apple regarding the privacy of the numbers of the credit card.
- Lecture 3: An article about how buffer overflows work in detail with code examples: Smashing the stack for fun and profit, Phrack Magazine vol. 7, issue 49
Jailbreaking your Iphone - shows how complicated attacks can be. Note the discussion about Address Space Layout Randomization, ASLR.
- Lecture 4: GPU cluster guesses 350 billion passwords per second (in Swedish).
- Lecture 5: Why cryptosystems fail
How to explain zero-knowledge protocols to your children
- Lecture 7: DoS attack against twitter (NY Times)
- Lecture 8: Ptacek and Newsham: Insertion, Evasion, and Denial of Service - Eluding Network Intrusion Detection
Honey Pots and Honey Nets - Security through Deception (SANS Institute)
- Lecture 9: A security model for military message systems: Retrospective, Carl E. Landwehr, Constance L. Heitmeyer, John D. McLean (accessible from Chalmers network)
- Lecture 10: Differential Privacy
- Lecture 11: Measurement Theory
- Lecture 14: The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research
Course Evaluation
- Information on the process of course evaluation is found on the Course Evaluation page.
- The
course representatives for the course 2014/2015 will be the following: (all emails in the chalmers
domain, student.chalmers.se)
Please contact them with any praise / concern that you may have.
- SORUSH AREFIPOUR, arefso@..., MPCSN
- ARBNOR BILJALI, arbnor@..., MPCSN
- PENG-KUN LIU, pengkun@..., MPALG
- ANTON LUNDÉN, lundena@..., TKDAT
- JOSEPH MUKAMA, mukama@..., MPCSN
- Introductory meeting took place the first/second study week.
- The mid-period meeting was held 2015-02-11. A summary is found here.
Examination dates 2014/2015 (preliminary)
Sat 2015-03-21 am, Sat 2015-04-18 am, Wed 2014-08-26 pm
Previous examinations
2015-04-18, 2015-03-21, 2014-03-15, 2014-01-18,
2013-08-28, 2013-03-12, 2013-01-17, 2012-08-29, 2012-03-08 + program for q5 2011-08-17, 2011-01-11, 2010-10-19, 2010-08-18, 2010-01-12, 2009-10-20
The following question from the exams above is no longer applicable:
2009-10-20 - 8c
URL for this page: http://www.cse.chalmers.se/edu/course/EDA263/index.html
Latest change 2015-02-18 by Erland Jonsson