BME VIK - Számítógép-biztonság

vissza a tantárgylistához nyomtatható verzió

Computer Security

A tantárgy neve magyarul / Name of the subject in Hungarian: Számítógép-biztonság

Last updated: 2015. november 22.

Budapest University of Technology and Economics
Faculty of Electrical Engineering and Informatics

IT security minor specialization

Course ID	Semester	Assessment	Credit	Tantárgyfélév
VIHIMA06	2	2/1/0/v	4

3. Course coordinator and department Dr. Buttyán Levente,

4. Instructors Dr. Levente Buttyán Associate Professor HIT
Dr. Boldizsár Bencsáth Assistant Professor HIT

5. Required knowledge Operating Systems, Introduction to Programming

6. Pre-requisites

Kötelező:

NEM
(TárgyEredmény( "BMEVIHIMA21", "jegy" , _ ) >= 2
VAGY
TárgyEredmény("BMEVIHIMA21", "FELVETEL", AktualisFelev()) > 0)

A fenti forma a Neptun sajátja, ezen technikai okokból nem változtattunk.

A kötelező előtanulmányi rend az adott szak honlapján és képzési programjában található.

7. Objectives, learning outcomes and obtained knowledge The course aims at introducing the security problems in computing systems, as well as the principles, practical mechanisms, and tools used to solve them. The term computer is interpreted in a broad sense, and it includes personal computers, servers, mobile devices, and embedded computers. The course covers physical security and OS level security of computers, software security issues at the application level, secure programming, and the problem of malicious software (malware).

8. Synopsis Week 1: Introduction and motivations
Computer security problems in practice through illustrative examples, main computer security requirements, security at different levels of computer architectures.

Week 2-3: Security in operating systems
Detailed description of user authentication, authorization, and access control models, and their practical illustration with examples taken from Windows and Unix/Linux. Kernel integrity, process isolation, memory protection. Enhanced operating systems, e.g., Linux Security Modules and SELinux.

Week 4-5: Control flow attacks
Overview of program execution, function call and return mechanisms. Overflow attacks (stack overflow, heap overflow), format string attack, Return Oriented Programming (ROP), hooking techniques with illustrative examples.

Week 6-7: Software security
Security analysis and testing of software (code review, fuzzing), testing tools. Secure software development methodologies, illustrative examples. Characteristics of different programming languages (C/C++, Java, script languages) and framworks with respect to software security issues.

Week 8-9: Malicious software (malware)
Types of malware (viruses, worms, Trojans, etc.), their operation, spreading and hiding techniques (rootkits). Signature based and heuristic malware detection, handling malware incidents. Malware analysis (reverse engineering), static and dynamic analysis tools and methods in practice.

Week 10: Browser security
Security issues and built-in security mechanisms of modern browsers. Secruity problems with plug-ins and other helper objects.

Week 11: Mobile platform security
Security architecture of the Android and the iOS platforms, permission models. Types of mobil malware and their operation. Other security and privacy problems in mobil environments.

Week 12: Security in cloud based computing systems
Introduction of virtualization technologies, classification of virtualization approaches. Guest-to-guest, guest-to-host, and guest-to-hypervisor attacks in virtualized environments. Other attacks on virtualization. Detecting virtualization and methods to improve transparency.

Week 13: Physical security and tamper resistant devices
Levels of tamper resistance and the FIPS 140-2 standard. Attack methods used against tamper resistant devices: invasive and non-invasive attacks, side channel attacks, and API attacks. Smart cards and high-end hardware security modules (HSM).

Week 14: Trusted computing
Theoretical background of Trusted Computing, architecture of the Trusted Platform Module (TPM), operation of its functions and its protocols. Application domains of the TPM. The remote code attestation problem, and its potential solutions in different computing environments.

Classroom exercises extend the lectures by illustration of the usage of concrete security tools, and help deepening knowledge by solving challenges in the following domains:
1. Windows access control: illustrating complex configuration settings via examples
2. Linux access control: illustrating complex configuration settings via examples
3. Control flow attacks: illustrating stack overflow, heap overflow, and format string attacks via examples
4. Control flow attacks: illustration of Return Oriented Programming (ROP), and hooking techniques via examples
5. Security testing of software: showcasing the usage of concrete testing tools (e.g., fuzzing tools)
6. Static analysis of malware: illustrating usage of IDApro through the analysis of a malware sample
7. Dynamic analysis of malware behavior: illustrating the usage of the Cuckoo sandbox environment through the dynamic analysis of a malware sample

9. Method of instruction Lecture and classroom exercises.

10. Assessment Fulfilling the requirements of 2 homework projects (HW1, HW2).

Oral exam (E).

Final grade is calculated as 0.2*HW1 + 0.2*HW2 + 0.6*E (rounded to the closest integer)

12. Consultations Ad hoc meetings with the lecturer.

13. References, textbooks and resources Slides are available on the course web site with further recommended readings.

14. Required learning hours and assignment

Kontakt óra	42
Félévközi készülés órákra
Felkészülés zárthelyire
Házi feladat elkészítése	30
Kijelölt írásos tananyag elsajátítása
Vizsgafelkészülés	48
Összesen	120

15. Syllabus prepared by Dr. Levente Buttyán Associate Professor HIT

Budapest University of Technology and Economics, Faculty of Electrical Engineering and Informatics

Számítógép-biztonság