Computer Security - Datasäkerhet, dasakh10

NEWS

Re-exam: June 1, 2011, D41, 14-17h

Course evaluation form:

Extra lectures

Operating Systems, by Alexander Baltatzis,October 29, 15-17h, D3.

Computer Architecture, by Stefan Nilsson, November 4, 13-15h, D2.

Course Literature

William Stallings och Lawrie Brown, Computer Security: Principles and Practice,e.g., ISBN-10: 0136004245, ISBN-13: 9780136004240, ISBN-13: 9780135137116, Prentice Hall.
Further reading, free online -- Ross Anderson, Security Engineering.

Lab exercises

Lab 1, Secure E-Mail: GnuPG

Read the instructions. The lab exercise can be done remotely or at the lab sessions on Thursdays/Fridays. Needed public keys: course and buc. Course fingerprint: 2DC7 706F 7D2C 3F72 4239 D65B FD18 28DA DC09 C237, buc fingerprint: A3D2 4908 7018 2356 54B0 91F6 3A08 F33F DA85 291D . These can also be found on a different website. To get a bonus point for the exam, the lab steps have to be passed successfully and the report has to be handed in by Nov. 18, 2010, 23.59h CET. The last chance to finish the lab is on January 3, 2011, 23.59h CET.

Lab 2, Firewalls: Iptables

Read the instructions and prepare before the lab time. This lab exercise will be done at CSC, choose one of the slots:

Lab 3, Web attacks: XSS, XSRF

Read the instructions. You can do this lab remotely and/or come to the lab sessions if you have questions. To pass the lab, you will have to hand in successful attacks from the lab exercises. You can do this lab by yourself or in groups of up to 3 people. If you work together with anyone, mention this in the comments of the handed-in html files. The last chance to finish the lab is on January 3, 2011, 23.59h CET. To get a bonus point for the exam, hand in the solution to the exercises AND at least one of the Bonus Challenges by Dec. 10, 2010, 23.59h CET.
Update: you might find the php source files useful.

Lab 4, Selected topics presentations

Read the instructions. There are three parts: a short oral presentation, a short written report, and a peer assessment of another team's report. If you're looking for a partner or two, you can find them during the lecture break.

The presentation mini-conferences will be on Dec. 1, 13-17h; Dec. 2, 8-12h and 13-17h; Dec. 9, 13-17h; and Jan. 4, 13-17h. You can now reserve a time during one of these slots for your presentation. You are expected to participate in the full mini-conference (or for larger ones in either Part 1 or Part 2) you are presenting at. You are welcome to attend any and all of the mini-conferences!

Presentation program. Deadlines: For a bonus point: Report hand-in by Dec. 8, noon, you will be matched by Dec. 09, feedback hand-in by Dec. 10, 23.59h CET. Last chance: report hand-in Jan. 3, 2011, noon, feedback hand-in Jan. 5, 23.59h CET.

Lecture contents

1. Oct. 25, Course administration and introduction to Computer Security [chapter 1], slides.
   
2. Oct. 27, Cryptography [2,20], slides.
   
3. Nov. 01, Authentication [3], slides. password cracking.
   
4. Nov. 04, Access Control [4], slides.
   
5. Nov. 08, Intrusion Detection [6] slides.
   
6. Nov. 10, Firewalls [6,9] slides.
   
7. Nov. 15, Malware, Denial of Service [7,8] slides.
   
8. Nov. 17, Web Attacks, OWASP, TOP 10 attacks
   
9. Nov. 22, Buffer Overflows, Smashing the Stack for Fun and Profit [11], guest lecture by Pehr Söderman, slides
   
10. Nov. 24, Social Engineering, slides, more
    
11. Nov. 29, Models, Multi-Level Security [10], slides; Information flow guest lecture by Musard Balliu
    
12. Nov. 30, Programming/Software Engineering [12], slides
    
13. Dec. 06, Audits [15], slides; guest lecture by Mårten Trolin, slides
    
14. Dec. 07, Recap, buffer, slides
    

Schedule - Schema

here.

Exam

Re-exam date: June 1, 14-17h, D41

Exam date: December 14, 2010.

Bonus points are interchangeable with exam points, so they can take you e.g. from F to E

You can collect 3 bonus points in the lab exercises, previous exams had around 30 points, this exam will also follow that.

The exam has only one part, in contrast to older exams.