Identification, Authentication and Authorization 2023/2024

Subject lectured to the 1st year of the Masters in Cybersecurity, regarding Identification, Authentication and Authorization approaches, tools and methodologies.

This edition will be lectured by professor João Paulo Barraca (email: jpbarraca@ua.pt). Teaching staff will be available by email and MS Teams, especially during the allocated tutoring slots. The use of the Teams platform for direct communication between students and staff is highly recommended. Official course contents will be available on this page, while grades will be available through the University Elearning platform (Elearning).

Classes will be lectured in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All lecture notes and laboratory guides will be made available in English. Examinations will be made available in either English or Portuguese according to the student preference.

Planning

According to the UA academic schedule, classes will be lectured from February 14th, until June 5th. The subject is composed by a 3 hours of theoretical/practical lectures, and 1 hour of optional tutoring, making a total of 4 hours per week of contact hours. It is expected that students spend an additional 2-3 hours per week exploring the concepts presented during the lectures and preparing the assignments. It is also expected them to make use of the tutoring times if they have questions or require some assistance. Please also use this times to validate the execution of the assignments.

The topics lectured in each class should be as presented in the following table. Changes may happen, so please check it frequently.

Important dates

• Project 1st part: March 23rd, 23:59 (initial report)
• Project 2nd part: June 1st, 23:59 (final report + code)
• T1: April 17, 2024, 15:30-17:30, room TBD
• Papers: May 10, 2024, 23:59
• T2 / E1: TBD
• E2: TBD

Grading

Theoretical component ($45%$)

• A first mid-term test (T1) on a Wednesday afternoon
• One second test (T2) on the date of the 1st exam
• Tests are optional, but delivery of the 1st test requires the completion of the 2nd test
• Each test counts for $50%$ of the theoretical component grade; test scores are rounded to tenths and added together to calculate the final score of the theoretical component
• The exam, both in the Regular Season (E1) and in the Appeal (E2), counts for $100%$ of the theoretical component’s grade

Practical component ($55%$)

• One project, carried out in groups of 2 students, worth 40% of the final grade
• A presentation of a scientific article, performed by groups of 4 students, worth $15%$ of the final grade
• The presentation of the article will be evaluated by faculty and peers

Final grade: weighted average of the grades of each component, rounded to the unit

• $Final$ = $\lfloor 0.45 \times Theoretical + 0.55 \times Practical + \frac{1}{2}\rfloor$
• $Theoretical$ = $round(max(T1 + T2, E1, E2))$
• $Practical$ = $round(20 \times \frac{project \times 0.4 + article \times 0.15}{0.55})$
• $T1, T2 \in [0, 10]$
• $E1, E2, project, article \in [0, 20]$
• $round(x) = \frac{\lfloor 10 \times x +\frac{1}{2} \rfloor}{10}$

Assessment in Appeal Period

• An optional theoretical exam (with a weight of $45%$ in the final grade of the UC)
• Students who took the tests can improve just one of them, or take a full exam (in either case, it never gets worse)
• A project to be announced after the end of the Normal Period (with a weight of $55%$ in the final grade of the UC)

Penalties for late deliveries

• The project and paper presentation will have to be delivered by a deadline
• After this limit, the penalty will be 1 value per day, proportional (charged to each late delivered component)

Notes

• Classes are not mandatory, but student absences will be recorded.

References

• Security in Computing, 5th Edition, C. P. Pfleeger, S. L. Pfleeger, J. Margulies, January 2015
• Computer Security Art and Science, 2nd Edition, Matt bishop, November 2018