Security in Informatics and in the Organizations 2018/2019

This page contains the theoretical and practical contents of the SIO course. For last year’s contents, please check prof André Zúquete web page.

  1. General Information
  2. Planning
  3. Grading
  4. Theoretical Classes
  5. Practical Classes
  6. Documentation
  7. Useful Software
  8. Useful Links

General Information

This subject belong to the 3rd year of the LEI degree, following the description present at the official webpage

This years’ edition will be managed by professor João Paulo Barraca (email: jpbarraca@ua.pt), and lectured in coordination with professor Vitor Cunha (email: vitorcunha@ua.pt), who will be permanently available by email and Slack (#security), as well as during the allocated tutoring slots.

Classes will be presented in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All content is developed in the English language.

As requirements for this subject, students should be aware that this subject requires a reasonable knowledge and comprehension of several networking, software and operating system topics, such as: the C/Python/Java languages, linux administration and console usage (mostly Debian and Arch), virtual machines, sockets, HTTP and HTML, asynchronous applications, hardware architectures.

(back to top)

Planning

According to the UA calendar classes start at September 17th, and end on December 21st. The subject is composed by a 2h theoretical class and a 2h practical class, making a total of 4 hours per week of lectures. It is expected that students spend an additional 2 hours per week exploring the concepts presented during the lectures, and should make use of the tutoring times. Theoretical classes will present key concepts related to the security of modern computer systems, and its application to organizations. The practical classes will be focused in the exploration of these concepts, and in the exploration and analysis of popular security attacks.

On Tuesday at 14h, the professors will be available for assisting the students in the comprehension of the topics presented, or discussing the elaboration of the practical exercises and projects.

# Date Theoretical class Practical class
1 Sep 17 Introduction Vulnerabilities: LAN security
2 Sep 24 Vulnerabilities Vulnerabilities: XSS and SQL Injection (HTML, HTTP, JS, SQL)
3 Oct 1 Cryptography Cryptography (Python or Java)
4 Oct 8 Cryptography Cryptography (Python or Java)
5 Oct 15 Cryptography Cryptography (Python or Java)
6 Oct 22 Management of Asymmetric Keys Certification Chains
7 Oct 29 Smartcards: PTEID SmartCards and PKCS #11 (PTEID, Java or Python)
8 Nov 5 Authentication Secure communications with SSL
9 Nov 12 Authentication Secure Communications with SSL)
10 Nov 19 Security in IEEE 802.11 WN Secure Communications with SSH
11 Nov 26 Security in IEEE 802.11 WN Firewalls with iptables (Linux)
12 Dec 3 Network Filtering with Firewalls Security in Operating Systems (Linux or Windows)
13 Dec 10 Security in Operating Systems Secure File Systems (Linux, C or Python)
14 Dec 17 Secure and Redundant Storage Common uses of Cryptography

(back to top)

Grading

Grades will be posted the elearning page. All partial grades presented will be rounded to the hundredths (X.XX).

Attendance Rules

Students can choose to attend the theoretical classes, and is highly recommended they do so every week. Attendance to practical classes is mandatory and students faults will be recorded.

According to the current regulation, students must be present at 80% of the practical classes. For this edition that results in a maximum of 2 unjustified faults. If a student exceeds the number of faults allowed, it will automatically fail the subject and won’t be allowed at any other evaluation event during the current academic year.

Grading rules

Grading will be composed by two components, each contributing with 10 points (50%) to the final grade.

  1. Theoretical Component:
    • Option 1: 1 intermediate test, and 1 final test, each worthing half of this component points.
    • Delivering the intermediate test implies following Option 1 (i.e. students cannot do the final exam)
    • Option 2: 1 final exam that includes all topics, worthing 20 points (in 20)
    • Dates:
      • Intermediate Test (IT): TBD
      • Final Test (FT): TBD
      • Final Exam (FE): TBD
    • Final Theoretical Grade: (IT + FT) or (FE)
    • Minimal grade of this component: 8.50 in 20
      • i.e. $it + ft >= 8.50 \text{ or } fe >= 8.50$
  2. Practical Component:
    • Development of one project by a group of 2 students. Exceptionally 3 may be allowed after explicit authorization.
      • groups with additional members will be penalized by 1 point per extra member ({attach}per project).
      • groups with one member will have a bonus of 10%
      • groups with three members will have a penalty of at least 10%
    • There will be only a final delivery
    • Minimal grade of this component: 8.50 in 20
      • i.e. $proj >= 8.50$

Recurso”

Grading will be composed by two components, each contributing with 10 points (50%) to the final grade.

  1. Theoretical Component: Mandatory theoretical exam

    • Minimal grade of this component: 8.50 in 20
    • Will replace the grade of the theoretical component obtained during the semester
  2. Practical Component: Optional practical project

    • Development of one project by single student
    • Optional but subject to the following rules:
      • All previous grades will be discarded
      • The corresponding theoretical exam is mandatory
      • Students can only enroll after they completed the corresponding theoretical exam, and achieved a grade of at least 8.50 in 20.

(back to top)

Theoretical classes

  1. Introduction: Slides

  2. Vulnerabilities: Slides

  3. Cryptography: Slides

  4. Management of Asymmetric Keys: Slides

  5. SmartCards - PTEID: TBA

  6. Authentication: TBA

  7. Security in IEEE 802.11 WN: TBA

  8. Network Filtering with Firewalls: TBA

  9. Security in Operating Systems: TBA

  10. Secure and Redundant Storage: TBA

(back to top)

Practical Classes

Project: Assignment

(back to top)

Virtual Machine

Students can use a preconfigured virtual machine (distributed in a compressed format), containing most of the software required during the practical classes.

In order to use the image, create a VirtualBox virtual machine and then add the image as a Disk. To optimize performance and disk space, select the options to use the Host Cache, and to set the disk as a Solid State Drive.

(back to top)

Exams

TBA

Exams from previous editions are available here

(back to top)

Useful Software

(back to top)

Books

(back to top)

(back to top)

Fiction and Historical Content

(back to top)