Software and Computer Systems Security

Course Information
TitleΚυβερνοασφάλεια: Λογισμικό και Συστήματα / Software and Computer Systems Security
CodeCNSS107
FacultySciences
SchoolInformatics
Cycle / Level2nd / Postgraduate
Teaching PeriodWinter
CoordinatorPanagiotis Katsaros
CommonNo
StatusActive
Course ID600016163

Programme of Study: PMS DIKTYA EPIKOINŌNIŌN KAI ASFALEIA SYSTĪMATŌN (2018 éōs sīmera) PF

Registered students: 11
OrientationAttendance TypeSemesterYearECTS
Asfáleia SystīmátōnCompulsory Course belonging to the selected specialization (Compulsory Specialization Course)117.5

Class Information
Academic Year2018 – 2019
Class PeriodWinter
Faculty Instructors
Weekly Hours3
Class ID
600132029
Course Type 2011-2015
Specific Foundation / Core
Mode of Delivery
  • Face to face
Digital Course Content
Erasmus
The course is also offered to exchange programme students.
Language of Instruction
  • Greek (Instruction, Examination)
  • English (Instruction, Examination)
Learning Outcomes
Every computing system controls the access to its resources, which include sensitive data. To this end, each system has protects the data and controls the access to the parts which manage the protection. The root cause of all problems related to a system's security is the software. Malicious intruders exploit security holes and vulnerabilities, which are the result of bad design and bad implementation of software. In this course, we provide an holistic approach to the most important problems of software security and to the security mechanisms of computing systems. We expect that in the frame of this course the students - understand the fundamental issues and the technologies of computing systems security - know the security threats and vulnerabilities at the levels of host, infrastructure, applications and services - understand the principles and the mechanisms for access control - will be familiarised with the design of appropriate protection to address security issues - will be familiarised with facing intrusion scenarios and incidents of violation of system security
General Competences
  • Apply knowledge in practice
  • Adapt to new situations
  • Make decisions
  • Work autonomously
  • Work in teams
  • Advance free, creative and causative thinking
Course Content (Syllabus)
Common security issues and technologies - Security engineering guidelines and resources - Host-level threats, vulnerabilities (malware, eavesdropping, job faults, resource starvation etc) and solutions (sandboxing, virtualisation, resource management etc) - Infrastructure-level threats, vulnerabilities (network-level, storage etc) & solutions - Application-level threats and vulnerabilities (injection, cross-site scripting, improper session management etc) & solutions - Service-level threats and vulnerabilities (security requirements, threats, attacks) & solutions - Access control fundamentals - Verifiable security goals (information flow and models) - Security in operating systems - Security kernels and secure capability systems - Cloud security - Internet of Things security
Keywords
security of computing systems, software security, intrusion attacks, access control, information flow control
Educational Material Types
  • Slide presentations
  • Book
Use of Information and Communication Technologies
Use of ICT
  • Use of ICT in Course Teaching
  • Use of ICT in Communication with Students
Course Organization
ActivitiesWorkloadECTSIndividualTeamworkErasmus
Lectures39
Reading Assigment80
Written assigments56
Exams48
Total223
Student Assessment
Description
The students will be graded based on their performance in the final written exam. Their grade will get a bonus up to 25% depending on the performance of each student in the coursework that will be assigned (security problems) during the semester.
Student Assessment methods
  • Written Exam with Multiple Choice Questions (Summative)
  • Written Exam with Short Answer Questions (Summative)
  • Written Assignment (Formative)
  • Written Exam with Problem Solving (Summative)
Bibliography
Additional bibliography for study
- A. Belapurkar, A. Chakrabarti, H. Ponnapalli, N. Varadarajan, S. Padmanabhuni, S. Sundarrajan, "Distributed Systems Security - Issues, Processes and Solutions", Wiley, 2009 - R. Anderson, "Security Engineering - A Guide to Building Dependable Distributed Systems", 2nd Edition, Wiley, 2008
Last Update
27-10-2018