Learning Outcomes
Every computing system controls the access to its resources, which include sensitive data. To this end, each system has protects the data and controls the access to the parts which manage the protection. The root cause of all problems related to a system's security is the software. Malicious intruders exploit security holes and vulnerabilities, which are the result of bad design and bad implementation of software. In this course, we provide an holistic approach to the most important problems of software security and to the security mechanisms of computing systems.
We expect that in the frame of this course the students
- understand the fundamental issues and the technologies of computing systems security
- know the security threats and vulnerabilities at the levels of host, infrastructure, applications and services
- understand the principles and the mechanisms for access control
- will be familiarised with the design of appropriate protection to address security issues
- will be familiarised with facing intrusion scenarios and incidents of violation of system security
Course Content (Syllabus)
Common security issues and technologies - Security engineering guidelines and resources - Host-level threats, vulnerabilities (malware, eavesdropping, job faults, resource starvation etc) and solutions (sandboxing, virtualisation, resource management etc) - Infrastructure-level threats, vulnerabilities (network-level, storage etc) & solutions - Application-level threats and vulnerabilities (injection, cross-site scripting, improper session management etc) & solutions - Service-level threats and vulnerabilities (security requirements, threats, attacks) & solutions - Access control fundamentals - Verifiable security goals (information flow and models) - Security in operating systems - Security kernels and secure capability systems - Cloud security - Internet of Things security
Keywords
security of computing systems, software security, intrusion attacks, access control, information flow control
Additional bibliography for study
- A. Belapurkar, A. Chakrabarti, H. Ponnapalli, N. Varadarajan, S. Padmanabhuni, S. Sundarrajan, "Distributed Systems Security - Issues, Processes and Solutions", Wiley, 2009
- R. Anderson, "Security Engineering - A Guide to Building Dependable Distributed Systems", 2nd Edition, Wiley, 2008