460-2040/03 – Computer Security (PB)

Gurantor departmentDepartment of Computer ScienceCredits4
Subject guarantorIng. Pavel Moravec, Ph.D.Subject version guarantorIng. Pavel Moravec, Ph.D.
Study levelundergraduate or graduateRequirementOptional
Year3Semestersummer
Study languageCzech
Year of introduction2019/2020Year of cancellation
Intended for the facultiesFEIIntended for study typesBachelor
Instruction secured by
LoginNameTuitorTeacher giving lectures
KRU13 Mgr. Ing. Michal Krumnikl, Ph.D.
MOR03 Ing. Pavel Moravec, Ph.D.
OH140 RNDr. Eliška Ochodková, Ph.D.
Extent of instruction for forms of study
Form of studyWay of compl.Extent
Full-time Credit and Examination 2+2
Part-time Credit and Examination 18+0

Subject aims expressed by acquired skills and competences

Familiarize students with the basic principles of computer security. After completing the course the student will be able to: - identify and recognize different attacks - discern typical errors that are exploitable by an attacker and avoid them when creating software components - use intrusion detection and prevention techniques - identify and use a known block and stream ciphers - implement secure applications and write safe code

Teaching methods

Lectures
Tutorials
Experimental work in labs
Project work
Other activities

Summary

The aim of this subject is to is to familiarize students with the basic principles of computer security, vulnerabilities, attacks and defence against them. The topics cover the security of operating systems and their vulnerabilities, security applications (web, databases), malicious software, etc. Great emphasis is placed on the practical coverage of individual topics.

Compulsory literature:

1. Stallings, W.:Cryptography and Network Security: Principles and Practice, Prentice Hall 5th edition 2010, ISBN: 0136097049 2. Seacord, R. C.: Secure Coding in C and C++, Addison-Wesley 2005, ISBN 0321335724

Recommended literature:

1. Tanenbaum, A.S.: Computer Networks, Prentice Hall 5th edition 2010, ISBN: 0132126958 2. Menezes, A. J., Van Oorschot, P. C., Vanstone, S. A.: Handbook of Applied Cryptography, CRC Press, 1997, ISBN: 9780849385230 3. Scarfone, K. and Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS), NIST 2007, http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf

Way of continuous check of knowledge in the course of semester

Verification of study: Tasks solved during exercises that verify students' ability to apply theory to practical assignments. Examination will be done in written form.

E-learning

Other requirements

Basic knowledge of computer networks and their operation is expected.

Prerequisities

Subject codeAbbreviationTitleRequirement
460-2006 POS Computer Networks Recommended
460-2010 PJ I Programming Languages I Recommended
460-2012 PJ II Programming Languages II Recommended
460-2016 OSY Operating Systems Recommended

Co-requisities

Subject has no co-requisities.

Subject syllabus:

Lectures 1. Basic concepts and principles of security (security vs usability, security functions and mechanisms, attack types, threats, vulnerabilities, risks, backup mechanisms, ...). 2. Detection, prevention and mitigation of the effects of individual attacks on the service (load balancers, proxy, honeypot). 3. Cryptography: Block and stream ciphers, implementation of a secure channel, data encapsulation of serializable objects, public key infrastructure. 4. Security of Internet application protocols. 5. Development of safe applications (general principles, the most common vulnerabilities, database security, security of web applications). 6. Security of mobile platforms (data transfer and storage, security features of mobile OS, application distribution and signatures). 7. Hardware security features (cards, chips, reverse engineering). 8. Introduction to Digital Forensics (collection of information from systems, analysis, evaluation) 9. Creating secure code (static code analysis, obfuscation, buffer overflow, boundary conditions). 10. Malware (viruses, spyware, infection, detection of malware, social engineering) Computer labs Labs follow the issues discussed in the lectures. Their main aim is the practical demonstration and evaluation of individual topics as well as the analysis, administration, configuration and testing of security mechanisms. 1. Introduction to penetration testing. 2. Honeypot and load balancer configuration, attack simulation, detection techniques. 3. Application of block ciphers in network protocols. 4. Implementation of cryptographic schemes. 5. In-depth protocol analysis with packet analyzer, analysis of encrypted communication 6. Demonstration of known vulnerabilities: XSS, SQL injection, buffer overflow, … 7. Attacks on application layer protocols, including HTTP. 8. Attacks on mobile devices and platforms. 9. Usage of modern computation technologies for implementation of attacks against wireless networks. 10. Log analysis and forensic analysis of recorded attack.

Conditions for subject completion

Full-time form (validity from: 2019/2020 Winter semester, validity until: 2021/2022 Winter semester)
Task nameType of taskMax. number of points
(act. for subtasks)
Min. number of pointsMax. počet pokusů
Credit and Examination Credit and Examination 100 (100) 51
        Credit Credit 45 (45) 20
                Lab assignments Laboratory work 45  20
        Examination Examination 55  22 3
Mandatory attendence participation: Attending at least 70% of labs during the semester in a way which meets the credit criteria.

Show history

Conditions for subject completion and attendance at the exercises within ISP:

Show history

Occurrence in study plans

Academic yearProgrammeBranch/spec.Spec.ZaměřeníFormStudy language Tut. centreYearWSType of duty
2024/2025 (B0613A140014) Computer Science P Czech Ostrava 3 Optional study plan
2024/2025 (B0613A140014) Computer Science K Czech Ostrava 3 Optional study plan
2024/2025 (B0714A060010) Telecommunication Technology KB P Czech Ostrava 3 Choice-compulsory type A study plan
2024/2025 (B0714A150003) Computer Systems for the Industry of the 21st. Century INF P Czech Ostrava 3 Compulsory study plan
2024/2025 (B0541A170008) Computational and Applied Mathematics P Czech Ostrava 3 Optional study plan
2024/2025 (B0541A170008) Computational and Applied Mathematics K Czech Ostrava 3 Optional study plan
2024/2025 (B0714A060010) Telecommunication Technology KB K Czech Ostrava 3 Choice-compulsory type A study plan
2023/2024 (B0613A140014) Computer Science INF K Czech Ostrava 3 Compulsory study plan
2023/2024 (B0613A140014) Computer Science INF P Czech Ostrava 3 Compulsory study plan
2023/2024 (B0714A150003) Computer Systems for the Industry of the 21st. Century INF P Czech Ostrava 3 Compulsory study plan
2023/2024 (B0541A170008) Computational and Applied Mathematics P Czech Ostrava 3 Optional study plan
2023/2024 (B0541A170008) Computational and Applied Mathematics K Czech Ostrava 3 Optional study plan
2023/2024 (B0714A060010) Telecommunication Technology KB K Czech Ostrava 3 Choice-compulsory type A study plan
2023/2024 (B0714A060010) Telecommunication Technology KB P Czech Ostrava 3 Choice-compulsory type A study plan
2022/2023 (B0613A140014) Computer Science INF K Czech Ostrava 3 Compulsory study plan
2022/2023 (B0613A140014) Computer Science INF P Czech Ostrava 3 Compulsory study plan
2022/2023 (B0714A150003) Computer Systems for the Industry of the 21st. Century INF P Czech Ostrava 3 Compulsory study plan
2022/2023 (B0714A060010) Telecommunication Technology KB P Czech Ostrava 3 Choice-compulsory type A study plan
2022/2023 (B0714A060010) Telecommunication Technology KB K Czech Ostrava 3 Choice-compulsory type A study plan
2022/2023 (B0541A170008) Computational and Applied Mathematics K Czech Ostrava 3 Optional study plan
2022/2023 (B0541A170008) Computational and Applied Mathematics P Czech Ostrava 3 Optional study plan
2022/2023 (B2647) Information and Communication Technology (2612R025) Computer Science and Technology P Czech Ostrava 3 Optional study plan
2022/2023 (B2647) Information and Communication Technology (2612R025) Computer Science and Technology K Czech Ostrava 3 Optional study plan
2021/2022 (B0613A140014) Computer Science INF P Czech Ostrava 3 Compulsory study plan
2021/2022 (B0613A140014) Computer Science INF K Czech Ostrava 3 Compulsory study plan
2021/2022 (B0714A150003) Computer Systems for the Industry of the 21st. Century INF P Czech Ostrava 3 Compulsory study plan
2021/2022 (B0713A060007) Automotive Electronic Systems P Czech Ostrava 3 Compulsory study plan
2021/2022 (B0714A060010) Telecommunication Technology KB P Czech Ostrava 3 Choice-compulsory type A study plan
2021/2022 (B0714A060010) Telecommunication Technology KB K Czech Ostrava 3 Choice-compulsory type A study plan
2021/2022 (B0541A170008) Computational and Applied Mathematics P Czech Ostrava 3 Optional study plan
2021/2022 (B0541A170008) Computational and Applied Mathematics K Czech Ostrava 3 Optional study plan
2021/2022 (B2660) Computer Systems for the Industry of the 21st. Century P Czech Ostrava 3 Compulsory study plan
2021/2022 (B3973) Automotive Electronic Systems P Czech Ostrava 3 Compulsory study plan
2021/2022 (B2647) Information and Communication Technology (2612R025) Computer Science and Technology P Czech Ostrava 3 Optional study plan
2021/2022 (B2647) Information and Communication Technology (2612R025) Computer Science and Technology K Czech Ostrava 3 Optional study plan
2020/2021 (B0714A150003) Computer Systems for the Industry of the 21st. Century INF P Czech Ostrava 3 Compulsory study plan
2020/2021 (B0613A140014) Computer Science INF K Czech Ostrava 3 Compulsory study plan
2020/2021 (B0613A140014) Computer Science INF P Czech Ostrava 3 Compulsory study plan
2020/2021 (B3973) Automotive Electronic Systems P Czech Ostrava 3 Compulsory study plan
2020/2021 (B0714A060010) Telecommunication Technology KB P Czech Ostrava 3 Choice-compulsory type A study plan
2020/2021 (B0714A060010) Telecommunication Technology KB K Czech Ostrava 3 Choice-compulsory type A study plan
2020/2021 (B0541A170008) Computational and Applied Mathematics P Czech Ostrava 3 Optional study plan
2020/2021 (B0541A170008) Computational and Applied Mathematics K Czech Ostrava 3 Optional study plan
2020/2021 (B0713A060007) Automotive Electronic Systems P Czech Ostrava 3 Compulsory study plan
2019/2020 (B0714A060010) Telecommunication Technology KB P Czech Ostrava 3 Choice-compulsory type A study plan
2019/2020 (B0714A150003) Computer Systems for the Industry of the 21st. Century INF P Czech Ostrava 3 Compulsory study plan
2019/2020 (B3973) Automotive Electronic Systems P Czech Ostrava 3 Compulsory study plan
2019/2020 (B0541A170008) Computational and Applied Mathematics P Czech Ostrava 3 Optional study plan
2019/2020 (B0541A170008) Computational and Applied Mathematics K Czech Ostrava 3 Optional study plan
2019/2020 (B0714A060010) Telecommunication Technology KB K Czech Ostrava 3 Choice-compulsory type A study plan
2019/2020 (B0613A140014) Computer Science INF P Czech Ostrava 3 Compulsory study plan
2019/2020 (B0613A140014) Computer Science INF K Czech Ostrava 3 Compulsory study plan

Occurrence in special blocks

Block nameAcademic yearForm of studyStudy language YearWSType of blockBlock owner

Assessment of instruction



2022/2023 Summer
2021/2022 Summer