Security of computer systems
General data
Course ID: | 1000-215bBSK |
Erasmus code / ISCED: |
11.303
|
Course title: | Security of computer systems |
Name in Polish: | Bezpieczeństwo systemów komputerowych |
Organizational unit: | Faculty of Mathematics, Informatics, and Mechanics |
Course groups: |
Obligatory courses for 3rd grade Computer Science Obligatory courses for 3rd grade JSIM (3I+4M) Obligatory courses for 4th grade JSIM (3M+4I) |
ECTS credit allocation (and other scores): |
5.00
|
Language: | Polish |
Type of course: | obligatory courses |
Requirements: | Computer networks 1000-214bSIK |
Short description: |
The goal of the course is to make students familiar with the fundamental problems in security of information systems. |
Full description: |
The goal of the course is to make students familiar with the fundamental problems of information systems. The course covers in particular the information systems threats for the confidentiality, integrity and availability of data; security models and security classes of the information systems (TCSEC, ITSEC, EAL); the development of the security policies in information systems; the elements of cryptography; the electronic signature and public key infrastructure, models of authorisation, access control strategies, the security of communication protocols and applications. The course will present the problems of secure programming, the monitoring tools and the tools to analyse the protection mechanisms, the local and network systems to discover intruder attacks and to protect against them, the environments with increased security, supporting services (e.g. Kerberos, secure directory services). |
Bibliography: |
WWW applications: * articles on various types of vulnerabilities (XSS, SQL Injection, XXE, ...) on the Sekurak website, * articles from the PortSwigger Web Security Academy section: https://portswigger.net/web-security, * tasks from the Root Me website (https://root-me.org/) from the Web category, * Michał Bentkowski, Gynvael Coldwind and others: Security of Web Applications. Reverse engineering: * FAQ: How to learn reverse-engineering: https://gynvael.coldwind.pl/?id=664, * book Reverse Engineering for Beginners: https://beginners.re/. Binary exploitation: * Tasks from the website https://pwnable.kr/, * Tasks from the website https://pwnable.xyz/, * course and assignments from https://pwn.college/. Cryptography: * Cryptography I on Coursera.org (free as long as do not want a certificate), * cryptopals - a set of tasks for the implementation of various cryptographic constructions and classic attacks, * free cryptography book: Crypto101, * book on cryptography: Serious Cryptography. Other: * Write-ups, i.e. descriptions of how a specific attack was successfully carried out (e.g. at CTF competitions) - they can be found using Google queries such as sql injection with no space writeup, * tasks from competitions organized by CERT Polska: https://hack.cert.pl/, * stream on low-level programming and security:: https://www.youtube.com/user/GynvaelColdwind, * channel on safety: https://www.youtube.com/c/LiveOverflow. |
Learning outcomes: |
Knowledge: 1. The students have knowledge concerning the security of network technologies, in particular the security of basic communication protocols, network applications, cryptographic protocols, types of security attacks on networks and defence mechanisms (K_W11). Abilities: 1. The students are able to take care of data security, in particular its secure transmission; they use compression and encryption tools (K_U14). 2. The students are able to evaluate on the basic level the utility of routine IT methods and tools and to choose and apply an appropriate methods and tools to typical computerised tasks (K_U22). Competences: 1. The studends understand the significance of security both from the point of view of the software developer and the user. |
Assessment methods and assessment criteria: |
The final grade is based on the sum of the points obtained from the laboratory classes (0 to 40) and exam (0 to 15). The final exam is written and consists of 15 short questions. |
Classes in period "Winter semester 2023/24" (past)
Time span: | 2023-10-01 - 2024-01-28 |
Navigate to timetable
MO LAB
LAB
LAB
TU LAB
WYK
LAB
W TH LAB
LAB
FR |
Type of class: |
Lab, 30 hours
Lecture, 30 hours
|
|
Coordinators: | Tomasz Kazana | |
Group instructors: | Jarosław Jedynak, Tomasz Kazana, Michał Kowalczyk, Paweł Srokosz, Krzysztof Stopczański, Krzysztof Zając | |
Students list: | (inaccessible to you) | |
Examination: | Examination |
Copyright by University of Warsaw.