You are in:: Start > CC2009
Site map
Security and Privacy
| Code: | CC2009 | Acronym: | CC2009 | Level: | 200 |
| Keywords | |
|---|---|
| Classification | Keyword |
| OFICIAL | Computer Science |
Instance: 2022/2023 - 2S 
| Active? | Yes |
| Responsible unit: | Department of Computer Science |
| Course/CS Responsible: | Bachelor in Artificial Intelligence and Data Science |
Cycles of Study/Courses
| Acronym | No. of Students | Study Plan | Curricular Years | Credits UCN | Credits ECTS | Contact hours | Total Time |
|---|---|---|---|---|---|---|---|
| L:CC | 43 | study plan from 2021/22 | 2 | - | 6 | 56 | 162 |
| 3 | |||||||
| L:IACD | 61 | study plan from 2021/22 | 2 | - | 6 | 56 | 162 |
Fields changed: Calculation formula of final grade, Melhoria de classificação, Componentes de Avaliação e Ocupação, Programa, Tipo de avaliação, Obtenção de frequência
Teaching language
PortugueseObjectives
This course unit has the goal of providing students with an integrated perspective of the security and privacy fundamentals; it targets to endow students with the principles of IT security and data privacy.Learning outcomes and competences
1. Understand the fundamental principles of system security and data privacy.2. Identify vulnerabilities and threats to system security and privacy of data
3. Acquire skills on cryptography and its applications for system security.
4. Understand data protection regulations, and the impact of its requirements on security and privacy.
5. Select and apply privacy-enhancing technologies, as well as methodologies for risk assessment.
Working method
PresencialProgram
1) Principles of computer security: confidentiality, integrity, availability; risk, threats, vulnerabilities, attack vectors, security mechanisms.2) Principles of secure design: least privilege and isolation; defense in depth; security by design.
3) Basic cryptography concepts: symmetric and public-key cryptography; hash functions; encryption and authentication; digital signatures; key management; PKI.
4) Access control: basic concepts; information-flow control and models for confidentiality and integrity; security mechanisms at the OS level.
5) Introduction to defensive programming: input validation; common vulnerabilities and attacks; buffer overflows; race conditions; security updates.
6) Web security: security model; session management; authentication; common vulnerabilities.
7. Data privacy regulations and requirements;
8) Privacy threats and vulnerabilities, including: correlation and linkage attacks;
9) Privacy impact assessment and data management planning;
10) Anonymization and pseudonymization algorithms, re-identification risk assessment;
11) Secure multiparty computation and application to private data mining.
Mandatory literature
William Stallings; Computer security. ISBN: 1-292-22061-9William Stallings; Information privacy engineering and privacy by design. ISBN: 978-0-13-530215-6
Matt Bishop; Introduction to computer security. ISBN: 0-321-24744-2
William Stallings; Cryptography and network security. ISBN: 9780138690175
Mark Stamp; Information security. ISBN: 9780470626399
Teaching methods and learning activities
The lectures are based on oral presentations, complemented with detailed examples and discussion of case-studies. Throughout the semester, the case-studies will be used to consolidate the exposed concepts, particularly by exercising security and privacy skills in data management through real-world scenarios.Lab classes will consist on applying the introduced concepts through technological practice aiming at technical expertise in the application of security and privacy methodologies.
Evaluation Type
Distributed evaluation without final examAssessment Components
| designation | Weight (%) |
|---|---|
| Trabalho prático ou de projeto | 10,00 |
| Teste | 50,00 |
| Trabalho laboratorial | 40,00 |
| Total: | 100,00 |
Amount of time allocated to each course unit
| designation | Time (hours) |
|---|---|
| Elaboração de projeto | 24,00 |
| Estudo autónomo | 41,00 |
| Frequência das aulas | 52,00 |
| Trabalho laboratorial | 45,00 |
| Total: | 162,00 |
Eligibility for exams
Minimal score of 10/20 in the lab component that corresponds to carrying out and documenting a series of tasks proposed in the TP classes and simple CTF challenges.Recall: failing in this criteria implies failing the course (no access to resit)
Calculation formula of final grade
Normal epoque:CF = 0,4 TL + 0,1 TP + 0,25 T1 + 0,25 T2 (rounded)
onde
- CF - final score
- TL - lab work mark (seedlab tutorials and related CTF chalenges)
- TP - classificação do trabalho prático (additional CTF challenges)
- T1 - midterm test (first part of syllabus) >= 6/20
- T2 - second test in the end of the semester (second part of syllabus) >= 6/20
All marks in range 0 to 20.
Resit (including mark improvement):
CF = 0,4 TL + 0,1 TP + 0,5 ER (rounded)
onde
- CF - final score
- TL - lab work mark (seedlab tutorials and related CTF chalenges)
- TP - classificação do trabalho prático (additional CTF challenges)
- ER - resit exam (full syllabus) >= 6/20
Special assessment (TE, DA, ...)
The same conditions as for regular students apply.Classification improvement
The grades for theoretical tests can be improved in the extra season (época de recurso).The grade for the practical assignments holds for all exam seasons.
Observations
The lab component will consist of the resolution of tutorials proposed for each class and simple related CTF (capture the flag) challenges (all details published weekly in Moodle).The project component will consist of additional CTF (capture the flag) challenges, which will be slightly more difficult to emulate real CTF competitions.
The final classification in the CTF will determine, in part, the TP mark (10% of final grade) as follows. Let:
- G be the total number of groups that participated in CTF challenges
- C the overall ranking in the CTF platform of the group under assessment
- N the mark awarded by the lecturer to this group in the TP component
Then the TP mark is given by ((K-C+1)/K)*N:
Both of these components will be assessed in the TP classes. The CTF platform will be open throughout the semester and challenges will be launched gradually.
Both of these components will be group work (indicative group size = 3): all group elements must be in the same TP class.
Students should ensure that the TP class lecturer has the opportunity to regularly assess (weekly or every fortnight if not possible) the progress of the group activities and the contribution of all students.
The midterm test will cover the first half of the syllabus (to be defined via Moodle) and the final exam will cover the remaining material.
The resit exam will be divided into two parts, and it is possible to do only one of them.
Copyright 1996-2024 © Faculdade de Ciências da Universidade do Porto
I Terms and Conditions
I Acessibility
I Index A-Z
I Guest Book
Page created on: 2024-10-06 at 18:30:02 | Acceptable Use Policy | Data Protection Policy | Complaint Portal
Page created on: 2024-10-06 at 18:30:02 | Acceptable Use Policy | Data Protection Policy | Complaint Portal