Computer Security Foundations

Code:

L.EIC021

Acronym:

FSI

Keywords
Classification	Keyword
OFICIAL	Informatics Engineering and Computing

Instance: 2023/2024 - 1S

Active?	Yes
Web Page:	https://moodle.up.pt/course/view.php?id=1520
Responsible unit:	Department of Informatics Engineering
Course/CS Responsible:	Bachelor in Informatics and Computing Engineering

Cycles of Study/Courses

Acronym	No. of Students	Study Plan	Curricular Years	Credits UCN	Credits ECTS	Contact hours	Total Time
L.EIC	334	Syllabus	3	-	6	52	162

Teaching language

Suitable for English-speaking students

Objectives

The goal of this Curricular Unit is to provide students with an integrated perspective of the foundations of computer security; it aims to give students a broad view of the security aspects inherent to the development and operation of computer systems, setting a context for the technology-specific problems and solutions students encounter in other Curricular Units.

Learning outcomes and competences

To know the principles of building secure programs and computer systems.
To learn how to think adversarially about computer systems.
To understand how to assess threats for their significance.
To recognize limitations and justify protections of a given computer system.
To explain how attacks work in practice.

Working method

Presencial

Program

1) Principles of computer security: confidentiality, integrity, availability; risk, threats, vulnerabilities, attack vectors, security mechanisms.
2) Principles of secure design: least privilege and isolation; defense in depth; security by design.
3) Basic cryptography concepts: symmetric and public-key cryptography; hash functions; encryption and authentication; digital signatures; key management; PKI.
4) Access control: basic concepts; information-flow control and models for confidentiality and integrity; security mechanisms at the OS level.
5) Introduction to defensive programming: input validation; common vulnerabilities and attacks; buffer overflows; race conditions; security updates.
6) Topics in network security: attacks and protection at the network level; Denial of Service (DoS) and Distributed Denial of Service (DDoS).
7) Web security: security model; session management; authentication; common vulnerabilities.

Mandatory literature

Goodrich, M., & Tamassia, R.; Introduction to Computer Security, Pearson, 2011. ISBN: 978-0321512949
Matt Bishop; Computer Security: Art and Science, 2nd Edition, Addison-Wesley Professional, 2018. ISBN: 978-0321712332

Teaching methods and learning activities

The lectures are based on oral presentation, complemented with detailed examples and the discussion of case studies.

Consolidation exercises will be proposed during the semester; these will be discussed in lectures but it is expected that students complete them outside of class.

Students will also develop a group project, where they will apply the concepts covered in class.

Software

VirtualBox

Evaluation Type

Distributed evaluation without final exam

Assessment Components

Designation	Weight (%)
Trabalho prático ou de projeto	30,00
Teste	50,00
Trabalho laboratorial	20,00
Total:	100,00

Amount of time allocated to each course unit

Designation	Time (hours)
Elaboração de projeto	45,00
Estudo autónomo	41,00
Frequência das aulas	52,00
Trabalho laboratorial	24,00
Total:	162,00

Eligibility for exams

Minimal score of 10/20 in the pratical component, that corresponds to carrying out and documenting a series of tasks proposed in the TP classes (lab work) and CTF challenges to be solved independently outside of the classroom context (pratical project)

Mandatory frequency in the pratical classes (according toe the University of Porto's regulations).

Recall: failing in this criteria implies failing the course (no access to resit)

Calculation formula of final grade

Normal epoque: 

CF = 0,2 TL + 0,3 TP + 0,25 T1 + 0,25 T2 (rounded)

onde

- CF - final score
- TL - lab work mark (seedlab tutorials)
- TP - pratical project (CTF challenges)
- T1 - midterm test (first part of syllabus) >= 6/20
- T2 - second test in the end of the semester (second part of syllabus) >= 6/20

All marks in range 0 to 20.

Resit (including mark improvement):

CF = 0,2 TL + 0,3 TP + 0,5 ER (rounded)

onde

- CF - final score
- TL - lab work mark (seedlab tutorials)
- TP - pratical project (additional CTF challenges)
- ER - resit exam (full syllabus) >= 6/20

Students with "frequencia" in 2022/2023 can replace the pratical mark in 2023/2024 (50% of the total mark) with the marks obtained in the prior year.

Special assessment (TE, DA, ...)

Identical to other students.

Classification improvement

The separate or aggregate test score can be improved in a resit exam. The practical and lab work scores can be improved in the CU next instance.

Observations

The lab component will consist of the resolution of tutorials proposed for each class (all details published weekly in Moodle).

The project component will consist of CTF (capture the flag) challenges, from simple tutorial-related challenges to slightly more difficult to emulate real CTF competitions. 

The final classification in the CTF platform (depending on the number of solved challenges and on how quickly they were solved) will determine, in part, the TP mark.

Both of these components will be assessed in the TP classes. The CTF platform will be open throughout the semester and challenges will be launched gradually. 

Both of these components will be group work (indicative group size = 3): all group elements must be in the same TP class.

Students should ensure that the TP class lecturer has the opportunity to regularly assess (weekly or every fortnight if not possible)  the progress of the group activities and the contribution of all students.

The midterm test will cover the first half of the syllabus (to be defined via Moodle) and the final exam will cover the remaining material.

The resit exam covers the whole syllabus.