Computer Systems Security

Code	14465
Year	1
Semester	S2
ECTS Credits	6
Workload	PL(30H)/T(30H)
Scientific area	Informatics
Entry requirements	.
Learning outcomes	The objectives of this Course Unit are to consolidate the knowledge acquired in the course unit of computer security and to study advanced topics in implementation and engineering of secure software systems. It aims for the development of a critical conscience in the student regarding security problems in data communications and in the software during all of its development phases. At the end of the course unit, the student should be able to: properly implement and integrate modern cryptography mechanisms and protocols; correctly configure security mechanisms in operating systems; identify security issues in software and means to minimize them, particularly in Web applications; enforce security by design and practice the development of applications with fewer vulnerabilities, based on a more rigorous process of software engineering and on the design of penetration testing.
Syllabus	1. Remote and Local Authentication; Zero Knowledge Protocols. 2. Elliptic Curve Cryptography 3. Oblivious Transfer and Secure Multiparty Computation 4. Security in Operative Systems 5. Security in Web Applications 6. Vulnerabilities Associated with Programming 7. Input Validation and Dynamic Protection. 8. Software Auditing 9. Identification of Security Requirements, System and Attack Modeling
Main Bibliography	Pedro R. M. Inácio, Apontamentos teóricos e guias práticos laboratoriais de Segurança de Sistemas Informáticos, 2022; Miguel Pupo Correia and Paulo Jorge Costa, Segurança no Software, FCA - Editora de Informática, pp. 462, 2010. Mark Dowd, John McDonald, Justin Schuh, The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, Addison-Wesley Professional, 1 edition, pp. 1200, 2006. Serge Vaudenay, A Classical Introduction to Cryptography Applications for Communications Security, Springer, pp. 370, 2005. Thomas Baigneres, Pascal Junod, Yi Lu, Jean Monnerat, Serge Vaudenay, A Classical Introduction to Cryptography Exercise Book, Springer, pp. 254, 2005. André Zúquete, Segurança em Redes Informáticas, FCA - Editora de Informática, 3ª Ed. (actualizada e aumentada), pp. 432, 2012. Margaret Cozzens, Steven J. Miller, The Mathematics of Encryption : An Elementary Introduction, American Mathematical Society (AMS), 2013. Alfred J. Men
Teaching Methodologies and Assessment Criteria	The contents of this course unit are discussed in lectures (though interaction is fomented) and the practical part of those contents is explored in laboratory classes. Each type of class has two hours of weekly contact. The practical classes have lab guides that students perform in the computers of the laboratory. The labs include exercises concerning implementation and integration of cryptographic primitives, as well as security engineering.Moreover, the proposed practical works are designed so that the students develop the techniques described in the objectives of this course unit via the development of secure software systems. Evaluation is performed resorting to three main elements: - one written test for knowledge evaluation, worth 50% of the final grade (05/06/2024); - one practical test, worth 25% of the final grade (08/05/2024); - one practical team work with a presentation, worth 25% of the final grade (24/05/2024).
Language	Portuguese. Tutorial support is available in English.