Network and Computer Systems Security (2017/2018) - Departamento de Informática
Introduction
- Terminology, concepts, principles, paradigms and standards
- Security frameworks
Applied cryptography: algorithms, methods and tools
- Symmetric and asymmetric or public-key cryptography
- Secure hash functions, message authentication codes and cryptographic authentication codes
- Other cryptographic methods: differential, identity-based and homomorphic encryption
- Steganography methods
Authentication and key-establishment protocols and services
- Authentication protocols with cryptographic methods
- Kerberos and PKINIT Kerberos
- X509 Authentication
- OAuth2 AUthentication
- Authenticated establishment of security association parameters
User-level authentication
- User authentication methods and factors
- Security issues on user authentication factors: issues and drawbacks
- Single Sign On (SSO) systems
- Multi-factor authentication (MFA) systems
Access control
-
Access control enforcement: access contorl policies and mechnaisms
-
Access control models
-
Permissions and authorization management
-
Case studies: OS Services and Database Security Access Control
Security services and TCP/IP security
- HTTPS, TLS, SSH, IPSec
- Email security services: S/MIME, PGP
- Doman-keys identified mail: DKIM
- DNS security: Dnssec
- Security management and SNMP
Intrusion protection
- Intrusion prevention, detection and recovery
- Intrusion detection analysis
- Intrusion detection sysrems (IDS) HIDS and NIDS
- Hybrid solutions, honeypots and honeynets
Operating system security
- OS Security planning, hardening and maintenance
- OS secuyrity services: case studies
- Virtualization and principles of virtualization security
Trust computing
- Trust computing principles and formal models
- Multilevel security and common evaluation criteria
- Trust computing and elements for trust computing bases
- Trusted platform modules (TPM)
- Trusted execution environments (ArmTrustZone and Intel SGX Technology)
Main references
- William Stallings,Network Security Essentials - Applications and Services, Pearson, 6/E, 2017
- William Stallings, L. Brown, Computer Security: Principles and Practice, Pearson 4/E, 2017
Additional References
- D. Gollmann,Computer Security, 3rd Ed, Wiley, 2011
- William Stallings,Cryptography and Network Security - Principles and Practice, Pearson 7/E, 2017
Other references (in portuguese langage):
- A. Zúquete, Segurança em Redes Informáticas,4ª Ed., 2013, Ed. FCA
- M. Correia, P. Sousa, Segurança no Softwarem2ª Ed. , 2017 Ed. FCA
-
-
Interseting in the sequence of SRSC and CSD MIEI Courses