Professor: Marinho Barcellos
Hours: 60 hs
Semesters: First semester
Undergraduate Enrollment: The enrollment must be made as Special Student
Page Link: http://moodle.inf.ufrgs.br/course/view.php?id=459
Overview. Security policies. Design and implementation. Network and computer systems security. Malicious software. Vulnerability analysis. Auditing. Intrusion detection.
At the end of the course students should be able to understand and analyze the fundamental properties of a computer system with respect to its security, based on a clear understanding of the key concepts and the state-of-the-art in the field.
• Overview of computer security: basic components, threats, policies and mechanisms, assumptions and trust, guarantees, operational and human issues, control access matrix. Policies: security policies in general, confidentiality policies and integrity policies.
• Project and implementation: design principles, identity representation, control access mechanisms, information flows, and the confinement problem.
• Network security: development of policies, network layout, availability, flooding, attack forecast. System security: policies, networks, users, authentication, processes and files.
• Malicious software: Trojan Horses, viruses, worms, Denial of Service attacks, botnets.
• Vulnerability analysis: penetration studies, vulnerability classification.
• Auditing: auditing system organization, mechanisms and examples.
• Intrusion detection: principles, models, architecture, detection systems organization, intrusion response, and intrusion tolerance.
Evaluation will be based on two aspects: first, given the assigned topic in systems security, the level of understanding about the subject and how it is delivered during the oral presentation; second, the volume and quality of contributions made by students during the presentation of topics other than his/her own, related to the state-of-the-art in the topic.
It is comprised of a textbook and a set of papers from journals and events.
• Bishop, M. Computer Security: Art and Science. 1a. Ed. Addison-Wesley Professional, 2003. 1136p.
Journals ordered by impact factor:
• IEEE Transactions on Information Forensics and Security (Impact Factor 2.338)
• IEEE Transactions on Dependable and Secure Computing (Impact Factor 2.093)
• Springer International Journal of Information Security (Impact Factor 1.681)
• Elsevier Computers & Security (Impact Factor 1.488)
• IEEE Security & Privacy (Impact Factor 1.172)
• IET Information Security (Impact Factor 0.892)
• ACM Transactions on Information and Systems Security (Impact Factor 0.600)
• Wiley Security and Communication Networks (Impact Factor 0.356)
Events ordered by citations/paper:
• SECURITY – Usenix Security Symposium (40.2)
• S&P – IEEE Symposium on Security and Privacy (34.8)
• NDSS – Network and Distributed System Security Symposium (28.8)
• IMC – Internet Measurement Conference (23.6)
• CCS – ACM Conference on Computer and Communications Security (20.5)
• CSF – IEEE Computer Security Foundations Symposium (18.6)
• IH – Information Hiding Workshop (14.8)
• RAID – International Symposium on Recent Advances in Intrusion Detection (13.5)
• NSPW – New Security Paradigms Workshop (12.6)
• ESORICS – European Symposium on Research in Computer Security (9.1)
• SRDS – IEEE International Symposium on Reliable Distributed Systems (9.0)