Description of Course Unit: Computer Security Foundations
| Code: | L.EIC021 | Acronym: | FSI |
| Keywords | |
|---|---|
| Classification | Keyword |
| OFICIAL | Informatics Engineering and Computing |
Instance: 2021/2022 - 1S 
| Active? | Yes |
| Web Page: | https://moodle.up.pt/course/view.php?id=3770 |
| Responsible unit: | Department of Informatics Engineering |
| Course/CS Responsible: | Bachelor in Informatics and Computing Engineering |
Cycles of Study/Courses
| Acronym | No. of Students | Study Plan | Curricular Years | Credits UCN | Credits ECTS | Contact hours | Total Time |
|---|---|---|---|---|---|---|---|
| L.EIC | 235 | Plano Oficial | 3 | - | 6 | 52 | 162 |
| M.EIC | 125 | Plano de estudos oficial | 1 | - | 6 | 52 | 162 |
Teaching Staff - Responsibilities
| Teacher | Responsibility |
|---|---|
| Manuel Bernardo Martins Barbosa |
Teaching - Hours
| Lectures: | 2,00 |
| Recitations: | 2,00 |
| Type | Teacher | Classes | Hour |
|---|---|---|---|
| Lectures | Totals | 2 | 4,00 |
| Manuel Bernardo Martins Barbosa | 4,00 | ||
| Recitations | Totals | 15 | 30,00 |
| Bernardo Luís Fernandes Portela | 2,00 | ||
| António Miguel Pontes Pimenta Monteiro | 4,00 | ||
| Manuel Bernardo Martins Barbosa | 2,00 | ||
| José Manuel de Magalhães Cruz | 6,00 | ||
| Hugo José Pereira Pacheco | 6,00 | ||
| Rolando da Silva Martins | 6,00 | ||
| André Nuno de Pinho Tavares Gurgo e Cirne | 4,00 |
Fields changed: Calculation formula of final grade, Observações, Obtenção de frequência, Componentes de Avaliação e Ocupação, Componentes de Avaliação e Ocupação, Observações, Fórmula de cálculo da classificação final
Teaching language
Suitable for English-speaking studentsObjectives
The goal of this Curricular Unit is to provide students with an integrated perspective of the foundations of computer security; it aims to give students a broad view of the security aspects inherent to the development and operation of computer systems, setting a context for the technology-specific problems and solutions students encounter in other Curricular Units.Learning outcomes and competences
To know the principles of building secure programs and computer systems.
To learn how to think adversarially about computer systems.
To understand how to assess threats for their significance.
To recognize limitations and justify protections of a given computer system.
To explain how attacks work in practice.
Working method
PresencialProgram
1) Principles of computer security: confidentiality, integrity, availability; risk, threats, vulnerabilities, attack vectors, security mechanisms.
2) Principles of secure design: least privilege and isolation; defense in depth; security by design.
3) Basic cryptography concepts: symmetric and public-key cryptography; hash functions; encryption and authentication; digital signatures; key management; PKI.
4) Access control: basic concepts; information-flow control and models for confidentiality and integrity; security mechanisms at the OS level.
5) Introduction to defensive programming: input validation; common vulnerabilities and attacks; buffer overflows; race conditions; security updates.
6) Topics in network security: attacks and protection at the network level; Denial of Service (DoS) and Distributed Denial of Service (DDoS).
7) Web security: security model; session management; authentication; common vulnerabilities.
Mandatory literature
Goodrich, M., & Tamassia, R.; Introduction to Computer Security, Pearson, 2011. ISBN: 978-0321512949Matt Bishop; Computer Security: Art and Science, 2nd Edition, Addison-Wesley Professional, 2018. ISBN: 978-0321712332
Teaching methods and learning activities
The lectures are based on oral presentation, complemented with detailed examples and the discussion of case studies.
Consolidation exercises will be proposed during the semester; these will be discussed in lectures but it is expected that students complete them outside of class.
Students will also develop a group project, where they will apply the concepts covered in class.
Software
VirtualBoxEvaluation Type
Distributed evaluation with final examAssessment Components
| Designation | Weight (%) |
|---|---|
| Exame | 30,00 |
| Trabalho prático ou de projeto | 20,00 |
| Teste | 30,00 |
| Trabalho laboratorial | 20,00 |
| Total: | 100,00 |
Amount of time allocated to each course unit
| Designation | Time (hours) |
|---|---|
| Elaboração de projeto | 45,00 |
| Estudo autónomo | 41,00 |
| Frequência das aulas | 52,00 |
| Trabalho laboratorial | 24,00 |
| Total: | 162,00 |
Eligibility for exams
Minimal score of 10/20 in the lab and practical components.Calculation formula of final grade
CF = 0,2 TL + 0,2 TP + 0,3 TI + 0,3 ET (rounded)where
- CF - final score
- TL - lab work score
- TP - practical work score
- TI - intermediate test score (or resit exam) >= 6/20
- ET - final exam score (or resit exam) >= 6/20
All scores in the 0-20 range.
Special assessment (TE, DA, ...)
Identical to other students.Classification improvement
The test and final exam can be improved in a resit exam. The practical and lab work scores can be improved in the CU next instance.Observations
The lab component will consist of the resolution of tutorials proposed for each class.The practical component will consist of CTF (capture the flag) challenges submitted to an online platform.
Both of these components will be assessed in the TP classes.
Both of these components will be group work (indicative group size = 3): all group elements must be in the same TP class.
Students should ensure that the TP class lecturer has the opportunity to regularly assess (weekly or every fortnight if not possible) the progress of the group activities and the contribution of all students.
The midterm test will cover the first half of the syllabus (to be defined via Moodle) and the final exam will cover the remaining material.
The resit exam will be structured in two halves and students may choose to carry out only the part(s) in which they did not yet obtain the minimal mark of 6/20.