Computer Security

Credits
6
Types
Specialization compulsory (Information Technologies)
Requirements
Department
AC
Introduction to basic concepts of computer security that all graduates should know to do their job without compromising computer systems that manage or program, or their users.
Are also some practical tools that can be used to protect or systems to detect programming errors or configuration may endanger that in case of attack.

Teachers

Person in charge

Others

Weekly hours

Theory
2
Problems
1
Laboratory
1
Guided learning
0
Autonomous learning
6

Competences

Technical Competences

Common technical competencies

  • CT6 - To demonstrate knowledge and comprehension about the internal operation of a computer and about the operation of communications between computers.
    • CT6.4 - To demonstrate knowledge and capacity to apply the characteristics, functionalities and structure of the Distributed Systems and Computer and Internet Networks guaranteeing its use and management, as well as the design and implementation of application based on them.
  • CT7 - To evaluate and select hardware and software production platforms for executing applications and computer services.
    • CT7.1 - To demonstrate knowledge about metrics of quality and be able to use them.
    • CT7.2 - To evaluate hardware/software systems in function of a determined criteria of quality.
    • CT7.3 - To determine the factors that affect negatively the security and reliability of a hardware/software system, and minimize its effects.
  • CT8 - To plan, conceive, deploy and manage computer projects, services and systems in every field, to lead the start-up, the continuous improvement and to value the economical and social impact.
    • CT8.1 - To identify current and emerging technologies and evaluate if they are applicable, to satisfy the users needs.

    • Technical Competences of each Specialization

    Information technology specialization

  • CTI1 - To define, plan and manage the installation of the ICT infrastructure of the organization.
    • CTI1.1 - To demonstrate understanding the environment of an organization and its needs in the field of the information and communication technologies.
    • CTI1.2 - To select, design, deploy, integrate and manage communication networks and infrastructures in a organization.
    • CTI1.3 - To select, deploy, integrate and manage information system which satisfy the organization needs with the identified cost and quality criteria.
  • CTI2 - To guarantee that the ICT systems of an organization operate adequately, are secure and adequately installed, documented, personalized, maintained, updated and substituted, and the people of the organization receive a correct ICT support.
    • CTI2.3 - To demonstrate comprehension, apply and manage the reliability and security of the computer systems (CEI C6).
  • CTI3 - To design solutions which integrate hardware, software and communication technologies (and capacity to develop specific solutions of systems software) for distributed systems and ubiquitous computation devices.
    • CTI3.1 - To conceive systems, applications and services based on network technologies, taking into account Internet, web, electronic commerce, multimedia, interactive services and ubiquitous computation.

    • Transversal Competences

    Information literacy

  • G6 [Avaluable] - To manage the acquisition, structuring, analysis and visualization of data and information of the field of the informatics engineering, and value in a critical way the results of this management.
    • G6.3 - To plan and use the necessary information for an academic essay (for example, the final project of the grade) using critical reflection about the used information resources. To manage information in a competent, independent and autonomous way. To evaluate the found information and identify its deficiencies.

    • Objectives

    1. Being able to understand the threats and security risks of computer systems.
      Related competences: CT7.1, CT7.2, CT7.3, CTI1.1,
      Subcompetences
      • Being able to understand the general ideas of the legal implications of computer security.
    2. Being able to analyze malicious code such as viruses, Trojans, etc..
      Related competences: CT8.1, G6.3, CT7.1, CT7.3,
    3. Being able to understand and identify mechanisms for access control of an operating system.
      Related competences: CTI1.2, CT8.1, CT7.2, CT7.3, CTI1.3,
    4. Knowing the problems of security in computer networks and be able to find solutions to protect them.
      Related competences: CTI3.1, CT6.4, CTI2.3,
      Subcompetences
      • Being able to understand the implications of a network on the enterprise security
    5. Being able to design protection mechanisms for distributed applications.
      Related competences: CTI3.1, CTI1.2, CT8.1, G6.3, CT6.4, CT7.3, CTI2.3,
      Subcompetences
      • Being able to identify security threats and propose solutions in web applications and electronic commerce.
    6. Being able to understand the need and operation of forensic computer security mechanisms.
      Related competences: G6.3, CT7.1, CT7.3, CTI2.3,
    7. Being able to use cryptographic mechanisms to protect resources.
      Related competences: CTI3.1, CTI2.3,
      Subcompetences
      • Being able to implement mechanisms for electronic signatures.
    8. Being able to understand, design and implement public key infrastructure (PKI).
      Related competences: CTI3.1, CTI1.2, CT8.1, CT6.4, CTI1.3,
      Subcompetences
      • Being able to design and manage public key certificates.
    9. Being able to understand the mechanisms of protection and security policies.
      Related competences: CTI1.2, CT7.3,
    10. Be able to manage the acquisition, structuring, analysis and visualization of data and information in the field of computer engineering, critically evaluating the results of this management.
      Related competences: G6.3,

    Contents

    1. Introduction
      Threats, risk analysis, protection mechanisms, security of communications, security forensics, politicies, recovery, legal aspects, ...
    2. Cryptography
      Basics of cryptography. Public key. Electronic signatures.
    3. PKI Infrastructure
      Certificates. Directories. Protocols.
    4. Security in applications
      Security on the web. Secure application protocols.
    5. Open Source Intelligence (OSINT)
      Currently, many of the attacks carried out by malicious actors are based on social engineering. In order to carry out more advanced attacks, the use of open sources of data on the Internet opens new frontiers in these attacks. This topic will cover the techniques for carrying out this type of attack and how to mitigate them.
    6. Security in operating systems
      Threat analysis. Operation of malicious codes. Viruses and worms. Protection. virus. Structure of an OS.
    7. Forensic analysis
      Collection of evidence. Analysis.

    Activities

    Activity Evaluation act


    Introduction

    Learning the concepts and objectives associated with this item.
    Objectives: 1 9
    Contents:
    Theory
    2h
    Problems
    0h
    Laboratory
    0h
    Guided learning
    0h
    Autonomous learning
    4h

    Cryptography

    Learning the concepts and objectives associated with this item.
    Objectives: 7
    Contents:
    Theory
    2h
    Problems
    2h
    Laboratory
    0h
    Guided learning
    0h
    Autonomous learning
    4h

    Infrastructure PKI

    Learning the concepts and objectives associated with this item.
    • Laboratory: Explaining the creation process of a X.509 certificate with openssl. Explaining the HTTPS protocol
    Objectives: 8
    Contents:
    Theory
    4h
    Problems
    1h
    Laboratory
    2h
    Guided learning
    0h
    Autonomous learning
    9h

    Open Source Intelligence (OSINT)

    Uncontrolled publication of data can lead to Social Engineering attacks that involve identity theft, fraud and many other things. Open Source Intelligence is the technique by which open data sources are used to provide this information.
    • Theory: Understanding open data sources and what you can get from them
    • Laboratory: Use OSINT tools to obtain information from open source intelligence sources.
    Objectives: 1 9
    Contents:
    Theory
    2h
    Problems
    0h
    Laboratory
    2h
    Guided learning
    0h
    Autonomous learning
    6h

    First theory exam

    Theory exam of the following topics: Introduction, Criptography and PKI infrastructure
    Objectives: 1 9 7 8 4
    Week: 8
    Theory
    0h
    Problems
    0h
    Laboratory
    0h
    Guided learning
    0h
    Autonomous learning
    0h

    Security applications

    Learning the concepts and objectives associated with this item.
    • Laboratory: Understanding of secure programming techniques described in the session. Use of the webscarab and webgoat applications from the OWASP Linux distribution
    Objectives: 5
    Contents:
    Theory
    8h
    Problems
    6h
    Laboratory
    4h
    Guided learning
    0h
    Autonomous learning
    19h

    Security in operating systems

    Learning the concepts and objectives associated with this item.
    Objectives: 2 3
    Contents:
    Theory
    6h
    Problems
    4h
    Laboratory
    2h
    Guided learning
    0h
    Autonomous learning
    17h

    Security forensics

    Learning the concepts and objectives associated with this item.
    Objectives: 6
    Contents:
    Theory
    3h
    Problems
    2h
    Laboratory
    2h
    Guided learning
    0h
    Autonomous learning
    7h

    Lab CT. Solvent use of bibliographic resources

    Manage the acquisition, structuring, analysis and visualization of data and information in the field of computer engineering, and critically evaluate the results of this management. - Plan and use the information needed for an academic project (for example, for the final degree project) based on a critical reflection on the information resources used. - Manage information competently, independently and autonomously. - Evaluate the information found and identify the gaps.
    Objectives: 10
    Theory
    0h
    Problems
    0h
    Laboratory
    2h
    Guided learning
    0h
    Autonomous learning
    2h

    Questionnaire on the solvent use of bibliographic resources

    Questionnaire on the solvent use of bibliographic resources
    Objectives: 10
    Week: 9
    Theory
    0h
    Problems
    0h
    Laboratory
    0h
    Guided learning
    0h
    Autonomous learning
    0h

    Final exam lab

    Review on all laboratory practices carried out throughout the course. It is a prerequisite to have submitted all the practicals to be able to take the exam.
    Objectives: 7 8 2 3 4 5
    Week: 14
    Theory
    0h
    Problems
    0h
    Laboratory
    0h
    Guided learning
    0h
    Autonomous learning
    0h

    Second theory exam

    Theory exam of the subjects of the subject: Security in applications, security in operating systems and forensic analysis. This exam, for those who have not passed the first part, will allow them to retake it.
    Objectives: 2 3 5 6
    Week: 15 (Outside class hours)
    Theory
    0h
    Problems
    0h
    Laboratory
    0h
    Guided learning
    0h
    Autonomous learning
    0h

    Teaching methodology

    This course should give an overview and a technical view of the problems and possible solutions to computer systems and networks security. For this reason, it covers many topics and has a great descriptive component.

    However, the teaching methodology will use examples and problems for introducing the concepts to which students attain the necessary skills. Also, we will try to encourage interactivity with students considering real situations in class to discuss possible solutions.

    Moreover, the laboratory will complete the skills and knowledge acquired in theory / problems class.

    Evaluation methodology

    1. A mid-term exam (C1) in the middle of the semester and a second exam at the end (C2) on the material exposed in the theory classes.
    Theory = 0,3 x C1 + 0,7 x C2

    2. Realization of labs:
    2.1 The student will fullfill some personal tasks or individual questionnaires through Atenea (NQ)
    2.2 There will be a laboratory exam (EL)
    The laboratori grade will be computed through: Lab = 0.5 * NQ + 0.5 EL

    3. Carrying out an individual activity dedicated to the transversal competence (TC) proposed by the theory and/or laboratory professors related to "Proper use of bibliographic resources"

    The final mark (NF) of the subject will be calculated as follows:
    NF = 0.7 x Theory + 0.25 x Lab + 0.05 x TC

    There will not be a final exam. Nevertheless there is the possibility of repeating the first midterm during the second one, which will take place during the exam period alloted at the end of the semester.

    The level of achievement of transversal competence is evaluated from the TC and will be calculated as follows:
    A if TC >= 8.5; B if TC >=7; C if TC >= 5; D if TC < 5

    Bibliography

    Basic

    Complementary

    Previous capacities

    Those obtained at the Operating Systems and Computer Networks subjects.

    Knowledge of technical English.