Budapest University of Technology and Economics, Faculty of Electrical Engineering and Informatics

    Belépés
    címtáras azonosítással

    vissza a tantárgylistához   nyomtatható verzió    

    IT Security

    A tantárgy neve magyarul / Name of the subject in Hungarian: IT biztonság

    Last updated: 2015. november 22.

    Budapest University of Technology and Economics
    Faculty of Electrical Engineering and Informatics
    Course ID Semester Assessment Credit Tantárgyfélév
    VIHIAC01 6 3/0/0/f 3  
    3. Course coordinator and department Dr. Buttyán Levente,
    4. Instructors Dr. Levente Buttyán    Associate Professor    HIT
    Dr. Boldizsár Bencsáth    Assistant Professor    HIT
    Dr. Tamás Holczer    Assistant Professor    HIT

    5. Required knowledge Operating Systems, Communication Networks, Coding Techniques, Computer Programming
    6. Pre-requisites
    Kötelező:
    ((TargyEredmeny("BMEVIHIAB00" , "jegy" , _ ) >= 2 VAGY
    TargyEredmeny("BMEVIHIAB04" , "jegy" , _ ) >= 2 VAGY
    TargyEredmeny("BMEVIHIA209" , "jegy" , _ ) >= 2 )
    ÉS
    (TargyEredmeny("BMEVIHIAB01" , "jegy" , _ ) >= 2 VAGY
    TargyEredmeny("BMEVIHIA215" , "jegy" , _ ) >= 2 )
    ÉS
    (TargyEredmeny("BMEVIMIAB00" , "jegy" , _ ) >= 2 VAGY
    TargyEredmeny("BMEVIMIAB03" , "jegy" , _ ) >= 2 VAGY
    TargyEredmeny("BMEVIMIA219" , "jegy" , _ ) >= 2 )

    VAGY Szakirany("AMImédiainf", _) )

    ÉS
    NEM ( TárgyEredmény( "BMEVIHIM102" , "jegy" , _ ) >= 2
    VAGY
    TárgyEredmény("BMEVIHIM102", "FELVETEL", AktualisFelev()) > 0
    VAGY
    TárgyEredmény( "BMEVITMA378" , "jegy" , _ ) >= 2
    VAGY
    TárgyEredmény("BMEVITMA378", "FELVETEL", AktualisFelev()) > 0)

    ÉS (Training.Code=("5N-A8") VAGY Training.Code=("5NAA8"))

    A fenti forma a Neptun sajátja, ezen technikai okokból nem változtattunk.

    A kötelező előtanulmányi rend az adott szak honlapján és képzési programjában található.

    7. Objectives, learning outcomes and obtained knowledge This course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using computing systems. The course prepares BSc students for security challenges that they may encounter during their professional carrier, and at the same time, it provides a basis for those student who want to comtinue their studies at MSc level. We put special emphasis on software security and the practical aspects of developing secure programs.
    8. Synopsis Week 1: Introduction
    Motivation, examples, areas of IT security at a glance.

    Week 2: Malicious software (malware)
    Types of malicious software (viruses, worms, Trójans, etc.), their operation, spreading mechanisms and hiding techniques (rootkits), applications of malware (cybercrime, botnets, targeted attacks). Detecting malware infections, incident response, reverse engineering malware samples.

    Week 3: Software security
    Security problems stemming from programming bugs and design mistakes, techniques to exploit software vulnerabilities, illustrative examples (buffer overflow, heap overflow, format string, error handling, race conditions, ROP, etc).  Special features of different programming languages (C/C++, Java, script languages) and frameworks with respect to software security.

    Week 4: Secure programming
    Security analysis and testing of software (code review, architectural risks, software penetration testing, fuzzing), introduction of some tools that help testing. Secure programming methodologies, illustrative examples.

    Week 5: Operating systems security
    User authentication, access right management and access control in Windows and Unix/Linux systems. Kernel integrity, process isolation, memory protection (e.g., ASLR). Hardened Oss (Linux Security Modules, Microsoft EMET).

    Week 6: Browser security and security of web applications
    Security issues and built-in security features in modern browsers (DOM access control model, same origin policy, handling third party cookies, sandboxing and other protection against malicious scripts and content). Security risks of plug-ins and helper objects. Security of web based applications, typical attacks (SQL injection, XSS, CSRF, etc.) and proposed countermeasures. Typical problems of CMS systems (backdoors, executing arbitrary code) and proposed countermeasures.

    Week 7: Security of mobile platforms and cloud based systems
    Security architectures of Android and iOS, application permission models. Mobile malware. Other security and privacy problems in mobile platforms.  Security challenges of cloud based services, protecting data stored in the cloud, security of virtualization, cloud infrastructure protection against malicious guests.

    Week 8: Network intrusion techniques
    Phases of a typical network penetration attack (reconaissance, intrusion, installation of a backdoor, lateral movement and privilege escalation, getting root access), methods and tools used in different phases, illustrative examples. Penetration testing of networks, ethical hacking.

    Week 9: Firewalls and Intrusion Detection Systems (IDS)
    Perimeter defense with firewalls, types of firewalls, their operating principles, typical configuration settings and pitfalls, illustrative examples. Introduction of some specific firewall products. Types and operation of IDS systems and Security Information and Event Management (SIEM) systems. Introduction of some specific IDS and SIEM products. Log analysis, log analysis tools.

    Week 10: Cryptographic algorithms and basic protocols
    Overview of cryptographic primitives. Block encryption modes, message authentincation and integrity protection, random number generation, key exchange protocols, and public key infrastructure (PKI).

    Week 11: Secure communication protocols
    Practical use of cryptography for providing secure communication channels, illustration through well-known examples (TLS, IPsec, Wifi security). Security analysis of protocols, introduction of some known attacks.

    Week 12: Privacy protection
    Tracking users on the Web (e.g., browser fingerprinting, third party cookies). Privacy problms in social networks. Anonymous communication systems (e.g., Tor) and their application areas.

    Week 13: Risk management and IT security standards
    Security risk management basics, risk assessment process, methods. IT security standards and recommendations (e.g., ISO 27000, ISO 17799, COBIT, Common Criteria framework, some important RFCs and NIST standards)

    Week 14: Security of an enterprise architecture
    Summary and overview of the topics of the whole course via an integrated example, where we illustrate the design of an enterprise security architecture.

    9. Method of instruction Lecture
    10. Assessment Fulfilling the requirements of 1 homework project and 1 classroom test.
    The final grade is the average of the grades obtained for the homework and the test.

    12. Consultations Ad hoc meetings with the lecturer.
    13. References, textbooks and resources
    Slides are available on the course web site with further recommended readings.
    14. Required learning hours and assignment
    Kontakt óra45
    Félévközi készülés órákra 
    Felkészülés zárthelyire20
    Házi feladat elkészítése25
    Kijelölt írásos tananyag elsajátítása 
    Vizsgafelkészülés 
    Összesen90
    15. Syllabus prepared by Dr. Levente Buttyán    Associate Professor    HIT