SysSec associative members can request and obtain access to the material of the curriculum.

Chalmers University of Technology

Computer Security

Target group: Graduate

Description: The course gives basic knowledge in the security area, i.e. how to protect your system against intentional intrusions and attacks. The purpose of intrusions can be made to change or delete resources (data, programs, hardware, etc), to get unauthorized access to confidential information or unauthorized use of the system's services. The course covers threats and vulnerabilities in the computer systems and networks, as well as rules, methods and mechanisms for protection. Modeling and assessment of security and dependability as well as metrication methods are covered. During a few lectures, a holistic security approach is taken and organizational, business-related, social, human, legal and ethical aspects are treated.

Syllabus:

  • Introduction to computer security: definitions, terminology, standards. Some practical examples. Relation to dependability, reliability, availability and safety.
  • UNIX security: file system, system administration, passwords and accounts, authorization.
  • Security threats: systematic approach, physical security, including tempest, viruses, worms, Trojan horses, and logic bombs.
  • Information hiding, steganography and covert channels.
  • Introduction to cryptography.
  • Secure operating systems. Security mechanisms: authentication, authorization, access control, file protection, reference monitor, encryption and separation.
  • Intrusion detection systems. Deception systems.
  • Security Models: Bell-LaPadula, Biba, Chinese wall etc.
  • Introduction to Network Security and firewalls.
  • Security metrics.
  • Security management and organisation. Security policy and risk analysis. Social engineering, cyber criminality and information warfare.
  • Laws and ethics.

Cryptography

Target group: Graduate

Description: The course aims to provide an overview of cryptographic concepts, primitives, protocols and applications.

Syllabus:

  • Basic goals of cryptography (confidentiality, authentication, non-repudiation).
  • Symmetric key cryptography: block and stream ciphers, design principles and examples, modes of operation, message authentication codes.
  • Public key cryptography: asymmetric ciphers, signatures.
  • Attack models and security notions.
  • Protocols for key management, authentication and other services.

Language-based Security

Target group: Graduate

Description: Modern attacks often succeed at circumventing standard security mechanisms. While operating-system security policies are low-level (such as access control policies, protecting particular files), many attacks are high-level, or application-level (such as email worms that pass by access controls pretending to be executed on behalf of a mailer application). Because applications are typically specified and implemented in programming languages, application-level security is a part of the more general area of language-based security. A direct benefit of language-based security is the ability to naturally express security policies and enforcement mechanisms using the techniques of the well-developed area of programming languages.

Network Security

Target group: Graduate

Description: Almost all computer systems and applications today are highly distributed and use networks for communication and network security has therefore become an increasingly important topic. Knowledge about possible threats and countermeasures are important not only for the network security specialist but also for application programmers and everyone who wants to be able to assess and evaluate the level of security a system or application can offer. This course covers the underlying principles and techniques for network and communication security. Practical examples of security problems and principles for countermeasures are given. The course also surveys cryptographic and other tools used to provide security and reviews how these tools are utilized in protocols and applications. 

Syllabus:

  • Network attacks, encryption and random number generation
  • Analysis of weaknesses and attacks against common protocols such as TCP, UDP, IP, and ICMP
  • Denial of service (DOS) attacks, host and network scanning and operating system fingerprinting
  • Access control, authentication mechanisms, passwords, Radius, AAA, PKI, key distribution, Kerberos
  • Identity management, certificates, X.509, certificate revocation, smart cards and LDAP
  • Security protocols such as IPSec , SSL and SSH
  • Security in wireless networks, WEP, WPA, IEEE 802.1X, TKIP
  • Network design, firewalls, proxies, NAT, ingress and egress filtering
  • Virtual private networks (VPN), tunnelling protocols, network segmentation and remote access
  • Logs, alarms, syslog, SNMP
  • Link level security, VLAN technology, security in ARP, DHCP and DNS

Security Metrics

Target group: Graduate

Description: The course aims to provide an overview of security metrics.

Institute Eurecom

Secure Programming I

Target group: Graduate

Description: This course is an introductory security course which discusses in detail programming vulnerabilities and how they are exploited. For each vulnerability, possible protection and detection techniques are examined. The course includes a number of practical and non-technical lab assignments that the participants are required to solve. The main aim of the course is to make the students "aware" of basic, technical security issues.

Secure Programming II

Target group: Graduate

Description: The idea is to present problems in more detail and allow students to apply their knowledge in practical exercises. Because the class will feature a number of programming exercises, students are required to have considerable programming experience. The lecture deals with common programming mistakes and ways to detect and avoid them. Examples are used to highlight general error classes, such as stack and heap overflows. 

Topics:

  • Operating system security and vulnerabilities (UNIX, Windows, stack and heap overflows)
  • Windows Security
  • Buffer Overflows (including Heap overflow)
  • Fuzzing
  • Reverse engineering and binary analysis
  • Viruses, worms, malware and malicious code
  • Underground economy
  • Botnets
  • Social Networks

FORTH

Cybersecurity Lab

Target group: Undergraduate

Description: Theoretical foundations in, cryptographic algorithms, cryptographic protocols, access control models, formal methods, security policy, etc. provide the necessary background for students to understand the complexity and importance of computer and network security. However this theoretical background is not sufficient by itself for students to understand the real world implications of cryptography and network security. The lab is designed to give students the chance for a hands-on experience on the theoretical knowledge they have accumulated by taking other security-oriented class. This hands-on experience can be very important in the job market. It will accomplish its goals by a number of in-lab programming exercises. Broadly the topics that will be covered are: Basic cryptographic algorithms and protocols, authentication and authorization protocols, and access control models. Common network (wired and wireless) attacks as well as typical protection approaches, including firewalls and intrusion detection systems. Operating systems and application vulnerabilities and exploits, along with countermeasures.

Syllabus:

  • Sockets
  • Packet Capturing
  • Buffer Overflow
  • SQL Injection
  • Race Condition
  • Bypassing Software Protection
  • Honeypots
  • Firewalls
  • Social Engineering

Introduction to Security

Target group: Undergraduate

Description: The goal of this class is to introduce students to the security issues of information systems and networks, the mechanisms and technologies for
protection, and understand the parameters that make these techniques effective in modern systems. The course starts with basic cryptography, it is followed by a series of practical applications and techniques, and concludes with security policy issues.

Topics:

  • Intro: Historical perspective, basic crypt, modern applications.
  • Security architectures: threats, attacks, protection mechanisms, design of security policies.
  • Symmetric key crypto: block ciphers, DES/3DES/AES, attacks and defenses.
  • Asymmetric key crypto: public key crypto, digital signatures, key management,
  • RSA/DSS/ECC, attacks and defenses.
  • Message authentication: hash functions, MD5/SHA/HMAC, attacks and defenses.
  • Cryptographic protocols: authentications, key distribution, passwords, challenge response, needham-schroeder, kerberos, attacks and defenses.
  • Internet security: IPsec, SSL, TLS, SSH
  • Application security: email, PGP, S/MIME, SET, micropayments
  • Public key infrastructure: certificates
  • Other applications: banking, telecoms, digital rights management
  • Software and OS security: programming bugs, cryptographic libraries, trusted computing base
  • Practical tools and techniques: viruses, worms, bots, spyware, phishing, update tools, monitoring tools.
  • Penetration testing and evaluation: goals, issues, methods.
  • Cyber warfare: critical infrastructures, network attacks.
  • Policy: law, privacy, anonymity, data protection, rights
  • Economics of security: technology, financial incentives

Secure Systems

Target group: Graduate

Description: Secure systems is a seminar class with weekly presentations of security papers. The papers are primarily selected from the first tier security conferences: S&P, CCS, Usenix Sec, NDSS, but from other networking and systems conferences as well: Usenix, OSDI, SOSP, SIGCOMM. The goal of the class it to bring graduate students up to speed with the state of the art in computer and network security. The paper presentations are done by the students.

Politecnico di Milano

Computer Security

Target group: Graduate

Description: Designing and building secure information systems is a complex, interdisciplinary problem mixing elements of cryptoghraphy, software engineering, secure networking, as well as political and social challenges.This course is an extensive introduction to the challenges of security engineering and to the methodology to build, validate, and break security systems. The approach will be hands-on. During the lecture we will analyze (supposedly) secure systems, see how they can be broken (hacked) into, and deductively learn what was wrong and how to avoid repeating such mistakes.

Syllabus:

  • Introduction to Information Security
    • What is information security: examples
    • Vulnerabilities, Risks, Exploits, Attackers: definitions
    • Security as risk management
    • Development of an enterprise security policy
  • A short introduction to Cryptography
    • Basic concepts: cypher, transposition, substitution
    • Symmetric and asymmetric ciphers
    • Hash functions, digital signatures and PKI
    • Vulnerabilities in digital signature schemes: the case of the Italian law on digital signatures
    • Why all of the above is almost useless as a security defense (*)
  • Authentication
    • The three ways of authentication
    • Multifactor authentication
    • Authentication technologies evaluation; bypassing authentication control
  • Authorization and access control
    • Discrectionary (DAC) and mandatory (MAC) access control policies
    • Multilevel security and its applications: military secrets management
    • Access controls in DBMS
  • Software vulnerabilities
    • Errors in design, in implementation and in configuration
    • Software vulnerability examples: buffer overflow, format string bugs
    • Exploiting applications, local privilege escalation
    • Web application security: introduction
    • Examples of web application vulnerabilities: Cross-site scripting, SQL Injection
    • Hacking real web applications
    • Code review and fuzzing: finding bugs in real world application
  • Secure networking architectures
    • Network protocol attacks: Sniffing, Denial of service, Spoofing, DNS poisoning, ARP poisoning
    • Firewall: classification, available technologies
    • Secure network architectures (DMZ)
    • Virtual Private Networks (VPN)
    • Protocols for transaction security: SSL, SET
    • Wireless security: WEP, EAP, 802.1X, WPA
    • Networks security assessment tools
    • Intrusion detection system
  • Malware and security incident management
    • Virus, worm, trojan: malware
    • Honeypots and malware analysis
    • Computer forensics principles

Algorithms and Architectures for Cryptographic Systems

Target group: Graduate

Description: The aim of the course is to study the cryptographic algorithms and use of them for achieving security requirements. The cryptographic algorithms covered by the course are the most used block ciphers, stream ciphers, hash functions and public key. The description of the algorithm cover the mathematical property at the base of each algorithm, the security and the implementation space in hardware and software. Once the student masters the basic cryptographic primitive, an example of network security is given for explain how a real word application sues the basic primitives.

Cryptography and Communications Security

Target group: Graduate

Description: The course is targeted at mathematically mature students and aims at providing the tools to understand and formulate the security requirements for communications applications and to select the most suitable techniques to achieve them. It is structured in three parts. The first part describes the archetypical cryptographic problems (encryption and signatures) and solutions (symmetric and asymmetric cryptography) from a mathematical and information-theoretic point of view. The second part covers a selection of more advanced protocols, such as secret sharing schemes, games, and quantum techniques. The third part describes the security architecture of the UMTS and of the NGN to shows how cryptographic algorithms and protocols are used to provide secure communications in real-world scenarios.

Network mobility and security

Target group: Undergraduate

Description: the course is devoted to mobility and security aspects of communications networks, with reference to the Internet and local area networks.The course is composed of two parts.

The first part is devoted to security theory, and includes: 1) number theory and modular arithmetic; Fermat and Lagrange theorems; discrete logarithms. 2) Secret key cryptography: DES and concatenations. AES and the Rijndael algorithm. 3) Public key cryptography: RSA and ElGamal algorithms. Digital signatures: DSA. Message authentication and hash functions. Certificates and certification authority. 4) Security protocols: Needham-Schroeder authentication. Authenticated key establishment protocols: Diffie-Hellman and Kerberos.

The second part is devoted to network security and mobility, and includes: 5) Internet security: network address translation, IPSec tunnels and IKE protocol. Secure transport protocols: TLS. 6) Access control systems: lists and firewalls, biometric systems; Authentication protocols: EAP, RADIUS and DIAMETER. 7) Internet mobility: Mobile IP protocol; Wireless LAN access: WEP and WPA. Mobility management in the internet. 8) Cellular networks mobility: mobility management in telephone networks. Authentication and cryptography in cellular networks: GSM, UMTS and LTE.

Technical University of Vienna

Internet Security 

Target group: Undergraduate, Graduate

Description: This lecture covers a number of topics in network and system security, mostly from an attack perspective. It's aim is to give computer science students a first awareness of practical security issues, and to train them to adversarial thinking.

Topics:

  • TCP/IP security (spoofing, hijacking, sequence number guessing, denial-of-service attacks)
  • Web security (SQL injection, parameter injection, parameter tampering, etc.)
  • Network discovery/vulnerability scanning: techniques and tools (portscans, ping sweeps)
  • Distributed systems security
  • Firewalls and traffic filtering
  • Intrusion Detection Systems
  • Buffer Overflows
  • Operational Practices
  • Architectural Principles and Testing

Advanced Internet Security

Target group: Graduate

Description: Advanced Internet Security (previously Internet Security 2) serves as a continuation for the class Internet Security. The idea is to present problems in more detail and allow students to apply their knowledge in practical exercises. The lecture deals with common programming mistakes and ways to detect and avoid them. Examples are used to highlight general error classes, such as stack overflow and format string vulnerabilities.
In order to teach the subject in the most authentic way, the lecture uses an "offensive approach": Security-related topics are viewed from an attacker's perspective and possible attack scenarios are shown. In practical challenges the students need to exploit previously discussed security vulnerabilities inside a controlled challenge-environment. This improves the students' understanding of the handled topics and guarantees that they will not make similar mistakes in own projects and allows them to actively take security measures when handling security relevant projects.

Topics:

  • General Unix security
    •     Security model
    •     System call
    •     Vulnerabilities
    •     Authentication
    •     Shell/Environment attacks
  • Memory Corruption
    •     Buffer Overflows
    •     Stack overflow exploitation
    •     Format string exploitation
    •     Heap overflow exploitation
    •     Return-into-libc attacks
    •     Heap-spraying attacks
    •     Linux shellcode writing
    •     Windows shellcode
    •     Protection mechanisms
  • Windows Security
    •     Windows security intro & overview
    •     Security principles (Windows 95 to Windows 7)
    •     Spyware
    •     BHO based malware
    •     .NET security model
  • Race conditions
    •     Problem introduction
    •     Unix File System race conditions
    •     Other race conditions
    •     Computational complexity attacks
    •     Prevention mechanisms
  • Reverse Engineering
    •     Static & dynamic reverse engineering techniques & tools
    •     Malicious code analysis
    •     Code obfuscation
  • Web Security
    •     Advanced session attacks
    •     Cross site request forgery (CSRF)
    •     Browser history stealing
    •     Exploits against caching infrastructure
  • Malware
    •     Intro & taxonomy
    •     Viruses, worms, trojan horses
    •     Botnets, command&control mechanisms

Vrije Universiteit Amsterdam

Advanced Topics in Computer and Network Security

Target group: Graduate

Description: The goal of this course is for students to develop an in-depth
understanding of classical and recent research in system and network
security, and practice their presentation and argumentation
skills. The class is restricted only to our top masters programme so
that individual guidance can be offered. The course takes the form of seminars based on a selection of papers
that either have had a strong impact on security today, or explore
novel ideas that may be important in the future.

Topics:

  • RFID Security
  • Captcha
  • IP Spoofing
  • Secure BGP
  • Password Protection
  • Distributed Denial of Service Attacks
  • Sybil Attacks
  • Biometrics
  • VoIP Security
  • Secure Content Delivery
  • Anonymous Communications
  • Automated IDS Signature Generation
  • Anonymity in WSN
  • Botnet Detection
  • Trusted HW
  • Security of RFID ePassports
  • Node Replication Attack in WSN
  • Secure Data Aggregation in WSN
  • Privacy issues in Social Networks
  • Google Android smartphone security
  • Electronic Voting
  • P2P BotNet Detection
  • Taint Mechanism
  • Browser Security
  • Privacy of Location Based Services

Computer and Network Security

Target group: Graduate

Description: The course covers a wide spectrum of security issues. We explicitly
aim wider than cryptography, as we want to show students how hackers
penetrate systems. Part of the course will be hands-on: in lab
assignments, student will carry out and investigate attacks in a
controlled environment. This involves programming at the both the
highest and lowest levels (say SQL and assembly). However, we will
also briefly discuss cryptography and trust infrastructures.

Privacy And Beveiliging

Target group: Undergraduate

Description: This bachelor's course is designed to understand the principles of privacy, trust and security in a society in which distributed autonomous systems (both human and automated) interact continuously. Interaction between systems often mandates some knowledge of each others' credentials. This course will focus on management of privacy, trust and security, and not on detailed technical specifics of individual security measures. In addition to lectures, students will be required to work through a number of case studies, identifying threats for mismangement of data, and proposing measures/procedures to prevent abuse. It is a very introductory (and short) course. Not too technical.

Security Engineering

Target group: Undergraduate

Description: This is an introductory course on security engineering.  At the end of the course students will understand the concept of security management and its main steps Also, they will be able to understand and use the basic security technology used in the most important security tools and solutions available on the market.

The first part of the course explains the process and methodology followed to plan the security of a ICT system. The second part introduces the different security technology used to solve the most important security issues in securing an ICT system. The course will be a balance between theory and practice to allow students to promptly apply some of the concepts and techniques introduced during
the lectures

The course covers both security management, foundations, identification, authentication, network protection, access control, web security, IDS/IPS.