This course addresses a number of topics in computer and network security. Its content includes Memory errors, Web, network, countermeasures and pointers to research papers. The course prepares students to identify software vulnerabilities, shows how to address these and introduces how vulnerabilities are exploited through malware.

IY3501 provides a non-technical introduction to security management. We will explain the need for effective security management and identify the problems associated with security management. We will explore how risks are analysed and how appropriate remedial actions are identified and implemented, referring to relevant standards and legal requirements.

This module covers aspects of cyber security focused on advanced adversaries and threats to information systems, and particularly cyber-physical systems.
For this, a number of models to study large-scale systems and networks are introduced, as well as models of adversaries and interactions with adversaries along with selected case studies of such advanced attacks and attack vectors.
The module also covers cyber-physical system security at lower levels with an overview particularly of control systems and SCADA architectures as well as threats and attacks against these.

The aim of this course is to explain the fundamentals behind cryptography and how it is deployed in real-world systems. We will discuss the security services that can be provided by cryptography, the main cryptographic mechanisms (eg symmetric key and public encryption schemes, hash functions, MACs and digital signatures), their security goals, design and basic attacks, and real-world applications and deployment of cryptography. Overall, students will get a broad overview of the key topics in cryptography that they are likely to run into as a practitioner (eg software developer).

The course's approach to present this material is to focus on how to use cryptography to enable secure communications: we will see how to use and combine the several cryptographic tools to set up a channel that can be used to "securely" exchange data between two communicating parties.

Cybercrime has become both more widespread and harder to battle. Researchers and anecdotal experience show that the cybercrime scene is becoming increasingly organized and consolidated, with strong links also to traditional criminal networks. Modern attacks are indeed stealthy and often profit oriented.

Malicious software (malware) is the traditional way in which cybercriminals infect user and enterprise hosts to gain access to their private, financial, and intellectual property data. Once stolen, such information can enable more sophisticated attacks, generate illegal revenue, and allow for cyber-espionage.

By mixing a practical, hands-on approach with the theory and techniques behind the scene, the course discusses the current academic and underground research in the field, trying to answer the foremost question about malware and underground economy, namely, "Should we care?".

Students will learn how traditional and mobile malware work, how they are analyzed and detected, peering through the underground ecosystem that drives this profitable but illegal business. Understanding how malware operates is of paramount importance to form knowledgeable experts, teachers, researchers, and practitioners able to fight back. Besides, it allows us to gather intimate knowledge of the systems and the threats, which is a necessary step to successfully devise novel, effective, and practical mitigation techniques.

IY5523: Secure Business Architectures
This course gives a broad overview of topics that impact the delivery of security architectures within a modern information processing system.

IY4501/IY5501 provides an introduction to security management. We will explain the need for effective security management and identify the problems associated with security management. We will explore how risks are analysed and how appropriate remedial actions are identified and implemented, referring to relevant standards and legal requirements.

 

MFBSO UP MPWF DSZQUP

Aims
The module is concerned with the protection of data transferred over digital networks, including computer and telecommunications networks. We review networking concepts, particularly the concepts of services and protocols, and study how services are incorporated in network communications by specifying protocols. We extend the discussion of services to address security concerns, considering how cryptographic primitives may be used to provide confidentiality, integrity and authentication services. We illustrate these concepts by considering a variety of case studies, typically including wireless, cellular, network and transport layer protocols, techniques and technologies, including non-cryptographic countermeasures such as packet-filtering, intrusion detection, etc.

Objectives
At the end of the module students should have gained an understanding of the fundamentals of the provision of security in networks, as well as an appreciation of some of the problems that arise in devising practical solutions to network security requirements.

In the module, we will survey laws that:
- define liability from cyber security failure,
- limit freedom of security operations, and
- explain multinational online liability.
The module is designed for a multinational student body and is not limited to the laws of any single jurisdiction. No prior study of law is necessary.

IY5522 Summary:
This course provides an overview of the core technologies which underpin the provision of security services in computer and network security.

In this module, you will learn to identify, exploit and fix software vulnerabilities. We will also be looking at advance topics such as malware and other academic and industry research-oriented publications on the subject.

IY5613-202223