Secured systems engineering

lingi2144  2018-2019  Louvain-la-Neuve

Secured systems engineering
5 credits
30.0 h + 15.0 h
Q2
Teacher(s)
Legay Axel;
Language
English
Main themes
The objective of the course is to make the student aware of the problem of computer security by adopting the "ethical hacking" approach.

The approach followed is that of showing how the vulnerabilities of a computer system can be exploited to threaten security. From there, the student will develop the skills necessary to detect these vulnerabilities and to protect the system. These can be deployed upstream or downstream (depending on the development process). We will also look at the cost and strength of these measures.

The student will also receive a very brief introduction to malware analysis and the techniques to detect them.

During this course, the student will also be aware of the place that cybersecurity takes in industry, as well as the ethical issues that are related to this field.

For information, the vulnerabilities addressed will be: buffer overflow, integer overflow, format string, data race. Among the protection we will study the technique of the non-executable stack or even that of the "canary". For malware analysis, we will focus on MIRAI and the YARA tool.
Aims

At the end of this learning unit, the student is able to :

1

Given the learning outcomes of the "Master in Computer Science and Engineering" program, this course contributes to the development, acquisition and evaluation of the following learning outcomes:

  • INFO1.1-3
  • INFO2.1-5
  • INFO5.2, INFO5.4-5
  • INFO6.1, INFO6.3, INFO6.4

Given the learning outcomes of the "Master [120] in Computer Science" program, this course contributes to the development, acquisition and evaluation of the following learning outcomes:

  • SINF1.M1
  • SINF2.1-5
  • SINF5.2, SINF5.4-5
  • SINF6.1, SINF6.3, SINF6.4

Students completing successfully this course will be able to

  • design of computer systems using the authentication token ensuring the security of these systems,
  • implement a secure token-based application whose main objective is to provide authentication,
  • explain the techniques used in security in order to convince potential users that these aspects have been properly taken into account,

Students will have developed skills and operational methodology. In particular, they have developed their ability to

  • write a brief technical report to highlight the main features of software that has been developed, utilizing the proper terminology and the appropriate theoretical concepts,
  • achieve a successful demonstration of the software that has been developed, choosing the relevant tests according to the specifications and ensuring in advance that the software passes them,
  • consider the ethical dimensions (particularly regarding respect for privacy, confidentiality of information, ...)  as part of their professional practice,
  • argument to the commoditization of computer systems and risks that this entails in terms of information security and in particular for the protection of privacy.
 

The contribution of this Teaching Unit to the development and command of the skills and learning outcomes of the programme(s) can be accessed at the end of this sheet, in the section entitled “Programmes/courses offering this Teaching Unit”.
Content
The current attractive way to perform authentication with token is to use the RFID technology. Several billion RFID devices are sold every year and no one engineer should ignore this technology, its nice features, but its security flaws as well. To illustrate the course, we will see how to break an access card, a biometric passport, how to steal a car while being 20'000 km far from it, etc.
From this technology, the course will describe and extend the main points one should take care when designing a secure application.
Develop from scratch a secured solution.
  • How to read a standard.
  • Implement cryptographic tools.
  • Consider the solution as a whole.
  • ...
Discover a new field: ubiquitous computing, especially RFID.
  • Everyday life applications based on RFID.
  • Several billions computing devices around us.
  • Computer science is no longer only PCs interconnected.
  • ...
Teaching methods
Lectures introduce the theoretical and practical background needed to build a secure token-based applcation.
Evaluation methods
On first session:
  • an exam for 60% of the final mark
  • two works for 40% of the final grade 
In second session: An exam that counts for 100% of the final grade.
Other information
INGI2347 vs INGI2144
  • INGI2347 is an introduction to network security and IT applications.
  • INGI2144 is an advanced course on application security.
Online resources
https://moodleucl.uclouvain.be/enrol/index.php?id=12241
Bibliography
Support obligatoire: copie des diapositives disponible sur le site icampus.
Faculty or entity
INFO


Programmes / formations proposant cette unité d'enseignement (UE)

Title of the programme
Sigle
Credits
Prerequisites
Aims
Master [120] in Computer Science and Engineering
INFO2M
5
Master [120] in Electrical Engineering
ELEC2M
5
Master [120] in Computer Science
SINF2M
5
Master [120] in Mathematical Engineering
MAP2M
5