5.00 credits
30.0 h + 15.0 h
Q2
Teacher(s)
Legay Axel;
Language
English
Main themes
The goal of this course is to learn how to build a secure application from theory to practice in a production environment. As a case study, we will focus on token-based applications whose primary goal is to ensure authentication.
- Introduction to token-based applications.
- RFID Primer: current applications and characteristics.
- Symmetric Key Authentication Protocols.
- Examples of poor designs (MIT, DST), TMTO.
- Implementation of cryptographic building blocks
- Generating randomness.
- Examples of poor designs (Mifare).
- Relay attacks and distance bounding.
- Privacy: Information leakage and malicious traceability.
- Denial of Service.
- Study case the biometric passport.
Learning outcomes
At the end of this learning unit, the student is able to : | |
1 |
Given the learning outcomes of the "Master in Computer Science and Engineering" program, this course contributes to the development, acquisition and evaluation of the following learning outcomes:
|
Content
The objective of the course is to give an introduction to software security. We will first discuss the concepts of security and software attack. We will then analyze software vulnerabilities and we will study protections. Finally, an introduction to malware analysis will be presented.
Content:
- Introduction to cyber security
- Introduction to notions of vulnerabilities, threats and attacks
- Introduction to fishing
- Introduction to privilege escalation
- Integer overflow
- Buffer overflow: assembler, protection and counterattack
- String format and vulnerabilities of C language
- Writing of "shellcode"
- Introduction to static and dynamic analysis of malware
- Honey pots
- Dynamic memory analysis
- Packing and cracking
- External stakeholders: security at UCLouvain, at CISCO and at NVISO.
- Practical exercises on computers
- Lab: setting up traps, intrusion, malware analysis
- Introduction to notions of vulnerabilities, threats and attacks
- Introduction to fishing
- Introduction to privilege escalation
- Integer overflow
- Buffer overflow: assembler, protection and counterattack
- String format and vulnerabilities of C language
- Writing of "shellcode"
- Introduction to static and dynamic analysis of malware
- Honey pots
- Dynamic memory analysis
- Packing and cracking
- External stakeholders: security at UCLouvain, at CISCO and at NVISO.
- Practical exercises on computers
- Lab: setting up traps, intrusion, malware analysis
Teaching methods
Theory classes, practical classes. Seminar by external experts.
Evaluation methods
On first session:
In second session: An exam that counts for 100% of the final grade.
The oral exam focuses on theory and practice.
- an exam for 60% of the final mark
- two works for 40% of the final grade
In second session: An exam that counts for 100% of the final grade.
The oral exam focuses on theory and practice.
Other information
INGI2347 vs INGI2144
- INGI2347 is an introduction to network and application security.
- INGI2144 is an advanced course on application security.
- computer systems and programming. It is not necessary to follow INGI2347 in order to follow INGI2144
- Students who do no know whether their background allows them to attend the course (e.g. students from ELEC, ELME or MAP) should contact the lecturer.
Online resources
https://moodleucl.uclouvain.be/enrol/index.php?id=12241
Bibliography
Available on moodle.
Disponible sur moodle.
Disponible sur moodle.
Faculty or entity
INFO
Programmes / formations proposant cette unité d'enseignement (UE)
Title of the programme
Sigle
Credits
Prerequisites
Learning outcomes
Master [120] in Data Science Engineering
Master [120] in Electrical Engineering
Master [120] in Computer Science and Engineering
Master [120] in Data Science: Information Technology
Master [120] in Computer Science
Master [120] in Mathematical Engineering