582215 Introduction to Computer Security (from spring 2012 onwards; ohtk 25.8.2011)

Pääteemat Esitiedot

Lähestyy oppimistavoitetta

Saavuttaa oppimistavoitteet Syventää oppimistavoitteita

Introduction to

Computer Security

  • Can explain the terms confidentiality, integrity and the basic concepts behind these terms. 
  • Can enlist and explain the ten security principles by Saltzer and Schroeder. 
  • Can describe weak and strong passwords.
  • Can explain the concepts of assurance, authenticity and anonymity with examples.
  • Can enlist and explain some threats and attacks.
  • Can define the access control models and can describe some mechanisms to implement them.
Basic Cryptography  
  •  Can explain the basic principles of symmetric and asymmetric cryptography. 
  • Can explain one-time pad encryption, its good and bad properties and its applications to modern cryptography.
  • Can describe the basic structure of AES.
  • Can perform addition and exponentiation in modular arithmetic.
  • Can enlist some standard hash function and their properties.
  •  Can construct linear congruental pseudo random number generators and can explain methods to increase the security of random number generators. 
  • Can explain the weaknesses of AES.
  • Can describe and analyse (security, tolerance to communication errors, performance) the modes of operation of block ciphers.
  • Can encipher and decipher messages using RSA with given parameters and small numbers.
  • Can explain what is needed for efficient implementation of RSA.
  • Can demonstrate the Diffie-Hellman key exchange with small numbers and can describe the man-in-the-middle-attack against it.
  • Can describe the desirable properties of hash functions.
  • Can explain the RSA signature scheme.

Operating System


Processes, virtual memory, file system.
  • Can set and intepret the permissions for Unix files. 
  • Can describe the role of monitoring, management and event logging in the computer security.
  • Can explain the concept and motivation of password salt. 
  • Can explain the concepts of statically linked, dynamically linked, dynamic linkin library (DLL), DLL injection with its good and bad aspects.
  • Can give simple examples of buffer overflow attacks.
  • Can describe security issues related to the boot sequence, boot device hierarchy and hibernation.
  • Can describe some attacks on virtual memory.
  • Can explain the password authentication in Windows and Unix-based systems.
  • Can explain with examples the use of the setuid bit.
  • Can describe the use of file descriptors and their possible vulnerabilities.
  • Can describe stack-based and heap-based buffer overflows.

Malicious Software

  • Can describe insider attacks and defenses against them.
  • Can classify viruses and describe the features that form the foundation for defenses.
  • Can describe, in general terms, trojan horses, worms, rootkits, botnets, adware, and spyware. 
  • Can explain the countermeasures against malware.
Network Security  Protocol stack, TCP, UDP, routing, DHS
  • Can describe the ARP and IP spoofing attacks and preventive means against them. 
  • Can describe packet sniffing and methods to prevent it.
  • Can describe various kind of denial-of-service attacks.
  • Can describe the properties of stateless and stateful firewalls and can draw typical firewall configurations.
  • Can explain various TCP session hijacking methods and countermeasures against them. 
  • Can explain SYN flood attacks and optimistic TCP ACK attacks and defenses against them.
  • Can describe DNS attacks and defenses against them, including DNSSEC.
  • Can explain the functioning of SSH and IPSec.
  • Can explain VPNs and tunneling and some risks in allowing them.
  • Can explain the basic principles on which intrusion detection is based.
Browser Security  
  • Can define a certificate and an extended validation certificate.
  • Can analyse the security concerns of cookies.
  • Can explain the idea of the sandbox.
  • Can describe safe-browsing practices and can use built-in browser security methods.
  •  Can describe the functioning of the public key infrastructure.
  • Can describe HTTP session hijacking, phishing, and click-jacking and defenses against them.
  • Can explain possible vulnerabilities in media content, especially in the context of Adobe Flash, Java Applets, and Active X.
  • Can explain XSS and CSRF attacks and defenses against them.
  • Can explain server-side script inclusion vulnerabilities.
  • Can describe SQL injection attacks with examples, and defenses against server-side attacks.
28.08.2011 - 19:24 Jyrki Kivinen
16.05.2011 - 09:12 Timo Karvi