Μάθημα : Ασφάλεια Υπολογιστικών Συστημάτων

Classes are held in Lab1 on Fridays from 16:00 to 20:00 (Theory & Lab). We start on October 3.

Class modules include security methodologies, techniques, tools and related programming exercises.

Theoretical Concepts

Security Definitions (x00)

System Security: Authentication/Authorization, Linux Examples (x01)

System Security: SW Vulnerabilities, Least Privileges, Examples (x02)

Network Security (x03)

Classical and Modern Cryptography & Modern Symmetric Crypto: Block & Stream Ciphers, Hash (x045)

Modern Asymmetric Crypto, Signatures & Certificates, Email/Web, Security Protocols (x045)

Special Topics: IoT/Embedded/CPS, Security & Safety, … (x06 links)

Lab

The lab mainly relates to applying theoretical concepts using solved programming exercises, and a programming project.  The solved exercises help you better understand the relevant theory, while the project focuses on specific security issues related to Modules 2 to 6.  The programming project relates to working with systems and applications most often using  C/C++ or Python. The platforms are simulators or actual systems running Linux, real-time operating systems, or completely bare metal.

For the solved examples but also in general you will need to install Linux (e.g., via Virtualbox, as in the 8th Semester Operating Systems course that Greek students take). For the programming project, the student chooses to work  on a security-related programming problem and present using slides & demo his/her research/development efforts. It may be necessary to work with security tools, related libraries, and open source software packages. Sample project topics relate to security and privacy in in-vehicle networks, biosensors & e-Health devices, platforms that provide enhanced security with ARM Trustzone, use of cryptographic circuits (crypto ICs) or lightweight software libraries, data privacy of IoT sensors, development of secure system/network protocols, etc.

Grading: Project and Oral Exam

All students who have never attended the course before are required to attend the following lectures & labs (dates will be adjusted if necessary), select and complete a programming project, and taking a final oral exam covering the theory lectures & lab.

Greek students who have already taken this course previously are responsible for reviewing the theory and lab exercises, and taking a final oral exam covering the theory lectures & lab for evaluation.

Tentative Schedule

Modules 1, 2 & 3 - Security Definitions, HW/SW Vulnerabilities, System/Network Security
03/10 Security Definitions (x00)
10/10 System Security, Multifactor Authentication, Authorization, Extensions, Linux (bits, passwd, wall) (x01)
17/10 SW Vulnerability, Least Privileges & Project Selection - Examples (x02)
24/10 Overview of Operating System & Network Security - Examples with VMs (x03)

Modules 4, 5  & 6 – Symmetric & Asymmetric Cryptography, Security Protocols & Special Topics
31/10 Symmetric Crypto: Block & Stream Ciphers, Hash - Examples(x045, part 1)
07/11 Asymmetric Crypto, Digital Signatures/Certificates, Key Mgt, Email - Examples (x045, part 2) - Projects
14/11 Special Topics: IoT/Embedded/CPS ... (x06) & Programming Project Selection (Deadline 10/01,16:00)

Module 7 – Projects/Surveys & Class Evaluation (Note: Further Support: AISE Lab, Monday/Tuesday evenings)
21/11 Periodic Reporting & Project Support (AISE Lab, above Erasmus office, 2nd floor, 2nd door to left)
28/11 Periodic Reporting & Project Support (AISE Lab)
05/12 Periodic Reporting & Project Support (AISE Lab)
12/12 Periodic Reporting & Project Support (AISE Lab)
19/12 Periodic Reporting & Project Support (AISE Lab) - Brief Review for Final Oral Exam
09/01 Final Project Presentations: slides & demos (AISE Lab, 17:00 to 22:00)
16/01 Final Oral Exam (Theory & Lab) in Groups (AISE Lab) - see below for the schedule

Remarks on the Final Oral Exam (Theory + Lab)

The Final Oral Exam is comprehensive and includes all above theory and lab topics.

For new students, there would be automatic registration to the final oral exam by the instructor. This will be announced in the schedule below. The project counts up to 50% of the grade, only if the final exam score is at least 4 out of 10. Strong projects include student programming for explaining, analyzing and visualizing the concepts, with a great presentation and demo presented in class. They involve significant student effort, weekly progress reports during project support sessions or office hours. For short questions (or technical issues) regarding the course or your project you can ask me before/after class, during project support sessions, or schedule a meeting via Microsoft Teams (name: Miltos.Grammatikakis)

Greek students who have already taken this course before must register for the final oral exam by sending an email to mdgramma@cs.hmu.gr - and check that the schedule is updated! There is no programming project, and to pass the course, the final exam score must be at least 5 out of 10. For short questions regarding the course you can schedule a meeting via Microsoft Teams (name: Miltos.Grammatikakis)

Format of the final oral exam: From the beginning of the oral examination to its end, there is a continuous flow of questions, where the student who is asked a question must respond immediately orally, without any delay. Late responses are not graded. The questions concern definitions, comprehension or judgment questions, and specific examples and exercises where the methodology and description of the process of analysis/synthesis of algorithmic solutions or implementations should be clearly presented. Not many details will be requested at code level, but if any additional information at the code level, pseudocode, manual etc are needed, they will be available from the instructor. Your answers will be recorded on a sheet by the teacher so that normally, your final score can be announced immediately after. If the examination is interrupted due to technical reasons or another matter, the examination is repeated (or continued from the point where it was interrupted) immediately after or on another day after consultation, with completely different questions.

Project Presentations & Demos (9 January 16:15-22:00, AISE Lab) - All Students Must Participate

16:15 - Olsa Domi — Cryptography & Steganography (Remote presentation & demo)

17:00 - Kristine Liparteliani — Reverse Engineering

18:00 - Evangelos Dadounakis — Quantum Computing and Post-Quantum Cryptography Examples

18:30 - George Mathaiou — Secure Event Correlator & Intrusion Detection Systems (survey, limited demo)

<19:00 - Questions regarding the final oral exam, coming up next Friday>

Please don't forget to send before the exam your final presentation material & code!

Project Presentations (16 January, 14:00-15:30, AISE Lab) - All Students Can Participate

14:00 - Stefanie Lorenz — Secure Chat Systems

14:45 - Zafiris Babos — Safety & Security Standards (survey) 

* Both students must prepare their preliminary presentation & demo by Monday, 12 January for comments and final modifications.

** Please don't forget to send before the exam your final presentation material & code!

Final Oral Exam (16 January 16:15-19:00, AISE Lab) - All Students Must Participate!

George Mathaiou, Evangelos Dadounakis, Zafiris Babos &  Olsa Domi, Kristine Liparteliani, Stefanie Lorenz

* The material and the setup for the oral exam was discussed after the Project Presentations on January 9. Please let me know if you have questions.

Enjoy the course & life in Crete (Erasmus studs!)

The instructor