Checking date: 16/05/2025 17:39:11


Course: 2025/2026

Secure Architecture
(12398)
Master in Cybersecurity (Plan: 325 - Estudio: 288)
EPI


Coordinating teacher: ALMENARES MENDOZA, FLORINA

Department assigned to the subject: Telematic Engineering Department

Type: Electives
ECTS Credits: 3.0 ECTS

Course:
Semester:




Requirements (Subjects that are assumed to be known)
Students should work comfortable in Unix environments and know Public Key Infrastructure (PKI) - Data Protection subject.
Objectives
The objectives to be achieved in this course are: - To conceive, analyze, and design a network architecture to meet specific security requirements. - To understand access control models and how they can be applied to distributed infrastructures, operating systems, classified systems, etc. - To apply the appropriate security services, mechanisms, and protocols in a specific case, minimizing risks and providing protection against attacks, especially DDoS. - To apply the knowledge acquired to propose security solutions and/or improvements in realistic vulnerable scenarios, being able to communicate the solution, its conclusions, and the ultimate reasons that support it to both specialized and non-specialized audiences in a clear and unambiguous manner.
Learning Outcomes
Description of contents: programme
This course presents and elaborates aspects related to the design of secure architectures that minimize security risks and provide resistance to attacks. The course also covers the principles, procedures and systems for handling classified information, as well as elements of physical security. The course program is organized as follows: 1. Secure Architectures 1.1. Motivation and Practical Cases 1.2. Security Design Principles 1.3. Security in Cloud Computing and Cloud Native Applications 2. Authorization 2.1. Traditional Access Control Models: DAC, MAC and RBAC 2.2. Curent Access Control Models/Architectures: ABAC, OPA, ZeroTrust (ZTA) 2.3. Identity & Access Control (IAM) Languages: XACML/SAML, Rego 3. Attack Tolerance 3.1. DoS Overview 3.2. Protection against DDoS 3.3. Back-up systems 4. Multilevel and Multilateral Security Systems 4.1. Information Classification 4.2. Principles and Procedures for handling classified Information 4.3. MLS Systems. Examples and practical considerations 5. Physical Security 5.1. Security against emanations. TEMPEST 5.2. Intrusion resistant Hardware
Learning activities and methodology
Learning activities: Theoretical lectures Practical lectures Mixed theoretical and practical lectures Laboratory practices Tutoring sessions Teamwork Individual work by the student The teaching methodology consists of: - Lectures given by the professor using audiovisual elements to develop the main concepts and to provide additional references for further learning. - Complementary activities to broaden and consolidate the acquired knowledge. Such activities are of different nature: problems, discussion of practical cases, and/or exercises using the computers in order to test tools that are useful for the deployment of secure architectures. - Elaboration and oral presentation of technical works by the students.
Assessment System
  • % end-of-term-examination/test 40
  • % of continuous assessment (assigments, laboratory, practicals...) 60

Calendar of Continuous assessment


Basic Bibliography
  • Bhavani Thuraisingham. Developing and Securing the Cloud. Auerbach Publications. 2013
  • Dieter Gollmann.. Computer Security.. John Wiley & Sons.. 2011
  • Liz Rice, Michael Hausenblas. Kubernetes Security. O'Reilly Media, Inc. 2018
  • Sam Bishop.. Computer Security: Art and Science.. Addison- Wesley Professional.. 2003
  • Sam Newman.. Building Microservices.. O'Reilly Media, Inc.. 2015
Recursos electrónicosElectronic Resources *
Additional Bibliography
  • Fran Ramírez, Elías Grande y Rafael Troncoso.. Docker: SecDevOps.. 0xWord.. 2018
  • Guy Podjarny. Cloud Native Application Security. O'Reilly Media, Inc.. June 2021
  • Stephane Jourdan, Pierre Pomes.. Infrastructure as Code (IAC) Cookbook.. PACKT.. 2017
  • William Stallings and Lawrie Brown.. Computer Security: principles and practice.. Pearson Education.. 2008
(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN


The course syllabus may change due academic events or other reasons.