Checking date: 23/04/2024


Course: 2024/2025

Security Engineering
(13893)
Bachelor in Computer Science and Engineering (2011 Study Plan) (Plan: 256 - Estudio: 218)


Coordinating teacher: ESTEVEZ TAPIADOR, JUAN MANUEL

Department assigned to the subject: Computer Science and Engineering Department

Type: Compulsory
ECTS Credits: 6.0 ECTS

Course:
Semester:




Requirements (Subjects that are assumed to be known)
Criptography and Information Security (Year 3, Semester 1) Computer Networks (Year 3, Semester 1) Operating Systems (Year 2, Semester 2)
Description of contents: programme
1. Introduction to Cybersecurity 1.1. What is cybersecurity? 1.2. The CIA Triad 1.3. Vulnerabilities, Threats, Risks, and Controls 1.4. Adversaries 1.5. Design Principles 1.6. Research Areas in Cybersecurity 2. Authentication 2.1. User Authentication 2.2. Authentication Factors 2.3. Passwords and Password Managers 2.4. Biometric Authentication 2.5. Federated Identity 3. Access Control 3.1. The Protection Problem 3.2. Access Control Models 3.3. Access Control in Linux (I): Credentials and the Permission System: 3.4. Access Control in Linux (II): POSIX ACLs and Capabilities 4. Network Security 4.1. Communication Security 4.2. TCP/IP Security 4.3. Network Discovery and Scanning 4.4. Web Security 4.5. Firewalls 4.6. Intrusion Detection Systems 5. Security Protocols: TLS 5.1. History and Design Goals. 5.2. The Handshake Protocol 5.3. The Record Protocol 5.4. Interception and Certificate Pining 6. Vulnerabilities 6.1. Vulnerability Types 6.2. Numbering (CVE) and Metrics (CVSS) 6.3. Life Cycle of a Vulnerability 7. Malware 7.1. Malicious Code 7.2. Types 7.3. Payloads, Propagation and Activation 7.4. Case Studies 8. Cybersecurity Regulation 8.1. Regulation in the US 8.2. Regulation in the EU 8.3. Privacy Regulation
Learning activities and methodology
The teaching methodology includes: 1. Lectures to present the knowledge base that students must acquire. Students will be provided with the lecture notes used in class along with additional documents and basic text references to help in the study of the topics covered. (2 ECTS) 2. Practical lectures, where the students will have to solve exercises and quizzes. (1 ECTS) 3. Discussion of real cases to illustrate concepts and techniques introduced during the lectures. (1 ECTS) 4. Lab sessions in computer labs, where the students will learn techniques and develop skills in the use of cybersecurity tools, including binary analysis, distributed systems security and network security. (2 ECTS)
Assessment System
  • % end-of-term-examination 60
  • % of continuous assessment (assigments, laboratory, practicals...) 40

Calendar of Continuous assessment


Extraordinary call: regulations
Basic Bibliography
  • Anderson, Ross. SECURITY ENGINEERING: A GUIDE TO BUILDING DEPENDABLE DISTRIBUTRED SISTEMS (2nd edition). Wiley. 2008
  • Pfleeger, Charles. Pfleeger, Shari L. SECURITY IN COMPUTING (4ª edition). Prentice Hall. 2007
Recursos electrónicosElectronic Resources *
Additional Bibliography
  • Vacca, John R. (Editor).. COMPUTER AND INFORMATION SECURITY HANDBOOK.. Elsevier (The Morgan Kaufmann Series in Computer Security).. 2009.
(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN


The course syllabus may change due academic events or other reasons.