Criptography and Information Security (Year 3, Semester 1) Computer Networks (Year 3, Semester 1) Operating Systems (Year 2, Semester 2)

RA1.2: Knowledge and understanding of engineering disciplines underlying their specialisation, at a level necessary to achieve the other programme outcomes, including some awareness at their Forefront. RA2.1: Ability to analyse complex engineering products, processes and systems in their field of study; to select and apply relevant methods from established analytical, computational and experimental methods; to correctly interpret the outcomes of such analyses. RA5.3: Understanding of applicable materials, equipment and tools, engineering technologies and processes, and of their limitations in their field of study. RA5.4: Ability to apply norms of engineering practice in their field of study. CB3: Students have the ability to gather and interpret relevant data (usually within their field of study) in order to make judgements which include reflection on relevant social, scientific or ethical issues. CB5: Students will have developed the learning skills necessary to undertake further study with a high degree of autonomy. CG2: Be able to generate new ideas (creativity), to anticipate new situations, to adapt to new situations, working in a team and interact with others, but at the same time be able to work autonomously. CG9: Efficiently use ICT resources to write technical reports and project and work reports on computing, as well as quality presentations. CGB4: Basic knowledge of the use and programming of computers, operating systems, databases and computer programmes with applications in engineering. CGB5: Knowledge of the structure, organisation, operation and interconnection of computer systems, the fundamentals of their programming, and their application to the resolution of engineering problems. CGO3: Ability to design, develop, evaluate and ensure the accessibility, ergonomics, usability and security of computer systems, services and applications, as well as the information they manage. CGO6: Ability to conceive and develop centralised or distributed computer systems or architectures integrating hardware, software and networks in accordance with the knowledge acquired. CGO8: Knowledge of basic subjects and technologies, which enable them to learn and develop new methods and technologies, as well as those which provide them with great versatility to adapt to new situations. CGO9: Ability to solve problems with initiative, decision-making, autonomy and creativity. Ability to know how to communicate and convey the knowledge, skills and abilities of the profession of Technical Engineer in Computer Science. CECRI10: Knowledge of the characteristics, functionalities and structure of Operating Systems and design and implement applications based on their services. CECRI11: Knowledge and application of the characteristics, functionalities and struc- ture of Distributed Systems, Computer Networks and Internet and design and implement applications based on them. CECRI18: Knowledge of the principles and regulations of computer science at national, European and international levels.

1. Introduction to Cybersecurity 1.1. What is cybersecurity? 1.2. The CIA Triad 1.3. Vulnerabilities, Threats, Risks, and Controls 1.4. Adversaries 1.5. Design Principles 1.6. Research Areas in Cybersecurity 2. Authentication 2.1. User Authentication 2.2. Authentication Factors 2.3. Passwords and Password Managers 2.4. Biometric Authentication 2.5. Federated Identity 3. Access Control 3.1. The Protection Problem 3.2. Access Control Models 3.3. Access Control in Linux (I): Credentials and the Permission System: 3.4. Access Control in Linux (II): POSIX ACLs and Capabilities 4. Network Security 4.1. Communication Security 4.2. TCP/IP Security 4.3. Network Discovery and Scanning 4.4. Web Security 4.5. Firewalls 4.6. Intrusion Detection Systems 5. Security Protocols: TLS 5.1. History and Design Goals. 5.2. The Handshake Protocol 5.3. The Record Protocol 5.4. Interception and Certificate Pining 6. Vulnerabilities 6.1. Vulnerability Types 6.2. Numbering (CVE) and Metrics (CVSS) 6.3. Life Cycle of a Vulnerability 7. Malware 7.1. Malicious Code 7.2. Types 7.3. Payloads, Propagation and Activation 7.4. Case Studies 8. Cybersecurity Regulation 8.1. Regulation in the US 8.2. Regulation in the EU 8.3. Privacy Regulation

The teaching methodology includes: 1. Lectures to present the knowledge base that students must acquire. Students will be provided with the lecture notes used in class along with additional documents and basic text references to help in the study of the topics covered. (2 ECTS) 2. Practical lectures, where the students will have to solve exercises and quizzes. (1 ECTS) 3. Discussion of real cases to illustrate concepts and techniques introduced during the lectures. (1 ECTS) 4. Lab sessions in computer labs, where the students will learn techniques and develop skills in the use of cybersecurity tools, including binary analysis, distributed systems security and network security. (2 ECTS)