Security 2
Courses classes are Thursday form 9h45 to 11h15 online (the link is available on the moodle)
Online resurces
- Security Engineering (Ross Anderson): only for chapters 1, 8 and 9;
- notes on attack and attack-defence trees
- notes on access control
Evaluation:
- Attack trees presentations (30%)
- Evaluation on information flows (20%)
- Homeworks on Proverif (50%)
Course schedule
Week 1, 15 February: Overview
- What does security mean?
- Secure systems need good design:
- Evaluate potential risks
- Risk assessment and cost models
- Risk prevention/incentives
Suggested reading:
Week 2, 22 February: Attack Trees
Risk management
- security risk = possible damage
- Identify risks
- Reduce risks
- Keep other risks under control during this operation
- Repete...
- Glossary
- Asset = something of Evaluate
- Vulnerability = a weakeness of an Asset
- Threat = exploitation of a vulnerability
- Threat agent
- Risk = quantification of a threat
- Control = measure to reduce a risk
- How to do risk analysis?
- identify context
- identify assets
- assess risks
- treat risks
- Classify threats (impact vs likelihood)
- Possible controls:
- acceptance
- avoidance
- transfer
- possible treatments: accept risks, reduce impact, reduce likelihood
- Controls have costs or may not be 100% effective
- security risk = possible damage
Attack Trees
- free lunch tree example
- threat Trees
- fault Trees
- Tree nodes are AND, OR, SAND, KofN ...
Attack Trees semantics
- Why semantics? (distinguis equivalent trees)
- propositional/set semantics
- multiset semantics
Computing Attributes
- possible attribute domains: cost, probability, possibility, time, ...
- possibility = boolean circuits
- cost = OR -> minimum of children values / AND -> sum of children values
- probability = OR -> probability of union / AND -> probability of intersection
Suggested reading:
- Risk Analysis: Attack Trees & Other Tricks
- Original paper introducing attack trees
- Formalisation of attack trees semantics
Week 3, 1 March: Be prepared if something going wrong
- attack-defence trees
Week 4, 8 March: Students presentations
Students short presentations (5 minutes each) of a simple system analysed using attack trees:
- A presentation of the problem
- An attack tree (minimal height=3, minimal width = 3)
- Risk assessment made using the given attack tree (probability and costs)
- Using the attack tree, provide an attack-defence tree with costs
Week 5, 15 March: Information flow overview
- Represent information flow
- Information flow and security
- Access control
- Multilevel security
Suggested reading
Week 6, 22 March: Chinese Wall
- presentation of the model
- examples
- prove properties
- comparing other models
Suggested reading
Week 7, 29 March (Ross Horne): Hardware security:
Spring break (week of the 5th of April)

Week 8, 12 April (Sergiu Bursuc): Intro to protocols
Week 9, 19 April (Sergiu Bursuc): Follow up on protocols
Week 10, 26 April (Semyon Yurkov): explain ePayment protocol proof in Proverif
Week 11, 3 May (Reynaldo Gil Pons): explain Mafia fraud proof in Proverif
Week 12, 10 May (Sergiu Bursuc): Advanced
Week 13, 17 May (Sergiu Bursuc): Advanced
Week 14, 24 May (Sergiu Bursuc): Advanced
CS2040 - Spring course 2020
Courses classes are on Monday, Wednesday and Thursday form 1h45 to 3h05 in room PL-5 (2bis, Passage Landrieu).
Textbook
INTRODUCTION TO. JAVA. PROGRAMMING (10th Edition) by Daniel JiangTutor: Gavin Goerke
Online resurces
Java
- W3shool: usefull website with tutorial and explainations;
- geekforgeek: another usefull website;
- stackoverflow: if you have a really weird code problem, it probably has already be solved here;
Base 2 integer conversion
From base 10 to base 2 andLinear Feedback Shift Register

The "De Brujin" magic trick
!! their card encoding may not corresponds to the one proposed in this exercise!!Exceptions
Exceptions have to be excaptional!Some in-depth articles on When and How to use or avoid exceptions:
- a general overview on exceptions in Java
- When and How to Use Exceptions
- How and When (Not) to Use Exceptions
JavaFX
If you have problems with JavaFX and eclipse on your laptop (like me), you can download IntelliJ (community version) and follow these instructions;Program of the course
Date | Content | Assignments |
---|---|---|
Week 1: Gen 13 |
Introduction
|
|
Week 2:
Gen 20 at 13h45 Gen 23 at 13h45 and at 15h20 |
Types
|
|
Week 3:
Gen 27 at 13h45 Gen 29 at 13h45 Gen 30 at 13h45 and at 15h20 |
Objects and Classes
|
|
Week 4
Feb 3 at 13:55 Feb 5 at 13:45 Feb 6 at 13:45 |
OOP thinking & Inheritance & Abstract Classes |
|
Week 5
Feb 10 at 13:55 Feb 12 at 13:45 Feb 13 at 13:45 |
Excercises |
|
17.2 - 28.2 | Spring Break
Revise Chapters form 1 to 11 and 13, focussing on 9-11 and 13. Pay attention to the following key concept summarized in the Chapters Summary (at the end of each Chapter):
|
Keep in practice with coding |
Week 6 2.3 |
Midterm Exam
|
Book chapters 1-11 & 13 |
Week 7 9.3 |
Exception handling and Text I/O
|
|
Week 8 16.3 |
Excercises on File |
|
Week 9 23.3 |
JavaFX
Scene Builder and Gluon are visual layout tools design GUI.
|
|
Week 10 30.3 |
Event Driven Programming and some more JavaFX
|
|
Week 11 6.4 |
JavaFX and I/O
|
|
Week 12 13.4 |
Recursion
|
|
Week 13 20.4 |
Recursion and Complexity
|
|
Week 14 27.4 |
class only on Monday: course recap and project revision.
PROJECT DEADLINE THURSDAY 30th AOE |
|
7.5 | Final Exam, h12, room: PL-5 |