Security 2

Courses classes are Thursday form 9h45 to 11h15 online (the link is available on the moodle)

Online resurces

Security Engineering (Ross Anderson): only for chapters 1, 8 and 9;
notes on attack and attack-defence trees
notes on access control

Evaluation:

Attack trees presentations (30%)
Evaluation on information flows (20%)
Homeworks on Proverif (50%)

Course schedule

Week 1, 15 February: Overview

What does security mean?
Secure systems need good design:
- Evaluate potential risks
- Risk assessment and cost models
- Risk prevention/incentives

Week 2, 22 February: Attack Trees

Risk management
- security risk = possible damage
  - Identify risks
  - Reduce risks
  - Keep other risks under control during this operation
  - Repete...
- Glossary
  - Asset = something of Evaluate
  - Vulnerability = a weakeness of an Asset
  - Threat = exploitation of a vulnerability
  - Threat agent
  - Risk = quantification of a threat
  - Control = measure to reduce a risk
- How to do risk analysis?
  - identify context
  - identify assets
  - assess risks
  - treat risks
- Classify threats (impact vs likelihood)
- Possible controls:
  - acceptance
  - avoidance
  - transfer
  - possible treatments: accept risks, reduce impact, reduce likelihood
- Controls have costs or may not be 100% effective
Attack Trees
- free lunch tree example
- threat Trees
- fault Trees
- Tree nodes are AND, OR, SAND, KofN ...
Attack Trees semantics
- Why semantics? (distinguis equivalent trees)
- propositional/set semantics
- multiset semantics
Computing Attributes
- possible attribute domains: cost, probability, possibility, time, ...
- possibility = boolean circuits
- cost = OR -> minimum of children values / AND -> sum of children values
- probability = OR -> probability of union / AND -> probability of intersection

Week 3, 1 March: Be prepared if something going wrong

attack-defence trees

Week 4, 8 March: Students presentations

Students short presentations (5 minutes each) of a simple system analysed using attack trees:

A presentation of the problem
An attack tree (minimal height=3, minimal width = 3)
Risk assessment made using the given attack tree (probability and costs)
Using the attack tree, provide an attack-defence tree with costs

Week 5, 15 March: Information flow overview

Represent information flow
Information flow and security
Access control
Multilevel security

Week 6, 22 March: Chinese Wall

presentation of the model
examples
prove properties
comparing other models

Week 7, 29 March (Ross Horne): Hardware security:

Spring break (week of the 5th of April)

Week 8, 12 April (Sergiu Bursuc): Intro to protocols

Week 9, 19 April (Sergiu Bursuc): Follow up on protocols

Week 10, 26 April (Semyon Yurkov): explain ePayment protocol proof in Proverif

Week 11, 3 May (Reynaldo Gil Pons): explain Mafia fraud proof in Proverif

Week 12, 10 May (Sergiu Bursuc): Advanced

Week 13, 17 May (Sergiu Bursuc): Advanced

Week 14, 24 May (Sergiu Bursuc): Advanced

CS2040 - Spring course 2020

Courses classes are on Monday, Wednesday and Thursday form 1h45 to 3h05 in room PL-5 (2bis, Passage Landrieu).

Textbook

INTRODUCTION TO. JAVA. PROGRAMMING (10th Edition) by Daniel Jiang

Tutor: Gavin Goerke

Online resurces

Java

W3shool: usefull website with tutorial and explainations;
geekforgeek: another usefull website;
stackoverflow: if you have a really weird code problem, it probably has already be solved here;

Base 2 integer conversion

From base 10 to base 2 and

Linear Feedback Shift Register

The "De Brujin" magic trick

!! their card encoding may not corresponds to the one proposed in this exercise!!

the math behind;
the trick in action 1
the trick in action 2

Exceptions

Exceptions have to be excaptional!
Some in-depth articles on When and How to use or avoid exceptions:

a general overview on exceptions in Java
When and How to Use Exceptions
How and When (Not) to Use Exceptions

JavaFX

If you have problems with JavaFX and eclipse on your laptop (like me), you can download IntelliJ (community version) and follow these instructions;

Program of the course

/tr>

Date	Content	Assignments
Week 1: Gen 13	Introduction Introduction to the course and the course Web site Peergrade Compilers and IDE Introduction Slides !! Class only on Monday 13 !!	Ex1 Part1 try Part 2
Week 2: Gen 20 at 13h45 Gen 23 at 13h45 and at 15h20	Types Data type Program type Type casting An elementary encryption method: Caesar cipher Encrypting via LFSR No class on Wednesday 22, double class on Thursday 23	Write a Caesar cipher encripting program Finish Ex1 and upload the solution on peergrade. Revise course CS1040 topics: Chapters 1-8 of the book (see also myProgrammingLab exercises)
Week 3: Gen 27 at 13h45 Gen 29 at 13h45 Gen 30 at 13h45 and at 15h20	Objects and Classes What is a class? Unified Modeling Language this What is an object? Differences between objects and classes Why to use OOP? Programming paradigms (procedural vs OOP) here our zoo classes ! Double class on Thursday 30 !	Book chapter 9 Give feedback to at least 2 peergrade submissions myProgrammingLab exercises on book chapter 9 (at least the two projects at the end of the chapter)
Week 4 Feb 3 at 13:55 Feb 5 at 13:45 Feb 6 at 13:45	OOP thinking & Inheritance & Abstract Classes Why to use OOP? Data access Association Subclasses Inheritance super Override VS Overload Polymorphism here our new zoo ArrayList Excercise: social network (the code we wrote in class)	Book chapter 10 & 11 & 13 myProgrammingLab exercises on chapter 10 myProgrammingLab projects of chapter 11
Week 5 Feb 10 at 13:55 Feb 12 at 13:45 Feb 13 at 13:45	Excercises Some exercises on the point of the plane (solution w.i.p.) Solution of assignement 2	Assignement 2 Revise Book chapters 9-11 & 13 myProgrammingLab exercises on chapter 10 myProgrammingLab projects of chapter 11
17.2 - 28.2	Spring Break Revise Chapters form 1 to 11 and 13, focussing on 9-11 and 13. Pay attention to the following key concept summarized in the Chapters Summary (at the end of each Chapter): Chapter 2: 9-12, 17; Chapter 3: 1, 4-6; Chapter 4: 2, 8-11; Chapter 6: all; Chapter 7: 1-9; Chapter 9: all; Chapter 10: 1, 2, 3; Chapter 11: all; Chapter 13: 1-6, 9, 10;	Keep in practice with coding
Week 6 2.3	Midterm Exam Theory Test Programming Test ! No class on Wednesday 4 !	Book chapters 1-11 & 13
Week 7 9.3	Exception handling and Text I/O exceptions and exception handling Try-Catch File class create/rename/delede files write data to a file read data from a file Excercises ! No class on Monday 9 !	Book chapter 12.1-12.11 myProgrammingLab exercises on book chapter 12
Week 8 16.3	Excercises on File Exercises (folder zip download) ! No class on Monday 16 !	Book chapter 12.10-12.11 myProgrammingLab exercises on book chapter 12
Week 9 23.3	JavaFX the Application class and the method launch Scene,Stage and Pane Working with layouts Property binding Color and Font Solutions to File Exercises Scene Builder and Gluon are visual layout tools design GUI. First steps using scene builder. More details on using scene builder. With and without scene builder.	Book chapter 14, suggested order: from 14.1 to 14.4 -> 14.10 -> from 14.5 to the end First step tutorial: How to create a new windows A more detailed tutorial on JavaFX Send me your final project proposal [What kind of application you want to develop?]
Week 10 30.3	Event Driven Programming and some more JavaFX Event source MouseEvent KeyEvent Animations: Animation, PathTransition, FadeTransition, and Timeline Label and Buttons	Book chapter 15 untill 16.4 HW3 on peergrade Try to make run the boinching ball example a the end of chapter 15
Week 11 6.4	JavaFX and I/O Radio Button TextField PasswordField ComboBox and ListView To view and play video and audio	Book chapter 15 Start to implement the GUI of your final project Try to make this Connection Four look like this.
Week 12 13.4	Recursion Recursion in programming Factorial Fibonacci numbers Fractals	book chapters 17 and 18 Send me at least a static (does not change by user interaction) but working (that is compiling and showing all the components) graphical interface for your final project before Thursday the 16th.
Week 13 20.4	Recursion and Complexity Last project revision Recursion vs Iteration Complexity: O(n) notation What is the complexity of an algorythm? Complexity of sorting algorithms Complexity: 1000000$ Problems	Chapter 22-23 Send me your first version of the final project before Thursday the 23th
Week 14 27.4	class only on Monday: course recap and project revision. PROJECT DEADLINE THURSDAY 30th AOE
7.5	Final Exam, h12, room: PL-5

Course Syllabus

download

Security 2

Online resurces

Evaluation:

Course schedule

Week 1, 15 February: Overview

Suggested reading:

Week 2, 22 February: Attack Trees

Suggested reading:

Week 3, 1 March: Be prepared if something going wrong

Week 4, 8 March: Students presentations

Week 5, 15 March: Information flow overview

Suggested reading

Week 6, 22 March: Chinese Wall

Suggested reading

Week 7, 29 March (Ross Horne): Hardware security:

Spring break (week of the 5th of April)

Week 8, 12 April (Sergiu Bursuc): Intro to protocols

Week 9, 19 April (Sergiu Bursuc): Follow up on protocols

Week 10, 26 April (Semyon Yurkov): explain ePayment protocol proof in Proverif

Week 11, 3 May (Reynaldo Gil Pons): explain Mafia fraud proof in Proverif

Week 12, 10 May (Sergiu Bursuc): Advanced

Week 13, 17 May (Sergiu Bursuc): Advanced

Week 14, 24 May (Sergiu Bursuc): Advanced

CS2040 - Spring course 2020

Textbook

Tutor: Gavin Goerke

Online resurces

Java

Base 2 integer conversion

Linear Feedback Shift Register

The "De Brujin" magic trick

Exceptions

JavaFX

Program of the course

Course Syllabus

Contacts