Secured systems engineering

lingi2144  2020-2021  Louvain-la-Neuve

Secured systems engineering
Due to the COVID-19 crisis, the information below is subject to change, in particular that concerning the teaching mode (presential, distance or in a comodal or hybrid format).
5 credits
30.0 h + 15.0 h
Q2
Teacher(s)
Language
English
Main themes
The aim of this course is to master the basics of software security. Through concrete examples, we will learn how to detect programming errors that can lead to computer exploits (hacks).
Then we will look at methods to protect the system against these exploits. The costs and limitations of these prevention methods will be assessed.
Finally, an introduction to computer virology will be given.
Aims

At the end of this learning unit, the student is able to :

1 In view of the AA repository of the "Master [120] program in computer science, this course contributes to the development, acquisition and evaluation of the following learning achievements:
SINF1. M1
SINF2.1-5
SINF5.2, SINF5.4-5
SINF6.1, SINF6.3, SINF6.4 T
he students that have successfully completed this course will be sensitive to cyber security and the protection of the information system.
They will be able to:
  • Understanding the dangers and effects of a cyber attack;
  • Design secure computer programs:
  • detecting software vulnerabilities and fixing them.
Students will thus have developed methodological and operational skills. In particular they will have developed their ability to
  •  write a technical report on the safety of an application using terminology and theoretical concepts;
  • implement a secure solution;
  • take into account ethical dimensions (especially in terms of privacy, confidentiality of information, etc.) as part of their professional practice:
  • argue about the trivialization of computer tools and the risks it poses to information security
 
Content

The objective of the course is to give an introduction to software security. We will first discuss the concepts of security and software attack. We will then analyze software vulnerabilities and we will study protections. Finally, an introduction to malware analysis will be presented.
 
Content:
 
- Introduction to cyber security
- Introduction to notions of vulnerabilities, threats and attacks
- Introduction to fishing
- Introduction to privilege escalation
- Integer overflow
- Buffer overflow: assembler, protection and counterattack
- String format and vulnerabilities of C language
- Writing of "shellcode"
- Introduction to static and dynamic analysis of malware
- Honey pots
- Dynamic memory analysis
- Packing and cracking
- External stakeholders: security at UCLouvain, at CISCO and at NVISO.
- Practical exercises on computers
- Lab: setting up traps, intrusion, malware analysis
Teaching methods

Due to the COVID-19 crisis, the information in this section is particularly likely to change.

Theory classes, practical classes. Seminar by external experts.
 
Evaluation methods

Due to the COVID-19 crisis, the information in this section is particularly likely to change.

On first session:
  • an exam for 60% of the final mark
  • two works for 40% of the final grade
In second session: An exam that counts for 100% of the final grade.
Other information
INGI2347 vs INGI2144
  • INGI2347 is an introduction to network and application security.
  • INGI2144 is an advanced course on application security.
Background :
  • computer systems and programming. It is not necessary to follow INGI2347 in order to follow INGI2144
  • Students who do no know whether their background allows them to attend the course (e.g. students from ELEC, ELME or MAP) should contact the lecturer.
Online resources
https://moodleucl.uclouvain.be/enrol/index.php?id=12241
Bibliography
Available on moodle.
Disponible sur moodle. 
Faculty or entity
Force majeure
Evaluation methods

In the first session: Students who wish can keep the points for their two assignments. They also have the opportunity to take an oral exam on the whole subject. In the latter case, the assignments count for 40% and the oral exam for 60%. In the second session: an oral exam (theoretical and practical) on the whole subject.


Programmes / formations proposant cette unité d'enseignement (UE)

Title of the programme
Sigle
Credits
Prerequisites
Aims
Master [120] in Computer Science and Engineering

Master [120] in Computer Science

Master [120] in Electrical Engineering

Master [120] in Mathematical Engineering

Master [120] in Data Science Engineering

Master [120] in Data Science: Information Technology