Adrian Perrig: Catalogue data in Autumn Semester 2016
|Name||Prof. Dr. Adrian Perrig|
Institut f. Informationssicherheit
ETH Zürich, CAB F 85.1
|Telephone||+41 44 632 99 69|
|252-1414-00L||System Security||5 credits||2V + 2U||S. Capkun, A. Perrig|
|Abstract||The first part of the lecture covers individual system aspects starting with tamperproof or tamper-resistant hardware in general over operating system related security mechanisms to application software systems, such as host based intrusion detection systems. In the second part, the focus is on system design and methodologies for building secure systems.|
|Objective||In this lecture, students learn about the security requirements and capabilities that are expected from modern hardware, operating systems, and other software environments. An overview of available technologies, algorithms and standards is given, with which these requirements can be met.|
|Content||The first part of the lecture covers individual system's aspects starting with tamperproof or tamperresistant hardware in general over operating system related security mechanisms to application software systems such as host based intrusion detetction systems. The main topics covered are: tamper resistant hardware, CPU support for security, protection mechanisms in the kernel, file system security (permissions / ACLs / network filesystem issues), IPC Security, mechanisms in more modern OS, such as Capabilities and Zones, Libraries and Software tools for security assurance, etc.|
In the second part, the focus is on system design and methodologies for building secure systems. Topics include: patch management, common software faults (buffer overflows, etc.), writing secure software (design, architecture, QA, testing), compiler-supported security, language-supported security, logging and auditing (BSM audit, dtrace, ...), cryptographic support, and trustworthy computing (TCG, SGX).
Along the lectures, model cases will be elaborated and evaluated in the exercises.
|252-4601-00L||Current Topics in Information Security||2 credits||2S||D. Basin, S. Capkun, A. Perrig|
|Abstract||The seminar covers various topics in information security: security protocols (models, specification & verification), trust management, access control, non-interference, side-channel attacks, identity-based cryptography, host-based attack detection, anomaly detection in backbone networks, key-management for sensor networks.|
|Objective||The main goals of the seminar are the independent study of scientific literature and assessment of its contributions as well as learning and practicing presentation techniques.|
|Content||The seminar covers various topics in information security, including network security, cryptography and security protocols. The participants are expected to read a scientific paper and present it in a 35-40 min talk. At the beginning of the semester a short introduction to presentation techniques will be given.|
- security protocols: models, specification & verification
- trust management, access control and non-interference
- side-channel attacks
- identity-based cryptography
- host-based attack detection
- anomaly detection in backbone networks
- key-management for sensor networks
|Literature||The reading list will be published on the course web site.|
|263-4640-00L||Network Security||6 credits||2V + 1U + 2A||A. Perrig, T. P. Dübendorfer, S. Frei|
|Abstract||This lecture discusses fundamental concepts and technologies in the area of network security. Several case studies illustrate the dark side of the Internet and explain how to protect against such threats. A hands-on computer lab that accompanies the lecture gives a deep dive on firewalls, penetration testing and intrusion detection.|
|Objective||•Students are aware of current threats that Internet services and networked devices face and can explain appropriate countermeasures.|
•Students can identify and assess known vulnerabilities in a software system that is connected to the Internet.
•Students know fundamental network security concepts.
•Students have an in-depth understanding of important security technologies.
•Students know how to configure a real firewall and know some penetration testing tools from their own experience.
|Content||Risk management and the vulnerability lifecycle of software and networked services are discussed. Threats like denial of service, spam, worms, and viruses are studied in-depth. Fundamental security related concepts like identity, availability, authentication and secure channels are introduced. State of the art technologies like secure shell, network and transport layer security, intrusion detection and prevention systems, cross-site scripting, secure implementation techniques and more for securing the Internet and web applications are presented. Several case studies illustrate the dark side of the Internet and explain how to protect against current threats. A hands-on computer lab that accompanies the lecture gives a deep dive on firewalls, penetration testing and intrusion detection. |
This lecture is intended for students with an interest in securing Internet services and networked devices. Students are assumed to have knowledge in networking as taught in the Communication Networks lecture.
|Prerequisites / Notice||Knowldedge in computer networking and Internet protocols (e.g. course Communication Networks (D-ITET) or Operating Systems and Networks (D-INFK).|
Due to recent changes in the Swiss law, ETH requires each student of this course to sign a written declaration that he/she will not use the information given in this for illegal purposes. This declaration will have to be signed and submitted no later than at the beginning of the second lesson.