2023-2024 / INFO8013-1

Advanced Computer Security

Durée

20h Th, 20h Labo., 30h Proj.

Nombre de crédits

 Master : ingénieur civil en informatique, à finalité (années impaires, organisé en 2023-2024) 5 crédits  
 Master : ingénieur civil en informatique, à finalité (double diplômation avec HEC) (années impaires, organisé en 2023-2024) 5 crédits  
 Master en sciences informatiques, à finalité (années impaires, organisé en 2023-2024) 5 crédits  
 Master en sciences informatiques, à finalité (double diplômation avec HEC) (années impaires, organisé en 2023-2024) 5 crédits  

Enseignant

Benoît Donnet, Laurent Mathy

Langue(s) de l'unité d'enseignement

Langue anglaise

Organisation et évaluation

Enseignement au deuxième quadrimestre

Horaire

Horaire en ligne

Unités d'enseignement prérequises et corequises

Les unités prérequises ou corequises sont présentées au sein de chaque programme

Contenus de l'unité d'enseignement

This course is the natural follow-up of INFO0045 (Introduction to Computer Security). The objectives behind this course are to extend students' knowledge on Computer Security by discussing and practicing up-to-date Computer Security concepts.

The course is divided in two parts. In the first part, a few theoretical lessons are provided on advanced concepts based on cryptography mechanisms usage (see below for the table of content). In the second part, students practice advanced concepts in Computer Security, such as side-channel attacks. 

Table of Content (Theoretical lessons)
Part 1: Advanced Cryptography (B. Donnet)

  • Chapter 1: Advanced Digital Signatures
  • Chapter 2: Bank Card Payment
  • Chapter 3: Merkle Tree
  • Chapter 4: BlockChains
  • Chapter 5: Securing Bitcoin (SCRIPT)
  • Chapter 6: Securing Smart Contracts (Solidity)
Part 2: Advanced System Security (L. Mathy)

  • Chapter 1: Side-Channels
  • Chapter 2: Trusted Computing
  • Chapter 3: Fuzzing

Acquis d'apprentissage (objectifs d'apprentissage) de l'unité d'enseignement

Upon completing this course, students will have a better understanding on how cryptography can be used through several use cases.  Students will also have a theoretical and practical introduction on how to secure smart contracts through the solidity programming language.

Finally, Students will improve their practical knowledge of Computer Security

Ce cours contribue aux acquis d'apprentissage I.2, II.2, III.1, III.4, IV.3, IV.4, VI.1, VII.1, VII.6 du programme d'ingénieur civil en informatique.

 

Savoirs et compétences prérequis

Good knowledge of basics in Computer Security (INFO0045 or assimilated), in Computer Networking (INFO0010 or assimilated), in Operating Systems (INFO0940 or assimilated), and in Computation Structure (INFO0012 or assimilated).

Being comfortable with programming in C (Students must be comfortable with pointers and memory management) and in Object-Oriented programming (e.g., Java) is also suitable.

Activités d'apprentissage prévues et méthodes d'enseignement

The course is organized as follows:

  • Lectures (max 30 hours) describing in details the theoretical and practical concepts of the course
  • Lab sessions.  Labs are done individually and a short report (a simple text file to fill in or pieces of code) must be completed by the end of the lab

Mode d'enseignement (présentiel, à distance, hybride)

Cours donné exclusivement en présentiel


Explications complémentaires:

Face-to-face lectures, lab sessions, and seminars.
The course is entirely given in English.

Lectures recommandées ou obligatoires et notes de cours

Slides, labs, and assignment subjects are available on the course web page.

Following books have been used for building the theoretical lessons:

  • A. J. Menezes, P. C. van Oorschot, S. A. Vanstone. Handbook of Applied Cryptography. CRC Press. 5th Edition. August 2001
  • K. Finkenzeller. RFID Handbook, Fundamentals and Applications in Contactless Smartcards, Radio Frequency Identification, and Near-Field Communication. Ed. Wiley (3rd Edition). 2010.
  • A. Antonopoulos.  Mastering Bitcoin: Programming the Open Blockchain.  Ed. O'Reilly (2nd Edition).  2017.
  • A. Antonopoulos, G. Wood.  Mastering Ethereum: Building Smart Contracts and DApps.  Ed. O'Reilly (1st Edition).  2018
Additional references are provided throughout the slides, labs, assignment subject.

Modalités d'évaluation et critères

Examen(s) en session

Toutes sessions confondues

- En présentiel

évaluation orale

Autre : Labs


Explications complémentaires:

The evaluation will be based on supervised practical sessions (i.e., labs).  An oral exam will also be organized on theoretical lessons and possible seminars.

In more details:

  • Labs will account for 40% of the final grade
  • The Oral Exam (in June) will focus on theoretical lesson (1 or 2 question(s)).  It will account fro 60% of the final grade.
Presence at labs is mandatory.  Attending all the labs  is required for attending the oral exam.  In case of Lab absence, the student will receive an "Absence" grade (and automatically be postponed to the resit). 

Resit

Labs cannot be redone for the resit.  However, if the grade of the labs is favorable to the students, the resit session is identical to the first one, with the same weighting.

On the other hand, if the grade of the labs is not favorable to the student, it will not be taken into account in the weighting in September, which becomes 100% for the exam. Oral exam must be, obviously, redone.

Stage(s)

Remarques organisationnelles et modifications principales apportées au cours

The course is organized during the Second term (from early February to mid-May), on Monday morning. All lectures are in English.

Contacts

Lecturers:

  • Benoit Donnet (mail -- office 1.87b/B28)
  • Laurent Mathy (mail -- office 1.15/B37)
Teaching Assistants:

  • Vincent Jacquot (mail -- office 1.72b/B28)
 

Association d'un ou plusieurs MOOCs

Notes en ligne

Course Web Site
The course web site contains PDF of the slides, labs/assignments subjects, details about gradings, and the course agenda.  It also allows students to interact with the Pedagogical Team through the Discussion forum.