Advanced topics in security of complex systems - A.A. 2013-2014

Lecturer: Leonardo Querzoni 
CFUs: 3 

Lecture hours:     
2nd semester:     Friday 12:00-13:30, room A2. 

The fundamental role digital information play today for modern companies creates new opportunities that cyber criminals, hacktivist groups and nation states have learned to exploit. Attackers are taking advantage of gaps in security created by complex and disparate technology with increased speed, easily outflanking perimeter security defences such as anti-virus software and intrusion detection systems. While cyber attacks represented in the past esotic stories that rarely reached wide audiences, in the recent years we started to see reports of high-impact attacks appear on newspaper front pages with an alarming frequency (see for example the Stuxnet malware or the attack to Sony's Playstation Network in 2011). Starting from well known techniques for security (public/secret key cryptography, digital signatures, standard authentication protocols, intrusion detection tools) this course aims at analyzing current threats and studying a set of advanced tools and techniques for enforcing security aspects in modern complex systems. The course will focus on the following topics:

  • Security in complex distributed systems (including distributed attacks to complex IT infrastructures, intrusion detection, distributed port scan detection)
  • Federated digital identity management
  • An introduction to advanced persistent threats and malware behavioral analysis (*)
  • Economics of vulnerabilities.
  • Introduction to digital forensics.

(*) The lecture on "advanced persistent threats and malware behavioral analysis" is supported by FireEye Inc. as part of an ongoing collaboration agreement between FireEye and the Research Center on Cyber Intelligence and Information Security of this university.

Notes:

The lecture of May 30th will be held at 11:30 in room "Aula Magna". The speaker will be Daniele Nicita from FireEye. Check the following link for further details: seminar announcement

Lectures:

February 28th, 2014 - Intro
March 7th, 2014 - Attack taxonomy, structure of an IDS.
March 14th, 2014 - Structure of an IDS.
March 28th, 2014 - Port scanning techniques and countermeasures
April 11th - Port scanning techniques and countermeasures
May 9th - Digital identity federation
May 16th - Digital identity federation
May 23rd - Economics of vulnerabilities
May 30th - An introduction to advanced persistent threats and malware behavioral analysis

Slides:

The password for accessing the following PDFs is "eds" Introduction - 1 - 2 - 3 - 4 - FireEye seminar (*)

(*) Please, contact the lecturer via e-mail to access these slides.

Exam rules:

Instructions (Please read carefully and contact me for further information) Suggested topics Paper templates in LaTeX and Word.

Useful links:
  1. A. Lazarevic, V. Kumar and J. Srivastava, Intrusion Detection: a Survey. In V. Kumar et al. "Managing Cyber Threats: Issues, Approaches and Challenges", Springer, 2005.
  2. S. Staniford, J. A. Hoagland and J. M. McAlerney, Practical automated detection of stealthy portscans, Journal of Computer Security, 10, 105–136, 2002
  3. J. Jaeyeon, V. Paxson, A. W. Berger and H. Balakrishnan, Fast portscan detection using sequential hypothesis testing, Proceedings of the IEEE Symposium on Security and Privacy, 2004

Many of these papers are freely available. Those that require an active subscription can be downloaded from computers connected through the proxy installed at La Sapienza. Check the BIXY service (in italian), or contact me for further details.