====== Lectures ======
Lectures are held weekly on Thursdays, 12:45-14:15 in KN:E-301 according to the following plan:
^Date^Topic^Additional Resources^
|22.9.2022|[[courses:bsy:lectures:#Introduction|Introduction]]|[[https://www.cl.cam.ac.uk/~rja14/Papers/SEv3-ch8-7sep.pdf|Economics of Information systems]] [[https://arstechnica.com/gadgets/2018/10/microsofts-problem-isnt-shipping-windows-updates-its-developing-them/|MS Dev Model]] [[https://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c07.pdf|Chapter 7 of Security Engineering]] [[http://www.infosecon.net/workshop/downloads/2002/pdf/49.pdf|System reliability and free riding]] [[https://www.bcsss.org/wp-content/uploads/2012/04/Vienna.OPEN-OR-CLOSED-SYSTEMS.pdf|Open and Closed Systems are Equivalent]]
|29.9.2022|[[courses:bsy:lectures:#(In)security of Internet protocols|(In)security of Internet protocols]]|[[https://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/|TCP sequence numbers]][[http://wiki.cas.mcmaster.ca/index.php/The_Mitnick_attack|Mitnick's attack]] [[https://web.ecs.syr.edu/~wedu/seed/Book/book_sample_tcp.pdf|Attacks on TCP]] [[http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html|Explanation of DNS request]][[https://www.cs.ucr.edu/~zhiyunq/pub/ccs20_dns_poisoning.pdf|Improved version of DNS poisoning in 2020]]{{:courses:bsy:lectures:slides_9.pdf | slides}}|
|6.10.2022|[[courses:bsy:lectures:#Secure Protocols|Secure Protocols]]|[[https://scotthelme.co.uk/revocation-is-broken/|overview of issues in certificate revocation]][[ https://backreference.org/2010/11/17/dnssec-verification-with-dig/|DNSSEC ]][[https://ieeexplore.ieee.org/abstract/document/839934|Securing BGP]] |
|13.10.2022|[[courses:bsy:lectures:#Covert channels, Steganography and Steganalysis|Covert channels, Steganography and Steganalysis]]|{{ :courses:bsy:lectures:lecture.pdf |slides}}|
|20.10.2022|[[courses:bsy:lectures:#Securing private networks|Securing private networks]]| {{:courses:bsy:lectures:slides_11.pdf | slides}} [[https://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c21.pdf| Chapter 21 of Security Engineering]] [[https://www.usenix.org/system/files/login/articles/login_dec14_02_ward.pdf|Beyond corporation networks]] |
|27.10.2022|[[courses:bsy:lectures:#Access control models|Access control models]]|{{:courses:bsy:lectures:slides_4.pdf | slides}}[[https://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c08.pdf|Chapter 8 of Security Engineering]] |
|3.11.2022|[[courses:bsy:lectures:#Privilege Escalation|Privilege Escalation]] |{{:courses:bsy:lectures:lecture_5.pdf | slides}}[[https://manybutfinite.com/post/system-calls/|System calls]][[https://manybutfinite.com/post/memory-translation-and-segmentation/|memory system]][[https://manybutfinite.com/post/cpu-rings-privilege-and-protection/| CPU and rings]][[https://manybutfinite.com/post/journey-to-the-stack/|Explanation of Stack]][[https://manybutfinite.com/post/epilogues-canaries-buffer-overflows/|Buffer Overflow and canaries]][[http://www.h-online.com/security/features/A-Heap-of-Risk-747161.html|Heap overflow]]|
|10.11.2022|[[courses:bsy:lectures:#Virtualization|Virtualization]]|{{ :courses:bsy:lectures:lecture_06.pdf |slides}}[[https://cyberleninka.org/article/n/1334959.pdf|Evolution of attacks, threat models, and solutions for virtualized systems]]|
|17.11.2022|**Class cancelled (National Holiday)**||
|24.11.2022|[[courses:bsy:lectures:#Security of Browsers|Security of Browsers]]|{{:courses:bsy:lectures:lecture_07.pdf|slides}}[[https://www.makeuseof.com/understanding-linux-capabilities/|Capabilities]][[https://www.toptal.com/linux/separation-anxiety-isolating-your-system-with-linux-namespaces|namespaces]][[https://developer.chrome.com/blog/inside-browser-part1/|Inside Browser]][[https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md|chromium sandbox]]|
|1.12.2022|[[courses:bsy:lectures:#Security of Web Applications|Security of Web Applications]]|{{:courses:bsy:lectures:slides_08.pdf|slides}}[[https://web.dev/csp/|CSP]][[https://web.dev/sandboxed-iframes/|sandboxed iframes]][[https://web.dev/trusted-types/|Trusted Types]][[https://archive.org/details/thetangledwebaguidetosecuringmodernwebapplications|The tangled web]]|
|8.12.2022|[[courses:bsy:lectures:#Denial of Service|Denial of Service]]|
|15.12.2022|[[courses:bsy:lectures:#Secure Code|Secure Code]]|
|19.12.2022 - 8.1.2023|**Christmas Break**||
|12.1.2023|TBA||
You can also watch the lectures in live on [[https://youtu.be/jS98663LPrk|livestream]]. After post-processing, lectures are published on this [[https://www.youtube.com/playlist?list=PLQL6z4JeTTQnYny33okV-jVXjDWUrTmw4 | youtube channel]]
In addition to the extensive "Additional reading" section in each lecture, you can see (and improve) the [[https://docs.google.com/document/d/1EZV1l4SeTGOFTy9gC1cT1VAKi97WIJMl_lYfz_V549s/edit|material]] created by Vojtech Kozel in 2021
==== Introduction ====
* ItemCourse objectives
* What assets do we want to protect: **confidentiality**, **integrity**, **availability**.
* Difference between **policy** and **mechanism** and the struggles to create a good policy.
* Economics of information system
* Characteristics of a market:
* price of information
* technical lock-in
* [[https://en.wikipedia.org/wiki/The_Market_for_Lemons|asymetric information]]
* Economics of security and dependability
* Security seems to be a public good
* Security is a power relationship
* How much effort should I put into design, development, and testing?
=== Examples ===
[[http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/|]]
[[https://krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-based-authentication/|Limits of SMS 2FA
]] [[https://www.wired.com/story/plant-spy-chips-hardware-supermicro-cheap-proof-of-concept|Malicious microchips]]
==== (In)security of Internet protocols ====
* The importance of a protocol design
* An assumption under which legacy protocols were designed
* Threat model for network security
* Man in the middle
* Participation in the protocol
* Eavesdropping
* Evil Twin/Honeypot Attack
* ARP spoofing/poisoning
* TCP / IP protocol
* security guarantees
* TCP sequence number attack
* Mitnick attack
* UDP and DNS
* Dan Kaminsky attack
* Cache poisoning
* Changing DNS in a router
* Impact on the security of web
* BGP protocol
* Hijacking BGP protocol
* Defences?
=== Examples ===
[[https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf|Explanation of BGP man in the middle attack]]
[[https://dyn.com/wp-content/uploads/2013/05/blackhat-09.pdf|Defense against BGP man-in-the-middle attack]]
[[https://www.cs.cornell.edu/~shmat/shmat_securecomm10.pdf|Hitchhiker's guide to DNS poisoning]]
[[https://www.secureworks.com/research/bgp-hijacking-for-cryptocurrency-profit|Hijacking BGP for profit]]
[[https://www.washingtonpost.com/news/the-switch/wp/2013/11/20/researchers-say-u-s-internet-traffic-was-re-routed-through-belarus-thats-a-problem/|Examples of hijacking in the press]]
==== Secure Protocols ====
* Key exchange with public-private keys
* The role of certificates in the exchange
* Advantages of certificates and who gets/lose the money
* Problems of certificates --- a revocation nightmare
* deleting CA
* OCSP
* OCSP stapling
* public ledger
* Issuing certificates --- verification of identity
* UI aspect of certificates and who can safely use them?
* Attacks
* Cache poisoning
* HTTPS stripping
* Protocol downgrading
* Man-in-the-middle attack
* HSTS
* Certificate pinning
* DNS-Sec --- chain of trust
=== Examples ===
[[https://dnsviz.net/d/cvut.cz/dnssec/|Visualizer of DNSSEC trust chain]]
[[https://arstechnica.com/information-technology/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/|30 000 mis-issued certificates by Symantec]]
{{youtube>YuChF3b8Tjo?medium}}
==== Covert channels, Steganography and Steganalysis ====
* What are covert channels
* storage covert channels
* timing covert channels
* Side-channel attacks
* Steganography
* Steganalysis
* Watermarking
==== Securing private networks ====
* Designing policy for security of private networks
* Firewalls and their security problems
* Intrusion detection / prevetion systems
* Intrusion deterrence
* Thin clients