Practical Computer Security

5 – 9 January 2015 (5 day course)

Target audience

  • Application / software developers, network and system operators
  • Users,CEOs, CIOs
  • CISOs
  • CSOs, IT Directors
  • Managers, system architects – from all industries

Overview

IT security has over recent years become a crucial consideration for all businesses and organisations across all industries in both the private and public sectors. As the number of threats is growing, all those involved in IT infrastructure, from the CEO right down to network users, need to keep one step ahead and alert regarding potential threats to their business.

This 5-day course provides a comprehensive overview of the latest IT security issues and what they could mean for your business from both theoretical and practical perspectives.

Objectives

  • Get a full overview of the latest IT security issues
  • Understand the problems and main solutions of privacy protection and of wireless network security
  • Acquire an understanding of the underlying mathematical principles of information security and developments therein
  • Obtain a clear picture of available cryptographic primitives for information security, how to use them, and how to select their parameters
  • Learn about what IT professionals must watch out for to develop and deploy secure software
  • Get hands-on experience of a few common vulnerabilities and attack scenarios
  • DAY 1
    SECURITY AND PRIVACY BASICS 

    • Morning (09:00 – 12:30)
      Phil Janson

      COMPUTER SECURITY BASICS 

      • Threats, risks, basic principles, and practical limitations
      • Information security basics and protection policies
      • Best practices for executives and end users
      • The state of affairs and potential evolution of the field
    • Afternoon (14:00 – 17:30)
      Jean-Pierre Hubaux
      PRIVACY CHALLENGES AND SOLUTIONS 

      • Brief history of privacy
      • Misconceptions on privacy protection
      • Threats to privacy
      • Privacy in databases; differential privacy
      • Anonymous routing; mix networks; Tor
      • Genomic privacy
  • DAY 2
    SECURITY AND CRYPTOGRAPHY BASICS 

    • Morning (09:00 – 12:30)
      Phil Janson

      COMPUTER SECURITY BASICS
       

      • Cryptography deployment and usage
      • Identity and access management
    • Afternoon (14:00 – 17:30)
      Arjen Lenstra
      CRYPTOGRAPHY BASICS
      The three pillars of cryptography (symmetric cryptography, hash functions, and public key cryptosystems): 

      • How they are assembled to secure communications
      • What the various security parameters actually mean
      • How the parameter choices have evolved and keep evolving
      • Understanding the risks and the impact of developments
      • What triggers developments
  • DAY 3
    SECURITY ENGINEERING & PRACTICE LAB PART I  

    • Morning (09:00 – 12:30)
      Phil Janson

      COMPUTER SECURITY ENGINEERING* 

      • Technical view of the threats to IT security and the nature of malware
      • Overview and classification of the most frequent software vulnerabilities that lead to security violations
      • How hackers leverage these to break into IT systems, and what attack patterns are most frequent
    • Afternoon (14:00 – 17:30)
      Maxime Augier, Yannis Klonatos
      COMPUTER SECURITY PRACTICE LAB* PART I
      Information Gathering, Forensics: 

      • setup a small virtual environments of services
      • use network and vulnerability scanners
      • identify common configuration problems and weaknesses
  • DAY 4
    SECURITY ENGINEERING & PRACTICE LAB PART II  

    • Morning (09:00 – 12:30)
      Phil Janson

      COMPUTER SECURITY ENGINEERING 

      • How to defend, prevent, monitor, detect and recover from attacks
      • Best Practices in ensuring secure system and software development, deployment, installation, configuration & operation
    • Afternoon (14:00 – 17:30)
      Maxime Augier, Yannis Klonatos
      COMPUTER SECURITY PRACTICE LAB* PART II
      Application vulnerabilities, Reverse engineering: 

      • code injection
      • buffer overflows, stack smashing,
      • breaking improper cryptography usage
  • DAY 5
    WIRELESS SECURITY AND PRACTICE LAB 

    • Morning (09:00 – 12:30)
      Jean-Pierre Hubaux
      SECURITY AND PRIVACY FOR MOBILE NETWORKS 

      • Attacker model in a wireless networking setting
      • Security of WiFi networks
      • Security of cellular networks
      • Security of sensor networks
      • Security of multi-hop wireless networks
      • Location privacy; mix zones; quantification of location privacy
    • Afternoon (14:00 – 17:30)
      Maxime Augier, Yannis Klonatos
      COMPUTER SECURITY PRACTICE LAB* PART III
      Web security: 

      • XSS and CSRF exploitation and prevention
      • SQL injections
      • Misc topics (steganography, password cracking)

*Note: Participants should bring their private laptop equipped with minimum:

  • VirtualBox installed, or the privileges to install it
  • 1.5 GB free disk space
  • 256 MB free memory (not counting host OS consumption)
  • Recommended: 512 MB free memory
  • Virtualization-assisted CPU (either Intel VT-X or AMD-V)

Program Director

  • Philippe Janson Adjunct Prof., Computer Science & Communication Systems

Instructors

  • Philippe Janson Adjunct Prof., Computer Science & Communication Systems
  • Jean-Pierre Hubaux Professor, Computer Communications and Application Laboratory
  • Arjen Lenstra Professor, Laboratory for Cryptologic Algorithms
  • Maxime Augier Doctoral assistant, Laboratory for Cryptologic Algorithms
  • Yannis Klonatos Doctoral assistant, Data analysis theory and Applications Laboratory

Organisation

  • School of Computer and Communication Sciences (IC), Ecole Polytechnique Fédérale de Lausanne (EPFL)

Certification

A certificate of participation will be delivered at the end of the course.

Course venue

UNIL-EPFL campus,
Lausanne, Switzerland

Registration

Course fee : CHF 3500*.-

Special 15% discount for members of: ISSS

Special 10% discount for members of : ALUMNIL (including Alumni HEC Lausanne) and EPFL Alumni

Application deadline: 10 December  2014

Places are limited.