Information Security - WMM9MO80

Goal(s)

This lecture deals with Information Systems Security and provides several facets, ranging from modelling to deployment in real applications and databases. Information Systems Security refers to the processes and methodologies involved to keep information confidential, available, and assure its integrity. The lecture is divided in two major parts and assisted with several practical labs, allowing the students to model and configure security policies and also to be aware about several kinds of attacks and breaches.

Content(s)

Part 1: Access Control, or how to prevent unauthorized person from entering or accessing a system? This part deals with three topics:
· Access control mechanisms (MAC, DAC, RBAC, ABAC) and their implementations
· The detection and remediation of security breaches such as intrusions and insider attacks
· The deployment of control filters in applications and proxies.
The presented approach is built on the model-driven security paradigm (MDS). It refers to the process of modelling security requirements at a high level of abstraction, and generating technical security implementations. Security models are expressed in Domain Specific Languages (DSL), and then transformed into enforceable security rules including the run-time security management (e.g. entitlements/authorisations). Three labs are planned:
· Security management in Java-based web applications (J2EE).
· Intrusion detection: learn how to create firewall rules, monitor traffic and react when an attack is detected
· Technology intelligence for vulnerabilities: reproduce an exploit to hack and take control over a web-based server.
Part 2: Overview of modern attacks on systems, protocols, and networks and countermeasures
This part is devoted to modern attacks carried out on the Internet scale, in particular attacks on the DNS system (Domain Name System), such as cache or zone poisoning attacks, reflection and amplification of DDoS attacks (Distributed Denial of Service), IP spoofing - the root cause of DDoS attacks, botnets (e.g., Mirai), domain generation algorithms used for command-and-control communications, modern malware (e.g., Emotet trojan, Avalanche), spam, phishing, and business email compromise (BEC) scams.
The module will discuss preventative measures and security protocols to fight modern attacks, such as DDoS protection services, IP source address validation (SAV) known as BCP 38, Sender Policy Framework, and DMARC protocols as the first line of defense against email spoofing and BEC fraud, and DNSSEC to prevent DNS manipulation attacks. It will also discuss large-scale vulnerability measurements (a case study of the zone poisoning attack) and the challenges of deploying current security technologies by the system and network operators.
This part will be concluded with a practical team assignment in which students will be divided into groups and will have to configure a secure system in a real-world environment. The goal is to secure their system against the various types of discussed attacks and exploit other groups' systems.

Java, Web applications, Databases