Programme Outline
Learning Objectives
Day 1
- Brief introduction to the security concepts
- Integrity and Confidentiality in terms of information flow
- Availability in distributed systems, concurrency challenges
- Access control mechanisms
- Threat assessment
- Symmetric cryptography (from Caesar Cipher to AES)
- Asymmetric cryptography (Diffie-Hellman Key Exchange, RSA, Digital signatures)
- Authentication Challenges and TLS
- Design principles
- Common design, implementation and operation level vulnerabilities
- Owasp Top 10 (SQL-injections and countermeasures)
- Secure software development life-cycle
Day 2
- Refresher OS (memory layout, calling conventions, user vs kernel mode)
- Buffer overflow attacks, return-to-libc
- Use of compromised machines (spam, botnet, data stealing)
- Attack vectors: phishing, social engineering, spearphishing
- Malware (virus, worm, rootkits)
- Threats by attackers with physical access
- Trusted computing
- Best practises/mitigation
- Networking Basics (Ip (Public/Private), Arp, Nat)
- Spoofing, Eavesdropping, Denial of Service
- Securing Network Architectures
- Wireless (802.11, Gps)
- Cloud: Basic definition, service models
– Deployment models - loT: Applications, Devices, Network Architectures
- Industrial Control Systems: Overview of architectures, devices and protocols, threats and countermeasures