Computer System Security (TCS591)

B. Tech CSE V Semester

Instructor:
Dr. Mohammad Wazid
Professor, Department of CSE
Head of Cyber security and IoT research group
Graphic Era (Deemed to be University), Dehradun, India
Email: [email protected]
Homepage: https://sites.google.com/site/mwazidiiith/home
About the instructor
Qualification:
1.Postdoc from Cyber Security and Networks Lab, Innopolis
University, Innopolis, Russia.
2. Ph. D (CSE) from Center for Security, Theory and Algorithmic
Research of the International Institute of Information Technology
(IIIT), Hyderabad, India.
3. M. Tech. Computer Network Engineering from Graphic Era
Deemed to be University, Dehradun, India.
4. B. E. (CSE) from KEC, Dwarahat, (Regional Engineering College
(REC) Uttarakhand, India.
About the instructor
Research background:
Published 133 papers in international journals and conferences, along with
13 patents have been granted/published in the fields of
Cyber Security
Authentication
Internet of Things (IoT)
Cloud Computing
Big Data
Blockchain
About the instructor
Research background:
Some of the research findings were published in top cited journals, such as
the IEEE TIFS, IEEE TDSC, IEEE Transactions on Smart Grid, IEEE
Internet of Things Journal, IEEE Transactions on Industrial Informatics,
IEEE Journal of Biomedical and Health Informatics, IEEE Consumer
Electronics Magazine, Future Generation Computer Systems, and Journal of
Network and Computer Applications.
Awards:
• University Gold Medal in M. Tech program
• Young Scientist Award by UCOST, Department of Science and Technology,
Government of Uttarakhand
• Dr. A.P.J Abdul Kalam innovator of the year award
• IEEE TNSE and ICT Express (Elsevier) Best Research Reviewer Award
Course Outcomes
• After completion of the course students will be able to:
• 1. Explain different security threats and attacks
• 2. Know the working of different attacks and security protocols
• 3. Analyse the different security protocols
• 4. Use programming to implement security protocols
• 5. Apply security mechanisms to secure various applications
• 6. Develop system security protocols
Grading scheme
• As per the University scheme.
Contents of this course

Introduction to System security

Software security
Web Security
Smartphone security
Hardware security

Reference Books:
 Security in Computing, 5th Edition by C. P. Pfleeger, S. L. Pfleeger, J.
Margulies
Unit 1. Introduction to System security
Unit 1: Topics
• Overview of computer system security, control hijacking
attacks
• Browser memory protection, Sandboxing and Isolation,
• Tools and techniques for writing robust application software,
Security vulnerability, detection tools, and techniques
• Program analysis (static, concolic and dynamic analysis)
• Privileges, access control, and Operating System Security,
Exploitation techniques, and Fuzzing
Overview computer system security

• Computer system security is the protection of information

systems from theft or damage to hardware, software, and the
stored data.
• The objective is to protect the information and associated
property from theft, corruption and other types of damage,
while allowing the information and property to remain
accessible and productive (but only to authorized users).
• It also includes the development and implementation of
security countermeasures.
Different approaches to computer system
security
• Use of data encryption
• Use of a firewall
• Use of Intrusion detection system
• Use of authentication and access control techniques
Use of data encryption
• One way to keep files and data safe is to use encryption.
• This is often used when data is transferred over the Internet,
where it could potentially be seen by others.
• Encryption is the process of encoding messages so that it can
only be viewed by authorized individuals.
• An encryption key is used to make the message unreadable,
and a secret decryption key is used to decipher the message.
Use of data encryption
• Encryption is widely used in systems like e-commerce and
Internet banking, where the databases contain very sensitive
information.
• If you have made purchases online using a credit card, it is
very likely that you’ve used encryption to do this (i.e., Secure
Electronic Transaction (SET).
Use of data encryption
• There two types of encryption techniques i.e., symmetric
(secret) key cryptographic technique and asymmetric
(public) key cryptographic technique.
• Symmetric (secret) key cryptographic technique: We use
single secret key for encryption and decryption.
• Asymmetric (public) key cryptographic technique: We use
public and private keys for encryption and decryption.
Use of firewall
• One widely used strategy to improve system security.
• A firewall consists of software and hardware set up between
an internal computer network and the Internet.
• A computer network manager sets up the rules for the firewall
to filter out unwanted intrusions.
• These rules are set up in such a way that unauthorized access
is much more difficult.
Use of firewall
• A system administrator can decide, for example, that only
users within the firewall can access particular files, or that
those outside the firewall have limited capabilities to modify
the files.
• You can also set up a firewall for your own computer (i.e.,
inbuilt firewall in operating system).
Use of intrusion detection system
• Second level of defence.
• An intrusion detection system (IDS) is a device or software
application that monitors a network for malicious activity or
policy violations.
• Any malicious activity or violation is typically reported or
collected centrally using a security information and event
management system.
• Some IDS’s are capable of responding to detect intrusion
upon discovery. These are classified as intrusion prevention
systems (IPS).
Use of intrusion detection system
IDS Detection Types
• There is a wide array of IDS, ranging from antivirus software
to tiered monitoring systems that follow the traffic of an
entire network. The most common classifications are:
Network intrusion detection systems (NIDS)
• A system that analyzes incoming network traffic (i.e.,
SNORT oldest NIDS)
Host-based intrusion detection systems (HIDS)
• A system that monitors important operating system files (i.e.,
antivirus software).
References
 Textbook: Security in Computing, 5th Edition by C. P. Pfleeger, S. L. Pfleeger, J. Margulies