Educational guide | ||||||||||||||||||||||||||||||||||||||||
IDENTIFYING DATA | 2023_24 | |||||||||||||||||||||||||||||||||||||||
Subject | TRUSTWORTHY SYSTEMS II | Code | 01733116 | |||||||||||||||||||||||||||||||||||||
Study programme |
|
|||||||||||||||||||||||||||||||||||||||
Descriptors | Credit. | Type | Year | Period | ||||||||||||||||||||||||||||||||||||
6 | Optional | Second | First |
|||||||||||||||||||||||||||||||||||||
Language | ||||||||||||||||||||||||||||||||||||||||
Prerequisites | ||||||||||||||||||||||||||||||||||||||||
Department | ING.MECANICA,INFORMAT.AEROESP. |
|||||||||||||||||||||||||||||||||||||||
Coordinador |
|
agueh@unileon.es jfgars@unileon.es |
||||||||||||||||||||||||||||||||||||||
Lecturers |
|
|||||||||||||||||||||||||||||||||||||||
Web | http:// | |||||||||||||||||||||||||||||||||||||||
General description | ||||||||||||||||||||||||||||||||||||||||
Tribunales de Revisión |
|
|||||||||||||||||||||||||||||||||||||||
Competencies |
Type A | Code | Competences Specific |
A17087 | ||
A17094 | ||
Type B | Code | Competences Transversal |
B5220 | ||
B5221 | ||
B5222 | ||
B5223 | ||
B5224 | ||
B5225 | ||
Type C | Code | Competences Nuclear |
C1 | ||
C2 | ||
C3 | ||
C4 | ||
C5 |
Learning aims |
Competences | |||
A17087 |
B5224 B5225 |
C1 C2 C4 C5 |
|
A17094 |
B5224 B5225 |
C1 C2 C4 C5 |
|
B5220 B5221 B5222 B5223 |
C3 |
Contents |
Topic | Sub-topic |
Part 1: design of secure operating systems and secure computer networks. | 1.- Secure operating systems (SSOO). 2.- General concepts on communication networks. 3.- Vectors of attack to an OS. 4.- Pentesting. |
Part 2: Current Trends in Network and Operating System Security. | 1.- Malware Taxonomy. 2.- Countermeasures. |
Parte 3: Análisis avanzado de sistemas confiables y de seguridad. | 1.- Traffic analysis: wireshark, cacti. 2.- Advanced log management. |
Part 4: introduction to security-related mechanisms in the administration of operating systems. | 1.- Permission management. 2.- Windows registry keys. 3.- Disk and memory quotas. |
Part 5: access control and authentication mechanisms. | 1.- Web authentication: basic, user/password, session token. 2.- Attack against web authentication: brute force, SQL injection, XSS. 3.- Attacks against the Windows authentication system: bypass of the login system, extraction of passwords from the SAM file. |
Part 6: Audit, backup and restoration mechanisms (planning, implementation, programming). | 1.- Application audit. 2.- Redundant Array of Independent Disks (RAID). |
Planning |
Methodologies :: Tests | |||||||||
Class hours | Hours outside the classroom | Total hours | |||||||
Practicals using information and communication technologies (ICTs) in computer rooms | 18 | 62 | 80 | ||||||
Lecture | 24 | 41 | 65 | ||||||
Mixed tests | 3 | 0 | 3 | ||||||
Practical tests | 2 | 0 | 2 | ||||||
(*)The information in the planning table is for guidance only and does not take into account the heterogeneity of the students. |
Methodologies |
Description | |
Practicals using information and communication technologies (ICTs) in computer rooms | Practical application of the theoretical concepts using ICTs. |
Lecture | Exposure by the teacher of theoretical, practical, and methodological concepts. The exhibitions may be accompanied by audio-visual material: slides, online video resources. |
Personalized attention |
|
|
Assessment |
Description | Qualification | ||
Lecture | Written exam | 50%-70% | |
Practicals using information and communication technologies (ICTs) in computer rooms | Software development/configuration | 30%-50% | |
Others | Optional tests | 0%-20% | |
Other comments and second call | |||
To pass the course, it will be necessary to obtain a grade of at least 50% of the maximum in both the exam and the practicals. The works and practices presented may be reviewed with an anti-plagiarism computer program that can carry out checks between the works of the students of the current and previous call and against external sources. In the case of plagiarism, the work will be classified as suspended. During the evaluation tests, the use of electronic resources (calculators, tablets, telephones, computers, etc.) will not be possible, except for those tests that, upon the express indication of the teacher, require the use of any of these resources. In the event of any irregularity during the examination or corresponding evaluation test, the exam will be withdrawn immediately, the student will be expelled and the grade will be suspended. In any case, it will comply with the provisions of the internal regulations of the ULe included in the document "Guidelines for action in cases of plagiarism, copying or fraud in exams or evaluation tests" (Approved Standing Committee of the Governing Council 29/01/2015). The assessment of the practices will follow one of the following criteria (optionally both). The first will be an individual test that will consist of either a modification of the practice presented, or an exposition of it. The second will be the assessment of the own practice by the teacher. In the second call, there will be an evaluation test of theoretical and practical content. The qualification of the practical tests will be kept if they have been passed with at least 50% of the maximum of the qualification in the first call and the delivery of the not passed practices will be required for their subsequent evaluation in the same terms as in the first call (individual test and/or assessment of the practice). |
Sources of information |
Access to Recommended Bibliography in the Catalog ULE |
Basic | |
Complementary | |
Recommendations |
Subjects that it is recommended to have taken before | ||
|