Educational guide
IDENTIFYING DATA 2023_24
Subject TRUSTWORTHY SYSTEMS II Code 01733116
Study programme
1733 - MASTER UNIVERSITARIO EN INVESTIGACION EN CIBERSEGURIDAD
Descriptors Credit. Type Year Period
6 Optional Second First
Language
Castellano
Prerequisites
Department ING.MECANICA,INFORMAT.AEROESP.
Coordinador
GUERRERO HIGUERAS , ANGEL MANUEL
E-mail agueh@unileon.es
jfgars@unileon.es
Lecturers
GARCÍA SIERRA , JUAN FELIPE
GUERRERO HIGUERAS , ANGEL MANUEL
Web http://
General description
Tribunales de Revisión
Tribunal titular
Cargo Departamento Profesor
Presidente ING.MECANICA,INFORMAT.AEROESP. MATELLAN OLIVERA , VICENTE
Secretario ING.MECANICA,INFORMAT.AEROESP. SANCHEZ GONZALEZ , LIDIA
Vocal ING.MECANICA,INFORMAT.AEROESP. PANIZO ALONSO , LUIS
Tribunal suplente
Cargo Departamento Profesor
Presidente CONDE GONZALEZ , MIGUEL ANGEL
Secretario ING.MECANICA,INFORMAT.AEROESP. RODRIGUEZ LERA , FRANCISCO JAVIER
Vocal ING.MECANICA,INFORMAT.AEROESP. FERNANDEZ LLAMAS , CAMINO

Competencies
Type A Code Competences Specific
  A17087
  A17094
Type B Code Competences Transversal
  B5220
  B5221
  B5222
  B5223
  B5224
  B5225
Type C Code Competences Nuclear
  C1
  C2
  C3
  C4
  C5

Learning aims
Competences
A17087
 B5224
B5225
 C1
C2
C4
C5
A17094
 B5224
B5225
 C1
C2
C4
C5
B5220
B5221
B5222
B5223
 C3

Contents
Topic Sub-topic
Part 1: design of secure operating systems and secure computer networks. 1.- Secure operating systems (SSOO).
2.- General concepts on communication networks.
3.- Vectors of attack to an OS.
4.- Pentesting.
Part 2: Current Trends in Network and Operating System Security. 1.- Malware Taxonomy.
2.- Countermeasures.
Parte 3: Análisis avanzado de sistemas confiables y de seguridad. 1.- Traffic analysis: wireshark, cacti.
2.- Advanced log management.
Part 4: introduction to security-related mechanisms in the administration of operating systems. 1.- Permission management.
2.- Windows registry keys.
3.- Disk and memory quotas.
Part 5: access control and authentication mechanisms. 1.- Web authentication: basic, user/password, session token.
2.- Attack against web authentication: brute force, SQL injection, XSS.
3.- Attacks against the Windows authentication system: bypass of the login system, extraction of passwords from the SAM file.
Part 6: Audit, backup and restoration mechanisms (planning, implementation, programming). 1.- Application audit.
2.- Redundant Array of Independent Disks (RAID).

Planning
Methodologies  ::  Tests
  Class hours Hours outside the classroom Total hours
Practicals using information and communication technologies (ICTs) in computer rooms 18 62 80
 
 
Lecture 24 41 65
 
Mixed tests 3 0 3
Practical tests 2 0 2
 
(*)The information in the planning table is for guidance only and does not take into account the heterogeneity of the students.

Methodologies
Methodologies   ::  
  Description
Practicals using information and communication technologies (ICTs) in computer rooms Practical application of the theoretical concepts using ICTs.
Lecture Exposure by the teacher of theoretical, practical, and methodological concepts. The exhibitions may be accompanied by audio-visual material: slides, online video resources.

Personalized attention
 
Lecture
Practicals using information and communication technologies (ICTs) in computer rooms
Description
Personalized attention can be carried out to clarify the theoretical, practical, and methodological concepts. They cannot be used to repeat concepts exposed in classes that the student has not attended.

Assessment
  Description Qualification
Lecture Written exam 50%-70%
Practicals using information and communication technologies (ICTs) in computer rooms Software development/configuration 30%-50%
Others Optional tests 0%-20%
 
Other comments and second call

To pass the course, it will be necessary to obtain a grade of at least 50% of the maximum in both the exam and the practicals.

The works and practices presented may be reviewed with an anti-plagiarism computer program that can carry out checks between the works of the students of the current and previous call and against external sources. In the case of plagiarism, the work will be classified as suspended. During the evaluation tests, the use of electronic resources (calculators, tablets, telephones, computers, etc.) will not be possible, except for those tests that, upon the express indication of the teacher, require the use of any of these resources. In the event of any irregularity during the examination or corresponding evaluation test, the exam will be withdrawn immediately, the student will be expelled and the grade will be suspended. In any case, it will comply with the provisions of the internal regulations of the ULe included in the document "Guidelines for action in cases of plagiarism, copying or fraud in exams or evaluation tests" (Approved Standing Committee of the Governing Council 29/01/2015).

The assessment of the practices will follow one of the following criteria (optionally both). The first will be an individual test that will consist of either a modification of the practice presented, or an exposition of it. The second will be the assessment of the own practice by the teacher.

In the second call, there will be an evaluation test of theoretical and practical content. The qualification of the practical tests will be kept if they have been passed with at least 50% of the maximum of the qualification in the first call and the delivery of the not passed practices will be required for their subsequent evaluation in the same terms as in the first call (individual test and/or assessment of the practice).

Sources of information
Access to Recommended Bibliography in the Catalog ULE

Basic

Complementary


Recommendations


Subjects that it is recommended to have taken before
TRUSTWORTHY SYSTEMS I / 01733007