Computer security WM-I-BSK
Course contents:
1. Basics
Introduction to security issues of ICT systems. Concepts of resource protection and data protection, overview of types of threats, attacks in the real world, taxonomy of attacks on computer systems. Security clauses, security policy. Identification and authentication of people and services. Access control in teleinformation systems. Multilevel protection, discussion of formal methods and protection models. Bell LaPadula's model of confidentiality protection, models of systems integrity protection. Clark-Wilson model of the integrity of financial transactions. Attacks on systems: viruses, denial of service (DOS attack), etc. Introduction to cryptography, cryptographic services as tools for building system security. Ability to use the OPENSSL package, encrypt files, calculate file hashes. Email security. Operating system integrity. Safe kernel models.
2. Cryptology
Fundamentals, selected algorithms and protocols.
3. Security mechanisms of operating systems
Structures, functioning and security mechanisms of the UNIX system. File structure, processes, methods of resource access control. Create and delete user accounts. Windows protection (NT, XT, Vista, ...). Application authentication. Attacks on operating systems, history and modern state. A practical demonstration of an attack on Windows XP DLLs. System audit, security monitoring and assessment methods. Practical ability to control system logs in UBUNTU.
4. Distributed systems
Security of local networks and wide area networks. Basics of internet and web security. Examples of attacks: "Morris worm", hackers, viruses, DOS network attacks. The role of DNS in protecting the integrity of the Internet. ICAAN, IANA and national DNS authorities. Practical ability to use network tools to track and verify IP addresses to find DNS servers. Safe electronic transactions,
Electronic signature infrastructure, certificate authorities, protocols and applications. Ability to create (under the UBUNTU system) electronic signature infrastructure, WiFi network security. Practical demonstrations of an attack on poorly secured local networks.
"Safe" transactional wide area networks: SWIFT, VISA, and security techniques in GSM and UMTS telephony networks.
Security of ICT services - e-commerce, distributed computing in the cloud, etc.
5. Database security
6. Political, economic and social aspects of computer systems security.
(in Polish) E-Learning
(in Polish) Grupa przedmiotów ogólnouczenianych
Subject level
Learning outcome code/codes
Type of subject
Course coordinators
Learning outcomes
The student knows the security problems of computer systems and the basic security mechanisms.
He understood and mastered the definitions and descriptions of basic concepts, understood the principles of operation and mastered the ability to implement and use selected algorithms. He knows, identifies and is able to critically assess models and mechanisms of computer systems security.
He can present and analyze the types of threats in information systems, has mastered the selection techniques and the ability to apply methods of preventing threats. The effect of the classes is
understanding and practical mastery of computer systems security techniques, in particular risk assessment, proposition of methods for preventing, detecting and analyzing these threats, as well as identification of modern secure computer systems, their assessment, selection and determination of criteria required in example applications The student mastered
the ability and competence to problem-based assessment and administration of security in information systems. He gained the ability to analyze, create and implement security policy and the competence to propose appropriate technical, system and organizational solutions.
Can use basic security mechanisms and create trusted software.
Additional information
Additional information (registration calendar, class conductors, localization and schedules of classes), might be available in the USOSweb system: