Objectives

The goal of this course is to provide the students with a global knowledge on the principles of information security and privacy, including the threats raised by information technologies and the methodology and tools to identitify, analyze and address them. In addition, the students will be trained to adopt a "security mindset", thus enabling them to automatically take information security and privacy into account when designing or anlyzing a system.

At the end of the semester, the students will possess the technical and methological skills to perform an information security and privacy oriented analysis of a system and propose solutions to address potential threats.

Contents

The course will cover the following topics (some being covered by student presentations):

• Cryptographic tools
• Definitions, properties and metrics
• Anonymization / De-anonymization
• Networking
• Cloud computing
• Mobile computing
• Economics
• Human and social aspects
• Emerging technologies (genomic, health, blockchain, Internet of things, smart home, smart grids)

The course will introduce both widely used established text-book concepts and techniques and recently proposed state-of-the-art techniques from scientific publications.

The students will be given the opportunity to apply most of the concepts and techniques covered during the lecture through exercise and practical sessions.

The course and the course material are in English. French-speaking students can however ask questions and be answered in French.

References

[1] Ross Anderson. 2021. Security engineering: a guide to building dependable distributed systems (3rd ed.). Wiley Pub.

[2] Gareth James, Daniela Witten, Trevor Hastie, and Robert Tibshirani. 2013. An Introduction to Statistical Learning. Springer.

[3] Eric Matthes. 2016. Python crash course: a hands-on, project-based introduction to programming. No Starch Press.

[4] Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. 1996. Handbook of Applied Cryptography(1 edition ed.). CRC Press.

[5] Roger B. Myerson. 2004. Game theory: analysis of conflict (6. print ed.). Harvard Univ. Press.

[6] National Cybersecurity Agency of France (ANSSI). Guideline for a healthy information system in 42 measures. Retrieved from https://www.ssi.gouv.fr/en/guide/40-essential-measures-for-a-healthy-network/

Pre-requisites

General knowledge in information/computer systems (networking, databases, operating systems), computer science and programming (data structures, algorithms, complexity) and mathematics (arithmetics and probabilities)

Evaluation

First attempt

Exam:

Written 2h00 hours

Documentation:

Allowed

Calculator:

Not allowed

Evaluation:

The evaluation is based on a final written exam at the end of the semester, presentations (personal project / scientific publication) during the class, and homeworks.

However, a grade of strictly less than 3.5 in the final written exam will lead to failure, regardless of the other grades.

Retake

Exam:

Oral 0h20 minutes

Documentation:

Allowed

Calculator:

Not allowed

Evaluation:

The grade of the oral examination will be substituted to the one obtained during the final written exam. The other grades (presentation, homeworks) will remain unchanged and will be reused for computing the final grade.