IT-Universitetet i København
 
  Tilbage Kursusoversigt
Kursusbeskrivelse
Kursusnavn (dansk):System Architecture and Security 
Kursusnavn (engelsk):System Architecture and Security 
Semester:Forår 2015 
Udbydes under:cand.it., softwareudvikling og -teknologi (sdt) 
Omfang i ECTS:7,50 
Kursussprog:Engelsk 
Kursushjemmeside:https://learnit.itu.dk 
Min. antal deltagere:12 
Forventet antal deltagere:60 
Maks. antal deltagere:115 
Formelle forudsætninger:Before taking this course you must:

  • have implemented at least two medium-size programming projects (7.5 ECTS each)
  • be able to design, implement, and test medium-sized programs in Java or C# or other mainstream languages.
  • know basic algorithms and data structures (e.g., lists, queues, dictionaries)
  • meet the admission requirements of the IT University.

One way to obtain these prerequisites is by following the IT University modules Object Oriented Programming or Foundations of Computing - Algorithms and Data Structures. (It is possible to take the latter course in parallel with this one.)

It is an advantage, but not a requirement, to know basics of database programming (SQL), web-programming and Linux/Unix system administration. 
Læringsmål:After the course students should be able to:

  • Identify, list, and discuss major principles of IT security
  • Apply and relate those principles to the securing of networked server installations
  • List and analyse standard attacks, especially on web applications in particular
  • Describe and explain intrusion detection
  • Identify, list, and explain common security pitfalls of web applications
  • Identify, describe and explain basic computer forensics techniques
  • Identify and describe the proper use of cryptography in security
  • Analyse an IT-system for security risks and reflect on potential improvements of the system
 
Fagligt indhold:In this course, we study applied aspects of Information Security. We address five major topics:

  • operating system security (hardening, vulnerability scanning, access control, logging)
  • application security with an emphasis on web applications (web server setup, common web exploits, authentication, session handling, code security);
  • risk analysis and risk management;
  • computer forensics.
  • practical use of cryptography in Information Security

We will discuss both analysing existing systems and designing/implementing new ones. 
Læringsaktiviteter:14 ugers undervisning bestående af forelæsninger og øvelser

Coursework takes the following forms.

• Lectures introducing & discussing concepts.
• Exercises (self-study)
• Experimental lab work (self-study)
• Project work

Most weeks will have lectures, exercises and lab work. Lectures will introduce concepts, paving the way for exercises and lab work. You are expected to complete the exercises by yourself. There are no exercise sessions with TAs since the book includes solutions to exercises. In lab work, you will carry out experiments in order to better understand the motivation and methods for secure implementation and configuration of IT systems and to assess the effectivity and impact of security measures. The experiments will be based on an extensive script and virtual machines that include example applications, questions, and answers.

Lab work, exercises, and project are expected to be conducted independently; there are no exercise classes. However, TAs have office hours 3 times a week, where you can come and ask any question you might have, and we expect to use the learnit forums extensively for questions and answers.

Finally, you will also complete, in groups of 5-6, a project:

• Based on a set of functional requirements, you will design and implement a prototypical IT system.
• You will conduct a security analysis and devise appropriate security measures for this system.
• You will then swap systems with another group, and carry out a security review of another group's system.

------------------------------------

Information about study structure

For students admitted from Autumn 2014 and later this course is part of the SDT AC track mandatory modules. For SDT DE track the course is part of the specialisation in Web Systems 

Obligatoriske aktivititer:Content

Workload

Activities
You must:
• Submit your system description and security analysis via learnit by 10am, March 26, 2015 (16 page max.)
• Submit your fully functional implementation via learnit by 10am, March 31.
• Submit your system review (of other group’s system) via learnit by 10am, April 17. (5 page max.)
These deadlines are firm. Submissions must be approved for you to attend the examination. The first two submissions must be of a sufficient quality that your partner group can use them as a basis for their review; in particular this means that your implementation must be functionally complete. There will be no re-submissions; contact the course manager or the TAs before submission if you are in doubt.

Feedback

What if the student fails to pass a mandatory activity:

Be aware: The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved and the student will use an exam attempt. 
Eksamensform og -beskrivelse:X. experimental examination form (7-scale; external exam)

The duration of the written examination is 4 hours.  

Litteratur udover forskningsartikler:David Basin, Patrick Schaller, and Michael Schläpfer. Applied Information Security: A Hands-on Approach. Springer, 2011. ISBN-13: 978-3642244735/ISBN-10: 3642244734.