IT-Universitetet i København
  Tilbage Kursusoversigt
Kursusnavn (dansk):Security, BSc 
Kursusnavn (engelsk):Security, BSc 
Semester:Forår 2018 
Udbydes under:Bachelor i softwareudvikling (bswu) 
Omfang i ECTS:7,50 
Min. antal deltagere:
Forventet antal deltagere:
Maks. antal deltagere:50 
Formelle forudsætninger:Before taking this course you must:
• have implemented at least two medium-size programming projects (7.5 ECTS each)
• be able to design, implement, and test medium-sized programs in Java or C# or other mainstream languages.
• know basic algorithms and data structures (e.g., lists, queues, dictionaries)
• meet the admission requirements of the IT University
• Understand fundamentals of computer networking

One way to obtain these prerequisites is by following the IT University modules
1. Mobile and Distributed Systems
2. Either of Object Oriented Programming or Foundations of Computing - Algorithms. (It is possible to take the latter course in parallel with this one.)
3. Operating systems and C ((It is possible to take that course in parallel with this one.)

It is an advantage, but not a requirement, to know basics of database programming (SQL), web-programming and Linux/Unix system administration.
Moreover the student must always meet the admission requirements of the IT University. 
Læringsmål:After the course students should be able to:
• Identify, list, and discuss major principles of IT security
• Apply and relate those principles to the securing of networked server installations
• List and analyse standard attacks, especially on web applications in particular
• Describe and explain intrusion detection
• Identify, list, and explain common security pitfalls of web applications
• Identify, describe and explain basic computer forensics techniques
• Identify and describe the proper use of cryptography in security
• Analyse an IT-system for security risks and reflect on potential improvements of the system 
Fagligt indhold:In this course, we study applied aspects of Information Security. We address five major topics:
• network security
• operating system security (hardening, vulnerability scanning, access control, logging)
• application security with an emphasis on web applications (web server setup, common web exploits, authentication, session handling, code security);
• risk analysis and risk management;
• computer forensics.
• practical use of cryptography in Information Security

We will discuss both analysing existing systems and designing/implementing new ones. 

14 weeks of teaching consisting of lectures and exercises. Please note that the "Computer networks" lecture is not part of this course.
Coursework takes the following forms.

• Lectures introducing & discussing concepts.
• Exercises (self-study)
• Experimental lab work (self-study)
• Project work

Most weeks will have lectures, exercises and lab work. Lectures will introduce concepts, paving the way for exercises and lab work. You are expected to complete the exercises by yourself. In lab work, you will carry out experiments in order to better understand the motivation and methods for secure implementation and configuration of IT systems and to assess the effectivity and impact of security measures. The experiments will be based on an extensive script and virtual machines that include example applications, questions, and answers.

Some weeks—in particular during project and review—you are expected to be work independently; there are no lectures or exercise classes. However, TAs have office hours 3 times a week, where you can come and ask any question you might have, and we expect to use the learnit forums extensively for questions and answers.

Finally, you will also complete (in groups) a project:

• Based on a set of functional requirements, you will design and implement a prototypical IT system.
• You will conduct a security analysis and devise appropriate security measures for this system.
• You will then swap systems with another group, and carry out a security review of this other group's system.


Information about study structure

For students admitted from Autumn 2014 and later this course is part of the SDT AC track mandatory modules. For SDT DE track the course is part of the specialisation in Web Systems 

Obligatoriske aktivititer:All deadlines will be announced on the course page on LearnIT

Peer review
The course contains 4 peergrade activities, which you must complete with a passing grade to be eligible for the exam.
To successfully complete each peergrade activity you must also submit satisfactory feedback to two other submissions

You must submit via learnit.
You submit in 3 steps:
- System Description and Security Analysis
- Fully functional implementation
- Review Report

- You will swap system description and implementation with another group. If your report is of an insufficient quality or your implementation not fully
functional, you will have to re-submit.

You must attend at least one session of the Project Workshop and the Review
- You must participate in presentation of your work at the workshop.
- You must participate in questioning your partners group work and presentation.

If you do not participate, you will be uneligible for the examination. Contact the
course manager if you believe special circumstances apply in your case.

Be aware: The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved and the student will use an exam attempt. 
Eksamensform og -beskrivelse:A11: Skriftlig eksamen (stedprøve) med adgang til internet, skriftlige og trykte hjælpemidler., (7-scale, external exam)

Exam questions will contain a sub-section on "Binary exploits and malicious code" not in the corresponding MSc exam.
The duration of the written examination is 4 hours.  

Litteratur udover forskningsartikler:David Basin, Patrick Schaller, and Michael Schläpfer. Applied Information Security: A Hands-on Approach. Springer, 2011. ISBN-13: 978-3642244735/ISBN-10: 3642244734.