IT-Universitetet i København
 
  Tilbage Kursusoversigt
Kursusbeskrivelse
Kursusnavn (dansk):Security, MSc 
Kursusnavn (engelsk):Security, MSc 
Semester:Forår 2018 
Udbydes under:cand.it., softwareudvikling og -teknologi (sdt) 
Omfang i ECTS:7,50 
Kursussprog:Engelsk 
Kursushjemmeside:https://learnit.itu.dk 
Min. antal deltagere:
Forventet antal deltagere:
Maks. antal deltagere:120 
Formelle forudsætninger:Before taking this course you must:
• have implemented at least two medium-size programming projects (7.5 ECTS each)
• be able to design, implement, and test medium-sized programs in Java or C# or other mainstream languages.
• know basic algorithms and data structures (e.g., lists, queues, dictionaries)
• meet the admission requirements of the IT University.

One way to obtain these prerequisites is by following the IT University modules Object Oriented Programming or Foundations of Computing - Algorithms and Data Structures. (It is possible to take the latter course in parallel with this one.)

It is an advantage, but not a requirement, to know basics of database programming (SQL), web-programming and Linux/Unix system administration.
Moreover the student must always meet the admission requirements of the IT University. 
Læringsmål:After the course students should be able to:
• Identify, list, and discuss major principles of IT security
• Describe and discuss foundations of computer networking, and apply these to IT security questions.
• Apply and relate those principles to the securing of networked server installations
• List and analyse standard attacks, especially on web applications in particular
• Describe and explain intrusion detection
• Identify, list, and explain common security pitfalls of web applications
• Identify, describe and explain basic computer forensics techniques
• Identify and describe the proper use of cryptography in security
• Analyse an IT-system for security risks and reflect on potential improvements of the system 
Fagligt indhold:In this course, we study applied aspects of Information Security. We address five major topics:
• network security
• operating system security (hardening, vulnerability scanning, access control, logging)
• application security with an emphasis on web applications (web server setup, common web exploits, authentication, session handling, code security);
• risk analysis and risk management;
• computer forensics.
• practical use of cryptography in Information Security

We will discuss both analysing existing systems and designing/implementing new ones. 
Læringsaktiviteter:

14 weeks of teaching consisting of lectures and exercises. Please note that the "Binary exploits & malicious code" lecture is not part of this course.
Coursework takes the following forms.

• Lectures introducing & discussing concepts.
• Exercises (self-study)
• Experimental lab work (self-study)
• Project work

Most weeks will have lectures, exercises and lab work. Lectures will introduce concepts, paving the way for exercises and lab work. You are expected to complete the exercises by yourself. In lab work, you will carry out experiments in order to better understand the motivation and methods for secure implementation and configuration of IT systems and to assess the effectivity and impact of security measures. The experiments will be based on an extensive script and virtual machines that include example applications, questions, and answers.

Some weeks—in particular during project and review—you are expected to be work independently; there are no lectures or exercise classes. However, TAs have office hours 3 times a week, where you can come and ask any question you might have, and we expect to use the learnit forums extensively for questions and answers.

Finally, you will also complete (in groups) a project:

• Based on a set of functional requirements, you will design and implement a prototypical IT system.
• You will conduct a security analysis and devise appropriate security measures for this system.
• You will then swap systems with another group, and carry out a security review of this other group's system.

------------------------------------

Information about study structure

For students admitted from Autumn 2014 and later this course is part of the SDT AC track mandatory modules. For SDT DE track the course is part of the specialisation in Web Systems 

Obligatoriske aktivititer:All deadlines will be announced on the course page on LearnIT

Peer review
=======
The course contains 4 peergrade activities, which you must complete with a passing grade to be eligible for the exam.
To successfully complete each peergrade activity you must also submit satisfactory feedback to two other submissions



Project
=======
You must submit via learnit.
You submit in 3 steps:
- System Description and Security Analysis
- Fully functional implementation
- Review Report

- You will swap system description and implementation with another group. If your report is of an insufficient quality or your implementation not fully
functional, you will have to re-submit.


Workshops
=========
You must attend at least one session of the Project Workshop and the Review
Workshops
- You must participate in presentation of your work at the workshop.
- You must participate in questioning your partners group work and presentation.

If you do not participate, you will be uneligible for the examination. Contact the
course manager if you believe special circumstances apply in your case.

Be aware: The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved and the student will use an exam attempt. 
Eksamensform og -beskrivelse:A11: Skriftlig eksamen (stedprøve) med adgang til internet, skriftlige og trykte hjælpemidler., (7-scale, external exam)

Exam questions will contain a sub-section on "Computer networks" not in the corresponding BSc exam.
The duration of the written examination is 4 hours.  

Litteratur udover forskningsartikler:David Basin, Patrick Schaller, and Michael Schläpfer. Applied Information Security: A Hands-on Approach. Springer, 2011. ISBN-13: 978-3642244735/ISBN-10: 3642244734.