Official course description:

Full info last published 10/03-21
Course info
Language:
English
ECTS points:
7.5
Course code:
BSSECUR1KU
Participants max:
100
Offered to guest students:
yes
Offered to exchange students:
yes
Offered as a single subject:
yes
Price for EU/EEA citizens (Single Subject):
10625 DKK
Programme
Level:
Bachelor
Programme:
BSc in Software Development
Staff
Course manager
Assistant Professor
Teacher
Associate Professor
Course semester
Semester
Forår 2021
Start
1 February 2021
End
14 May 2021
Exam
Exam type
ordinær
Internal/External
ekstern censur
Grade Scale
7-trinsskala
Exam Language
GB
Abstract

This is an introductory course on information security. The course focuses on introductory aspects of analysis, design and implementation of secure software.

Description

Security is a fundamental aspect that is necessary to take care of in today's development of software.

The student taking this course will have an introductory knowledge on attacker models, cryptographic tools and principal security protocol from real-world scenarios.

The course addresses four major topics:  

  • The principal security requirements and attacker models  
  • The fundamental cryptographic tools in Information Security  
  • Primary security protocols and Internet standards (PKI, TLS)  
  • Practical techniques for penetrating and hardening IT-systems 

Formal prerequisites

Before taking this course you must: 

  1. be familiar with computer networks 
  2. be superficially familiar with scripting languages 
  3. be familiar with the SQL query language 
  4. know basic algorithms and data structures 
  5. have implemented at least two medium-size programming projects (7.5 ECTS each) 
  6. be able to design, implement, and test medium-sized programs in Java or C# or other mainstream languages. 
  7. be familiar with basic discrete mathematics 

Fourth-semester BSWU students fulfil these requirements. Otherwise, individual requirements can be satisfied by taking the BSWU courses or equivalent courses: (1) Mobile and Distributed systems, (3) Introduction to Database Design, (4) Algorithms and Data Structures, (5,6) Analysis, Design and Software Architecture, (7) Foundations of Computing - Discrete Mathematics. 

Intended learning outcomes

After the course, the student should be able to:

  • Identify, list, and discuss major principles of IT security
  • Apply and relate those principles to the securing of networked server installations
  • List and analyse standard attacks, especially on web applications in particular
  • Describe and explain intrusion detection
  • Identify, list, and explain common security pitfalls of web applications
  • Identify, describe and explain basic computer forensics techniques
  • Identify and describe the proper use of cryptography in security
  • Analyse an IT-system for security risks and reflect on potential improvements of the system
Learning activities

Teaching consist of lectures and exercises.

Coursework takes the following forms.

  • Lectures introducing & discussing concepts.
  • Exercises
  • Experimental lab work 
  • Project work

Most weeks will have lectures, exercises and lab work. Lectures will introduce concepts, paving the way for exercises and lab work. You are expected to complete the exercises by yourself with assistance from lecturers and TAs. In lab work, you will carry out experiments in order to better understand the motivation and methods for secure implementation and configuration of IT systems and to assess the effectivity and impact of security measures. The experiments will be based on an extensive script and virtual machines that include example applications, questions, and answers.

Some weeks—in particular during project and review—you are expected to be work independently; there are no lectures or exercise classes. However, TAs have office hours 3 times a week, where you can come and ask any questions you might have, and we expect to use the learnit forums extensively for questions and answers.

Finally, you will also complete (in groups) a project:

  • Based on a set of functional requirements, you will design and implement a prototypical IT system.
  • You will conduct a security analysis and devise appropriate security measures for this system.
  • You will then swap systems with another group, and carry out a security review of this other group's system.

 


Mandatory activities

To be eligible for the examination, you must: 

  1. submit and have approved 1 mandatory exercise set. 
  2. submit and have approved 3 mini-projects. 
  3. be present and participate actively in the course conclusion workshop. 

All deadlines will be announced on the course page on LearnIT. Note that peergrade assignments are not considered approved unless you have both submitted yourself, as well as submitted feedback for at least two other assignments. 

The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved, which means that the student will use an exam attempt.

The mandatory activities will make sure that the students have the fundamental knowledge that enables them to progress with the subsequent lectures. Feedback will primarily be given by TAs. Students can get second attempts until the last lecture.


The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved and the student will use an exam attempt.

Course literature

COURSE LITERATURE

==Book 1==
Author/Editor: William Stallings & Lawrie Brown
Title: Computer Security: Principles and Practice, Global Edition
ISBN: 9781292220611
Edition/Year: 4
Type: Obligatory

==Book 2==
Author/Editor: Basin, David, Schaller, Patrick, Schläpfer,
Michael
Title: Applied Information Security: A Hands-on Approach
ISBN: 978-3-642-24473-5
Edition/Year: 2011
Type: Obligatory


Student Activity Budget
Estimated distribution of learning activities for the typical student
  • Preparation for lectures and exercises: 10%
  • Lectures: 25%
  • Exercises: 25%
  • Assignments: 15%
  • Project work, supervision included: 15%
  • Exam with preparation: 10%
Ordinary exam
Exam type:
C: Submission of written work, External (7-point scale)
Exam variation:
C22: Submission of written work – Take home
Exam submission description:
Open book exam.
Exam duration: 4-hours exam - please, disregard the 1 day duration below.
Random fraud control with Zoom will be conducted right after the submission.
Student Affairs and Programmes will randomly select 20 % of students who will have to show up in Zoom to check authorship of submitted solutions.
The selection of students for fraud control will be published in LearnIT right after the exam together with a link to the Zoom meeting.
Take home duration:
1 day

Time and date