Advanced Security (Autumn 2021)

Abstract

You will take this course as part of the security specialization.  The course is designed to prepare you to write a master thesis in security and give you the background to excel.  The knowledge you gain in this class will allow you to write better and more secure software that can also run reliably in adversarial environments.   You must have taken Security 1 and Security 2 as well as Discrete Mathematics and a programming course to be admitted to this course.

 

 

Description

This is the advanced course in the security specialization. It is taught by different faculty members at the Center of Information Security and Trust.  The course will provide several gentle introductions into the research areas of the respective teachers.  The course changes from year to year, depending on who is teaching it. It touches on technical as well as human factors. The course is organized in several modules.

Module 1: Cryptographic protocols and multi-party protocols (MPC).  In this module you will learn about cryptographic protocols, how to design them and how to ensure that they are secure. 

Module 2: Accountability.  In this module we discuss how to design protocols that are not only secure, but that have the property to be able to assign blame in the case something does go wrong.

Module 3: Information Flow Control. In this module you learn how to prove that a program preserves the confidentiality and integrity of information. You will see tools that help programmers write information-flow secure programs and learn the theory that makes these tools possible. 

Module 4: Usable Security.  In this module you will learn how to secure not only the software, but entire process from creation to end-user usability paying particular attention to the operational environment in which the software will be used.

Module 5: Socio-Technical Security.  This module is about techniques that will allow you to understand possible attack vectors of socio-technical systems and how to model and evaluate them. 

Module 6: Election Security.  This module covers different aspects of election technologies and introduces cryptographic protocols used in Internet elections.

Formal prerequisites

Formal prerequisites 

    Security 1

    Security 2

    Discrete Mathematics

    Introduction to Programming

 

Intended learning outcomes

After the course, the student should be able to:

• Module 1: Design and study cryptographic protocols.
• Module 2: Analyze protocols for accountability
• Module 3: Apply information flow control techniques.
• Module 4: Explain usability security design techniques.
• Module 5: Analyze socio-technical systems.
• Module 6: Describe cryptographic protocols used for voting.

Learning activities

• Create cryptographic protocols
• Analyze techniques to achieve accountability
• Analyze information flow control techniques
• Apply usability security design techniques
• Apply code scanning tools to source code
• Formulate real-world scenario using attack trees

Mandatory activities

There are 6 quizes. 

The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved and the student will use an exam attempt.

Course literature

The course literature is published in the course page in LearnIT.

Student Activity Budget

Estimated distribution of learning activities for the typical student

• Preparation for lectures and exercises: 15%
• Lectures: 25%
• Exercises: 25%
• Assignments: 15%
• Exam with preparation: 10%
• Other: 10%

Ordinary exam

Exam type:
B: Oral exam, External (7-point scale)
Exam variation:
B22: Oral exam with no time for preparation.

reexam

Exam type:
B: Oral exam, External (7-point scale)
Exam variation:
B22: Oral exam with no time for preparation.

Time and date