Official course description:

Full info last published 15/05-24
Course info
ECTS points:
Course code:
Participants max:
Offered to guest students:
Offered to exchange students:
Offered as a single subject:
Price for EU/EEA citizens (Single Subject):
10625 DKK
BSc in Software Development
Course manager
Associate Professor
Associate Professor
Course semester
Efterår 2024
26 August 2024
24 January 2025
Exam type
ekstern censur
Grade Scale
Exam Language

This is an introductory course on information security. The course focuses on introductory aspects of analysis, design and implementation of secure software.


Security is a fundamental aspect that is necessary to take care of in today's development of software.

The student taking this course will have an introductory knowledge on attacker models, cryptographic tools and principal security protocol from real-world scenarios.

The course addresses four major topics:

  • The principal security requirements and attacker models
  • The fundamental cryptographic tools in Information Security
  • Primary security protocols and Internet standards (PKI, TLS)
  • Practical techniques for penetrating and hardening IT-systems

Formal prerequisites

Before taking this course you must: 1. be familiar with C and Operating Systems 2. be familiar with computer networks 3. be superficially familiar with scripting languages 4. be familiar with the SQL query language 5. know basic algorithms and data structures 6. have implemented at least two medium-size programming projects (7.5 ECTS each) 7. be able to design, implement, and test medium-sized programs in Java or C# or other mainstream languages. 8. be familiar with basic discrete mathematics BSWU graduates fulfil these requirements. Otherwise, individual requirements can be satisfied by taking the BSWU courses: (1) Operating Systems and C, (2) Distributed Systems, (4) Introduction to Database Systems, (5) Algorithms and Data Structures, (6,7) Analysis, Design and Software Architecture, (8) Foundations of Computing - Discrete Mathematics.
The student must always meet the admission requirements of the IT University.

Intended learning outcomes

After the course, the student should be able to:

  • Describe, relate, and discuss basic security principles
  • Identify and describe access control techniques
  • Identify, describe, and evaluate design approaches meeting specific security requirements
  • Illustrate, analyse, and evaluate security standards
  • Identify and describe the proper use of cryptography in security
  • Describe and compare most common attack practices
  • Describe and explain intrusion detection and prevention
  • Analyse an IT-system for security risks and reflect on potential improvements of the system
Learning activities

Teaching consists of lectures and exercises. Coursework takes the following forms:  

  • Lectures
  • Exercises
  • Experimental lab work
  • Project work

In project weeks, you are expected to be work independently; there are no lectures or exercise classes. Both teachers and tas will be available for questions in the period via various media, notably on learnit forums and in person at office hours.

The course concludes with project work as follows. Based on a set of functional requirements, you will design and implement a prototypical IT system. You will conduct a security analysis and devise appropriate security measures for this system. You will then swap systems with another group, and carry out a security review of this other group's system.

Mandatory activities

To be eligible for the examination, you must:

  1. You must submit and have approved 2 mandatory exercise sets.
  2. You must submit and have approved 2 mini-projects.
  3. You must be present and participate actively in the course conclusion workshop.

The purpose of the first mandatory activity is to understand the use of basic cryptographic primitives in security protocols, as well as observe the need for proper parameters when implementing these primitives.

The purpose of the second mandatory activity is to practice the design of security protocols based on advanced cryptographic primitives and secure channel protocols while practicing the analysis of security protocols according to security principles and the properties of underlying cryptographic primitives.

The purpose of the two mini-projects is to practice penetration testing techniques and to get familiarized with real-world security flaws in IT systems. The first mini-project aims at creating a hardened server hosting common IT services and the second mini-project aims at identifying and exploring security flaws in the servers created in the first mini-project. The course conclusion workshop aims at sharing the experience of the mini-projects among peers.

All deadlines will be announced on the course page on LearnIT. Note that peer grade assignments are not considered approved unless you have both submitted yourself, as well as submitted feedback for at least two other assignments. If a mandatory activity is missed or not approved, you will receive a second attempt that must be submitted within two weeks of the activity's grade becoming available.

The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved and the student will use an exam attempt.

Course literature

==Book 1==
Author/Editor: William Stallings & Lawrie Brown
Title: Computer Security: Principles and Practice, Global Edition
ISBN: 9781292220611
Edition/Year: 4
Type: Obligatory

==Book 2==
Authors: David Wagner, Nicholas Weaver, Peyrin Kao, Fuzail Shakir, Andrew Law, and Nicholas Ngai
Title: Computer Security
Edition/Year: 2024
Type: Obligatory

Student Activity Budget
Estimated distribution of learning activities for the typical student
  • Preparation for lectures and exercises: 10%
  • Lectures: 25%
  • Exercises: 25%
  • Assignments: 15%
  • Project work, supervision included: 15%
  • Exam with preparation: 10%
Ordinary exam
Exam type:
A: Written exam on premises, External (7-point scale)
Exam variation:
A22: Written exam on premises with restrictions.
Exam duration:
4 hours
Internet access:
Restricted access - LearnIT only
Aids allowed for the exam:
Written and printed books and notes
E-books and/or other electronic devices

Exam type:
B: Oral exam, External (7-point scale)
Exam variation:
B22: Oral exam with no time for preparation.
Exam duration per student for the oral exam:
20 minutes

Time and date
Ordinary Exam - on premises Mon, 6 Jan 2025, 09:00 - 13:00