Official course description:

Full info last published 27/06-19
Course info
Language:
English
ECTS points:
15.0
Course code:
KSADSEC1KU
Offered to guest students:
no
Offered to exchange students:
Offered as a single subject:
no
Programme
Level:
MSc. Master
Programme:
MSc in Computer Science
Staff
Course manager
Carsten Schürmann
Associate Professor
Teacher
Bernardo Machado David
Associate Professor
Teacher
Oksana Kulyk
Assistant Professor
Teacher
Rosario Giustolisi
Assistant Professor
Teacher
Willard Rafnsson
Assistant Professor
Course semester
Semester
Efterår 2019
Start
26 August 2019
End
31 January 2020
Exam
Abstract

You will take this course as part of the security specialization.  The course will prepare you to develop  software that must run reliably and securely in adversarial environments.   You must have taken Security 1 and Security 2 as well as Discrete Mathematics and a programming course to be admitted to this course.

Description

This is the advanced course in the Security specialization.

This course will cover advanced aspects of information security that will enable you to develop software that can run securely and reliably in adversarial environments.  The course includes technical and social elements. The course is organized in six modules.

  1. Cryptographic protocols.  In this module you will learn about cryptographic protocols, how to design them and how to ensure that they are actually secure.
  2.  Accountability.  In this module we discuss how to design protocols that are not only secure, but that have the property to be able to assign blame in the case something does go wrong.
  3. Information Flow Control. In this module you learn how to prove that a program preserves the confidentiality and integrity of information. You will see tools that help programmers write information-flow secure programs, and learn the theory that makes these tools possible.
  4. Usable Security.  In this module you will learn how  to secure not only the software, but entire process from creation to end-user usability paying particular attention to the operational environment in which the software will be used.
  5. Code Scanning. In this module we discuss  tools to identify security vulnerabilities in your software automatically.  You will learn the way these tools work and how to apply them.
  6. Attack Trees. This final module is about a technique that will allow you to think about possible attack vectors of socio-technical systems and how to evaluate them.

After the course, you will understand how security vulnerabilities are introduced into software and you will be able to use tools to eliminate them.

Formal prerequisites
  1. Security 1
  2. Security 2
  3. Discrete Mathematics
  4. Introduction to Programming


Intended learning outcomes

After the course, the student should be able to:

  • Create cryptographic protocols
  • Analyze techniques to achieve accountability
  • Analyze information flow control techniques
  • Apply usability security design techniques
  • Apply usability security design techniques
  • Formulate real-world scenario using attack trees
Learning activities

  • Create cryptographic protocols
  • Analyze techniques to achieve accountability
  • Analyze information flow control techniques
  • Apply usability security design techniques
  • Apply code scanning tools to source code
  • Formulate real-world scenario using attack trees

Mandatory activities

There are 6 quizes.  There is an individual oral exam.

The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved and the student will use an exam attempt.

Course literature

The course literature is published in the course page in LearnIT.

Ordinary exam
Exam type:
B: Oral exam, external (7-trinsskala)
Exam variation:
B22: Oral exam with no time for preparation.
Exam description:

30 minutes oral exam, individual, without preparation


Time and date