TDDD17 Information Security, Second Course
The course literature consists of the lectures handouts and the reading material prepared by the lecturers on this page. The literature marked with read for exam is mandatory for the exam, i.e. exam questions could cover any of the marked references. The un-marked literature is useful extra reading material.
The amount of mandatory reading material (number of pages) for each topic is approximately the same.
* Note that the lecture handouts are among the read for exam material.
1) System security
For system security, the lecture handouts serve as the primary study material. You should focus on getting a high-level conceptual understanding of techniques and attacks (i.e. the "main ideas" and "big picture"), rather than learning technical details by heart. For example, the following is an example of a question that you are NOT likely to see on an exam:
In the context of Intel SGX, what does the acronym EPCM mean?
A more likely exam question will be more along the lines of:
Can technology A protect from attack X? Explain why or why not.
You should have a conceptual understanding of all techniques discussed in the lecture notes. The following articles may help you to better understand the material in the slides:
- ARM Security Technology - Building a Secure System using TrustZone Technology gives a more technically in-depth description of ARM TrustZone.
- A Primer on Intel Software Guard Technology (Intel SGX) gives a high-level overview of SGX. read for exam
- Make sure you understand the concepts of MAC and DAC from the basic secuirty course, as well as the Biba and Bell-LaPadula security models. read for exam
- Role-based access control on Wikipedia. read for exam
- Read about the 8 secure design principles by Saltzer and Schroeder. You only need to understand the design principles a-h in section I-A 3) "Design Principles". The rest of the paper is not mandatory reading. You should, however, be able to relate the design principles to real-life situations. read for exam
- You should also have a conceptual understanding of attacks mentioned in the slides. The following Wikipedia articles gives some more details on two attack types:
2) Identification and authentication, Biometric user authentication
Note: To access books that are available as electronic resources from the LiU library system, go to http://www.bibl.liu.se/ and search for the book title.
- Fumy, W. and Paeschke, M. Handbook of eID Security - Concepts, practical experiences, technologies. Publicis, 2011. Available online via the LiU library. Note that access is restricted to one reader at a time.
- A. Jain, A. Ross and K. Nandakumar, Chapters 1, 6 and 7 in "Introduction to Biometrics". Springer, 2011. Available online via the LiU library. I In Chapter 6, the sub-sections 6.1 & 6.2 are especially important. In Chapter 7, the sub-section 7.1 is especially important. read for exam
- Jain, A. Ross and K. Nandakumar, Chapters 2, 3, 4 and 5 in "Introduction to Biometrics". Springer, 2011. Available online via the LiU library. During the lectures examples of inherent qualities of different biometric traits are given and how these may influence system design, for example regarding feature extraction and matching. Further details regarding the specific biometric traits are discussed in these chapters.
- Ross Anderson, Security Engineering - A guide to building dependable distributed systems, Second edition, Wiley 2008, Chapter 16, Physical tamper resistance, http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c16.pdf
3) Practical network security
Note: Some of the Wikipedia articles may include sections that have been broken out into other articles (currently, for example, "Firewall" links to "Stateful firewall"). You can recognize these from the link labeled "main article" at the beginning of each such section. These main articles are also included in read-for-exam.
- D. Smith, "Improving Computer Security through Network Design". read for exam
Mapping, attacks and vulnerabilities
- Matta Security Limited. "An Introduction to Internet Attack and Penetration". Read pages 5-8. read for exam
- Fyodor, "Remote OS detection via TCP/IP stack fingerprinting". The section on nmap is beyond the scope of this topic; you don't have to read it at all.
- Joe Stuart. "DNS Cache Poisoning -- The Next Generation". Pages 1-10.
- Ptacek and Newsham. "Insertion
Evasion and Denial of Service: Eluding Network Intrusion Detection". read for exam
Sections 1-2 are required reading. Include section 3-6 for in-depth reading.
- N. Cam-Winget, R. Housley, D. Wagner, and J. Walker, "Security Flaws in 802.11 Data Link Protocols". read for exam
IPSec and SSL/TLS
- Kent, BBN Corp, Atkinson and @Home Network. "RFC
2401: Security Architecture for the Internet Protocol". read for exam
The overall concepts and architecture are important, as are the capabilities of the architecture, but the technical details are beyond the scope of this topic. In particular, section 1-3 and the main concepts of section 4 (particularly 4.1-4.3 and 4.6) are important. Sections 5-12 and the appendices are beyond the scope of this topic. read for exam
- M. Bishop, "Computer Security: Art and science", Addison-Wesley,
ISBN 0-201-44099-7. read for exam
- Section 11.4.2 (just the overall concepts), section 11.4.3 and section 11.4.4. Everything relevant in section 11.4.3 of Bishop is also in RFC2401, so you only need to read the latter; Bishop may be helpful in understanding the RFC.
4) Business continuity planning and Physical security
Business continuity planning
- Chapters 15-16 from Stewart, J. M.; Tittel, E. & Chapple,
M. (2008), CISSP. Certified Information Systems Security Professional
study guide. Sybex. Electronically available
(search for CISSP in the library catalogue)
read for exam
- Chapter 19 from Stewart, J. M.; Tittel, E. & Chapple, M. (2008), CISSP. Certified Information Systems Security Professional study guide. Sybex. Electronically available from http://www.bibl.liu.se/ (search for CISSP) read for exam
5) Risk analysis
- F. den Braber, I. Hogganvik, M. S. Lund, K. Stølen, F. Vraasen, "Model-based security analysis in seven steps - a guided tour to the CORAS method", available here, Springer. BT Technology Journal, pp 101-117, 2007. read for exam
- H. Dahl, I. Hogganvik, K. Stølen, "Structured semantics for the CORAS security risk modelling language", available here, SINTEF ICT. SINTEF Technical Report A970, 2007.
- NIST SP 800-30: Risk management guide for information technology systems, available here
- Risk Topics: Which Hazard Analysis
- Gary McGraw, "Risk Management Framework", available here (link updated 2013-08-16).
- B. Blakley, E. McDermott, D. Geer, Information security is information risk management, available here.
- NIST SP 800-37: "Guide for Applying the Risk Management Framework to Federal Information Systems". Available here.
- J. Steven, "Threat Modeling - Perhaps it's time" available here.
- P. Brooke, R. Paige, "Fault trees for security system design and analysis" available here.
Page responsible: Nahid Shahmehri
Last updated: 2016-01-11