Hide menu

TDDD17 Information Security, Second Course

Course Literature

The course literature consists of the lectures handouts and the reading material prepared by the lecturers on this page. The literature marked with read for exam is mandatory for the exam, i.e. exam questions could cover any of the marked references. The un-marked literature is useful extra reading material.

The amount of mandatory reading material (number of pages) for each topic is approximately the same.

* Note that the lecture handouts are among the read for exam material.


1) System security

  • M. Bishop, "Computer Security: Art and science", Addison-Wesley, ISBN 0-201-44099-7. read for exam
    • Sections 2.1-2.3
    • Sections 5.1-5.2
    • Sections 6.1-6.3
    • Section 7.4
    • Sections 13.1-13.3
    • Sections 15.1-15.4

Reading guidelines for system security

Sections 2.1-2.3
Protection state, access control matrix, protection state transitions (i.e. a formal model for changing the access control matrix). Similar material should be found in most fundamental computer security textbooks.

Sections 5.1-5.2
Confidentiality policies and the Bell-LaPadula model. The Bell-LaPadula model is discussed in most fundamental computer security textbooks, but Bishop goes in to a great deal of detail. In particular, he covers the formalization of the model as well as instantiation of the model in a real operating system. The basics of Bell LaPadula are the most important, but some familiarity with the formalization is also expected.

Sections 6.1-6.3
Integrity policies, the Biba integrity model and Lipner's integrity matrix model. The Biba model should be covered in any fundamental computer security textbook. Bishop covers a formalization of the model as well as its combination with Bell LaPadula.

Section 7.4
Role-based access control. Bishop covers the formal RBAC model, which differs from trivial implementations called RBAC in some operating systems. An alternative source is found here.

Section 13.1-13.3
Design principles. Bishop covers the following design principles, all of which can be found through a web search: principle of least privilege, principle of fail-safe defaults, principle of economy of mechanism, principle of complete mediation, principle of open design, principle of separation of privilege, principle of least common mechanism, principle of psychological acceptability. Note that knowing the definitions is not enough; students must also be able to recognize when a design principle is applied (or not) apply the principles in practice. One place that has many of the principles (some under other names) is found here.

Section 15.1-15.4
Access control mechanisms. Bishop covers access control lists, including practical concerns (abbreviations, creation, maintenance, modification, privileged users, role of the owner, groups, wildcards, conflicts, revocation and default permissions); capabilities, including implementation, copying, amplification, revocation, limits. Bishop also covers "locks and keys", which combine the features of capabilities and access-control lists, type checking and secret sharing.

Access controls and capabilities should be covered by most fundamental textbooks, but perhaps not to the same level of detail as Bishop does. Secret sharing is reasonably well covered by Wikipedia (particularly the references). Locks and keys and type checking are, unfortunately, difficult to find covered in a similar manner elsewhere.


2) Identification and authentication, Biometric user authentication

  • A. Jain, A. Ross and K. Nandakumar, Chapters 1 and 7 in "Introduction to Biometrics". Springer, 2011. Available online via the LiU library. In Chapter 7, the sub-section 7.1 is especially important. read for exam

3) Practical network security

Comment added 4/3-13: Some of the Wikipedia articles may include sections that have been broken out into other articles (currently, for example, "Firewall" links to "Stateful firewall"). You can recognize these from the link labeled "main article" at the beginning of each such section. These main articles are also included in read-for-exam.

Wikipedia articles (read for exam): Firewall (Computing), Application Layer Firewall, Proxy Server, Network Address Translation.

Network design

Mapping, attacks and vulnerabilities

Wireless security

IPSec and SSL/TLS

  • Kent, BBN Corp, Atkinson and @Home Network. "RFC 2401: Security Architecture for the Internet Protocol". read for exam
    The overall concepts and architecture are important, as are the capabilities of the architecture, but the technical details are beyond the scope of this topic. In particular, section 1-3 and the main concepts of section 4 (particularly 4.1-4.3 and 4.6) are important. Sections 5-12 and the appendices are beyond the scope of this topic. read for exam
  • M. Bishop, "Computer Security: Art and science", Addison-Wesley, ISBN 0-201-44099-7. read for exam
    • Section 11.4.2 (just the overall concepts), section 11.4.3 and section 11.4.4. Everything relevant in section 11.4.3 of Bishop is also in RFC2401, so you only need to read the latter; Bishop may be helpful in understanding the RFC.

4) Business continuity planning and Physical security

Business continuity planning

  • Chapters 15-16 from Stewart, J. M.; Tittel, E. & Chapple, M. (2008), CISSP. Certified Information Systems Security Professional study guide. Sybex. Electronically available from http://www.bibl.liu.se/ (search for CISSP in the library catalogue)
    read for exam

Physical security

  • Chapter 19 from Stewart, J. M.; Tittel, E. & Chapple, M. (2008), CISSP. Certified Information Systems Security Professional study guide. Sybex. Electronically available from http://www.bibl.liu.se/ (search for CISSP) read for exam

5) Risk analysis

  • F. den Braber, I. Hogganvik, M. S. Lund, K. Stølen, F. Vraasen, "Model-based security analysis in seven steps - a guided tour to the CORAS method", available here, Springer. BT Technology Journal, pp 101-117, 2007. read for exam
  • H. Dahl, I. Hogganvik, K. Stølen, "Structured semantics for the CORAS security risk modelling language", available here, SINTEF ICT. SINTEF Technical Report A970, 2007.
  • NIST SP 800-30: Risk management guide for information technology systems, available here
  • Risk Topics: Which Hazard Analysis read for exam
  • Gary McGraw, "Risk Management Framework", available here (link updated 2013-08-16). read for exam
  • B. Blakley, E. McDermott, D. Geer, Information security is information risk management, available here.
  • NIST SP 800-37: "Guide for Applying the Risk Management Framework to Federal Information Systems". Available here.
  • J. Steven, "Threat Modeling - Perhaps it's time" available here.
  • P. Brooke, R. Paige, "Fault trees for security system design and analysis" available here.


Page responsible: Nahid Shahmehri
Last updated: 2014-01-16