Hide menu

System and Application Security

FDA207, 2006HT

Status Archive
School Computer and Information Science (CIS)
Division ADIT
Owner Christoph Schuba
Homepage http://www.ida.liu.se/~schuba/SAAS06

  Log in  




Course plan

No of lectures

40 hours

100 hours self study

Recommended for

Both PhD students and MSc students can participate.

The course was last given

New course

Goals

The aim of the course is to teach the principles and technologies that are available to create trustworthy application-level software systems with well-defined security guarantees to their users.

At the end of the course, students will have an understanding of the technologies, themes, and challenges in providing such trustworthy computing. They will have learned to define what security means for a given application suite and how to design, implement, and integrate applications to coexist in trustworthy computing environments.

Prerequisites

Knowledge in operating systems, distributed systems, software engineering, and cryptography. Basic knowledge in programming in the C and Java programming languages in a Unix environment.

Organization

The theoretical material is presented at lectures. Case studies, laboratory work, and homework assignments are used to complement the lectures.

Contents

- Application level security services, such as identity, federated identity, authentication, authorization, and audit services - How security principles and controls are applied to accomplish security goals such as transaction non-repudiation, user authenticity, and data integrity in application suites, using e.g., conventional encryption, public-key cryptography, hash functions, authentication protocols, or digital signatures.
- Web services and service-oriented architectures security, OASIS web services security.
- Lessons learned from faulty system design and software vulnerabilities in applications.
- The relationship between security goals, assets, threats and controls/countermeasures in network security.
- Attacks against applications and their countermeasures, including denial of service attacks.
- The technology of host-based intrusion detection to complement preventative security mechanisms.
- The use of application level security standards, such as GSS-API, X.509, S/MIME, SAML, XACML, SOAP,
- Database security
- Directory system security
- Application case studies: electronic mail security, PEM, PGP, S/MIME, EDI security
- Application level malware
- User-centered security and the role of user interfaces

Literature

Christopher Steel, Ramesh Nagappand, and Ray Lai. Core Security Patterns. Prentice Hall. 2006.

Lecturers

Examiner

Christoph Schuba

Examination

Written examination
Laboratory work and written assignments

For postgrad students: the written exam gives 2.5 and the laboratory work and assigments give 1.5 points. Masters Students can earn 6 ECTS credits (4+2).

Credit

4.

Comments


Page responsible: Director of Graduate Studies