System and Application SecurityFDA207, 2006HT
|
|
Course plan
No of lectures
40 hours
100 hours self study
Recommended for
Both PhD students and MSc students can participate.
The course was last given
New course
Goals
The aim of the course is to teach the principles and technologies that are
available to create trustworthy application-level software systems with
well-defined security guarantees to their users.
At the end of the course, students will have an understanding of the
technologies, themes, and challenges in providing such trustworthy computing.
They will have learned to define what security means for a given application
suite and how to design, implement, and integrate applications to coexist in
trustworthy computing environments.
Prerequisites
Knowledge in operating systems, distributed systems, software engineering, and cryptography. Basic knowledge in programming in the C and Java programming languages in a Unix environment.
Organization
The theoretical material is presented at lectures. Case studies, laboratory work, and homework assignments are used to complement the lectures.
Contents
- Application level security services, such as identity, federated identity,
authentication, authorization, and audit services - How security principles and
controls are applied to accomplish security goals such as transaction
non-repudiation, user authenticity, and data integrity in application suites,
using e.g., conventional encryption, public-key cryptography, hash functions,
authentication protocols, or digital signatures.
- Web services and service-oriented architectures security, OASIS web services
security.
- Lessons learned from faulty system design and software vulnerabilities in
applications.
- The relationship between security goals, assets, threats and
controls/countermeasures in network security.
- Attacks against applications and their countermeasures, including denial of
service attacks.
- The technology of host-based intrusion detection to complement preventative
security mechanisms.
- The use of application level security standards, such as GSS-API, X.509,
S/MIME, SAML, XACML, SOAP,
- Database security
- Directory system security
- Application case studies: electronic mail security, PEM, PGP, S/MIME, EDI
security
- Application level malware
- User-centered security and the role of user interfaces
Literature
Christopher Steel, Ramesh Nagappand, and Ray Lai. Core Security Patterns. Prentice Hall. 2006.
Lecturers
Examiner
Christoph Schuba
Examination
Written examination
Laboratory work and written assignments
For postgrad students: the written exam gives 2.5 and the laboratory work and
assigments give 1.5 points. Masters Students can earn 6 ECTS credits (4+2).
Credit
4.
Comments
Page responsible: Director of Graduate Studies