Hide menu

TDDD17 Information Security, Second Course

Course Literature

The course literature consists of the lectures handouts and the reading material prepared by the lecturers on this page. The literature marked with read for exam is mandatory for the exam, i.e. exam questions could cover any of the marked references. The un-marked literature is useful extra reading material.

The amount of mandatory reading material (number of pages) for each topic is approximately the same.

* Note that the lecture handouts are among the read for exam material.


1) System security

For system security, the lecture handouts serve as the primary study material. You should focus on getting a high-level conceptual understanding of techniques and attacks (i.e. the "main ideas" and "big picture"), rather than learning technical details by heart. For example, the following is an example of a question that you are NOT likely to see on an exam:

In the context of Intel SGX, what does the acronym EPCM mean?

A more likely exam question could be more along the lines of:

Can technology A protect from attack X? Explain why or why not.

Note: Since Robert had to skip some parts of his lecture, the lecture handouts for the third system secuirty lecture (Security and Security Controls in Operating Systems) will not be part of the mandatory reading for the exam.

Trusted computing

You should have a conceptual understanding of all techniques discussed in the lecture notes, but focus on the following topics:

  • The TPM and related concepts, (root of trust, etc.)
  • Virtualization
  • ARM TrustZone and Intel SGX
The following articles may help you to better understand the material in the slides:

OS security

  • Make sure you understand the concepts of MAC and DAC from the basic secuirty course, as well as the Biba and Bell-LaPadula security models. read for exam
  • Role-based access control on Wikipedia. read for exam
  • Read about the 8 secure design principles by Saltzer and Schroeder. You only need to understand the design principles a-h in section I-A 3) "Design Principles". The rest of the paper is not mandatory reading. You should, however, be able to relate the design principles to real-life situations. read for exam
  • You should also have a conceptual understanding of attacks mentioned in the slides. The following Wikipedia articles give some more details on two attack types:

2) Identification and authentication, Biometric user authentication

Note: To access books that are available as electronic resources from the LiU library system, go to http://www.bibl.liu.se/ and search for the book title.

  • Fumy, W. and Paeschke, M. Handbook of eID Security - Concepts, practical experiences, technologies. Publicis, 2011. Available online via the LiU library. Note that access is restricted to one reader at a time.
  • A. Jain, A. Ross and K. Nandakumar, Chapters 1, 6 and 7 in "Introduction to Biometrics". Springer, 2011. Available online via the LiU library. I In Chapter 6, the sub-sections 6.1 & 6.2 are especially important. In Chapter 7, the sub-section 7.1 is especially important. read for exam
  • Jain, A. Ross and K. Nandakumar, Chapters 2, 3, 4 and 5 in "Introduction to Biometrics". Springer, 2011. Available online via the LiU library. During the lectures examples of inherent qualities of different biometric traits are given and how these may influence system design, for example regarding feature extraction and matching. Further details regarding the specific biometric traits are discussed in these chapters.
  • Ross Anderson, Security Engineering - A guide to building dependable distributed systems, Second edition, Wiley 2008, Chapter 16, Physical tamper resistance, http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c16.pdf

3) Practical network security

Note: Some of the Wikipedia articles may include sections that have been broken out into other articles (currently, for example, "Firewall" links to "Stateful firewall"). You can recognize these from the link labeled "main article" at the beginning of each such section. These main articles are also included in read-for-exam.

Wikipedia articles (read for exam): Firewall (Computing), Application Layer Firewall, Proxy Server, Network Address Translation.

Network design

Mapping, attacks and vulnerabilities

Wireless security

IPSec and SSL/TLS

  • The main study material for IPSec and SSL/TLS is the slides for the Network Security part of the course, which are all read for exam .
  • The following material provides a more in-depth description of IPSec: An Illustrated Guide to IPsec. It may help in understanding the slides, but is not mandatory reading.
  • For full details of the IPSec protocol, refer to: Kent, BBN Corp, Atkinson and @Home Network. "RFC 2401: Security Architecture for the Internet Protocol".

4) Privacy and database security

The only mandatory literature is the lecture slides. Note that on the exam, you may be asked to apply the methods described in the slides on simple examples, similar to those given in the lecture.

The papers cited in the database privacy slides are considered extra reading. Also, the book Elmasri and Navathe: "Fundamentals of Database Systems", Addison Wesley may be useful if you are new to databases.



Page responsible: Nahid Shahmehri
Last updated: 2018-03-10