LiU Homepage
TSIT02 Computer security 2016
The course takes place in period HT2 and can be included in several of our longer educations, is compulsory for students taking the security profile and is also taken by many Master's students, Erasmus students and others. There is a list below that briefly describes the course content, a description of the course goals can be found on another page. The lectures and all literature is in English.Organisation
There are 12 two-hour lectures, two two-hour guest lectures, and a lab course that spans the entire course duration. Two two-hour coaching sessions are reserved for each lab group.Contact information
Main lecturer: Jonathan JogenforsExaminator: Jan-Åke Larsson
Teaching assistant: Niklas Johansson
Biometry lecturer: Ingo Hölscher, LiU-IT
Legal lecturer: Sebastian Wärmländer
Lab submission: tsit02-lab@isy.liu.se
Literature
The textbook we use for this course is Ross Anderson: Security Engineering (Wiley, 2008). This is a (very) large book, but don't panic -- I will only select parts of it for the course. The book is available online, free of charge, at the author's homepage. If you still want the hard copy (hey, it's cheaper than a gym membership!), it is not so expensive. However, we won't use the book too much during the course so I recommend the online version. The chapters in the course plan below reflects Anderson's book.
Course plan
Lecture slides appear shortly after each lecture.
| Lecture 1 | Brief history, terminology, measuring security | Jonathan | Ch 1, 25.5 |
| Remember to register for the lab sessions! | |||
| Lecture 2 | Authentication, tokens, biometry | Ingo | Ch 15 |
| Lecture 3 | Authentication, tokens, biometry (continued) | Ingo | Ch 15 |
| Lecture 4 | Web security, penetration testing, lab preparation | Jonathan | N/A |
| Lecture 5 | Access control | Jonathan | Ch 4.1-4.2.2, 8.1-8.3, 9.2.1 |
| Guest lecture 1 | 18th of November: Accenture. See the guest lecture. | ||
| Lecture 6 | Implementation examples and Virtualization | Jonathan | Ch 4.2.3, 4.2.5, 4.2.7, 4.2.9-4.2.10, 8.5 |
| Coaching 1 | First lab coaching session | Niklas | |
| Lecture 7 | Database security and software security (briefly) | Jan-Åke | Ch 4.2.8, 4.4.1-4.4.2, |
| Lecture 8 | Cryptography as a security tool | Jan-Åke | N/A |
| Lecture 9 | Legal perspectives on computer security | Sebastian | N/A |
| Lecture 10 | Key management and trust, side channel attacks | Jan-Åke | N/A |
| Coaching 2 | Second lab coaching session | Niklas | |
| Guest lecture 2 | 9th of December, Sectra Communications. See the guest lecture. | ||
| Lecture 11 | Communication and network security | Jan-Åke | Ch 21 |
| Lecture 12 | Social engineering, New access control paradigms, DRM, the Cloud | Jonathan | N/A |
Laborations
Lab sign-up is done via Lisam and should be started as soon as the course starts. Lab PM can be found here. Lab registration starts right after the first lecture. The Shepherd server opens up for registration after Lecture 4.
Prerequisites
A basic course on computer systems, software and/or hardware.
Guest lectures
This year we have two guest lectures. These seminars are not a compulsory part of the course, but provide interesting insight in how security is used in the industry.
Guest lecture 1: Accenture
Date: 18th of November at 13-15
Location: A1
Description: Every new technology introduces a new security risk that can erode all benefits. Business leaders want to know: Are we investing enough in security? And are we investing in the right things? During this presentation we will discuss technology trends and how they drive the security market. Furthermore, you will get an insight in Accenture Security and the role as a security consultant.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions - underpinned by the world's largest delivery network - Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 384,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
About the presenters: Dejan Dimic works within security consulting at Accenture with focus on Strategy & Risk and Cyber Defense. He has worked in a broad spectrum spanning from executive advisory services to leading teams of ethical hackers. Dejan holds a M.Sc. in Industrial Engineering and Management from Linköping University. Elisabeth Hanning started Accenture in the fall of 2015 as a security consulting analyst. She holds a M.Sc. in Industrial Engineering and Management from Linköping university where she studied courses within the area of information security.
Guest lecture 2: Sectra Communications
Date: 9th of December at 13-15
Location: A2
Robin von Post is the CTO of Sectra Communications, a European provider of
secure mobile communication solutions to government, defence and other critical
functions of society throughout NATO and EU.
With a background from Linköping University, Robin joined Sectra in 1997 and spent his first six years in various technical leadership roles within the mobile wireless division. Since 2003 he has held various roles within the security business, including project and product management, business development, bid management and sales.
He has continuously worked in close contact with the network of national security entities and has gathered thorough knowledge in interpreting and understanding requirements within the security domain. With almost 20 years of professional experience in the field of mobility and security, Robin has a solid foundation for overlooking and analyzing trends and development in an increasingly changing domain.
Examination
A written examination three times a year. See the central schedule for examinations. Previous exams can be found in Lisam.
The examination will contain questions from the level of merely
repeating and explaining facts to drawing advanced conclusions from
knowledge in the subject. In order to pass, a student should be able
to repeat facts about basic principles and typical countermeasures, to
understand the concepts used, and to identify relevant basic security
concepts in simple situations. For higher grades, the student should
be able to do more detailed analyses, to apply general concepts in
more complex situations and to draw conclusions from this application
of general principles. Knowledge of specific details in products and
protocols, such as how to change permissions in UNIX, how to use an
NSF log, etc is not required.
Informationsansvarig: Jonathan Jogenfors
Senast uppdaterad: 2016-12-19
