LiU Homepage
TSIT02 Computer security 2018
The course takes place in period HT2 and can be included in several of our longer educations, is compulsory for students taking the security profile and is also taken by many Master's students, Erasmus students and others. There is a list below that briefly describes the course content, a description of the course goals can be found on another page. The lectures and all literature is in English.Organisation
There are 12 two-hour lectures, two two-hour guest lectures, and a lab course that spans the entire course duration. Two two-hour coaching sessions are reserved for each lab group.Contact information
Main lecturer: Guilherme XavierLecturer: Jan-Åke Larsson
Examiner: Guilherme Xavier
Teaching assistant: Niklas Johansson
Biometry lecturer: Ingo Hölscher, LiU-IT
Legal lecturer: Sebastian Wärmländer
Lab submission: tsit02-lab@isy.liu.se
Literature
The textbook we use for this course is Ross Anderson: Security Engineering (Wiley, 2008). This is a (very) large book, but don't panic -- I will only select parts of it for the course. The book is available online, free of charge, at the author's homepage. If you still want the hard copy (hey, it's cheaper than a gym membership!), it is not so expensive. However, we won't use the book too much during the course so I recommend the online version. The chapters in the course plan below reflects Anderson's book.
Course plan
Lecture slides appear shortly after each lecture.
| Lecture 1 | Brief history, terminology, measuring security | Guilherme | Ch 1, 25.5 |
| Remember to register for the lab sessions! | |||
| Lecture 2 | Authentication, tokens, biometry | Ingo | Ch 15 |
| Lecture 3 | Authentication, tokens, biometry (continued) | Ingo | Ch 15 |
| Lecture 4 | Web security, penetration testing, lab preparation | Guilherme | N/A |
| Lecture 5 | Access control | Guilherme | Ch 4.1-4.2.2, 8.1-8.3, 9.2.1 |
| Lecture 6 | Implementation examples and Virtualization | Guilherme | Ch 4.2.3, 4.2.5, 4.2.7, 4.2.9-4.2.10, 8.5 |
| Coaching 1 | First lab coaching session | Niklas | Sign-up for one hour if you have questions or if you're stuck on some problem. |
| Lecture 7 | Database security and software security (briefly) | Guilherme | Ch 4.2.8, 4.4.1-4.4.2, |
| Lecture 8 | Cryptography as a security tool | Jan-Åke | N/A |
| Lecture 9 | Key management and trust, side channel attacks | Guilherme | N/A |
| Lecture 10 | Legal perspectives on computer security | TBA | N/A |
| Coaching 2 | Second lab coaching session | Niklas | Sign-up for one hour if you have questions or if you're stuck on some problem. |
| Lecture 11 | Communication and network security | Jan-Åke | Ch 21 |
| Lecture 12 | Social engineering, New access control paradigms, DRM, the Cloud | Guilherme | N/A |
| Guest lecture | 15th of December: Accenture. See the guest lecture. | ||
Laborations
Lab sign-up is done via Lisam and should be started as soon as the course starts. Lab PM can be found here. Lab registration starts right after the first lecture. The TopDog server opens up for registration after Lecture 4.
Prerequisites
A basic course on computer systems, software and/or hardware.
Guest lectures
These seminars are not a compulsory part of the course, but provide interesting insight in how security is used in the industry.
Guest lecture 1: Cygate
Date: 12th of December at 13:15
Location: VAL
Description: Emerging new technologies introduces new security risks which need to be addressed to highlight the benefits of those technologies. Mitigating such risks needs an integrated cooperation between security techniques, security processes and people. In this presentation, we will discuss how these factors affect each other and how security solutions and services at Cygate help the customers to realize this integration. Cygate is a leading system-integrator which offers midsize and large companies and organisations higher efficiency and less risks through comprehensive data- and telecom solutions. It provides customers with a broad range of services and solutions in consulting, digital, technology and operations. The solutions are based on an understanding of business needs, deep technical knowledge and the best products through partnerships with the leading IT-vendors of the world. Cygate is a Swedish company having 20 offices all over Sweden and more than 700 staff and is owned by Telia Company AB the largest telephone and mobile network operator in Sweden.
About the presenters: Somayeh Salimi, PhD, Information Security Consultant at Cygate
Examination
A written examination three times a year. See the central schedule for examinations. Previous exams can be found in Lisam.
The examination will contain questions from the level of merely
repeating and explaining facts to drawing advanced conclusions from
knowledge in the subject. In order to pass, a student should be able
to repeat facts about basic principles and typical countermeasures, to
understand the concepts used, and to identify relevant basic security
concepts in simple situations. For higher grades, the student should
be able to do more detailed analyses, to apply general concepts in
more complex situations and to draw conclusions from this application
of general principles. Knowledge of specific details in products and
protocols, such as how to change permissions in UNIX, how to use an
NSF log, etc is not required.
Informationsansvarig: Jonathan Jogenfors
Senast uppdaterad: 2018-11-19
