TSIT02 Computer securityThe course takes place in period HT2 and can be included in several of our longer educations, is compulsory for students taking the security profile and is also taken by many Master's students, Erasmus students and others. There is a list below that briefly describes the course content, a description of the course goals can be found on another page. The lectures and all literature is in English.
OrganisationThere are 12 two-hour lectures, two guest lectures, and a lab course that spans the entire course duration. Two two-hour coaching sessions are reserved for each lab group.
Contact informationMain lecturer: Guilherme Xavier
Lecturer: Jan-Åke Larsson, Niklas Johansson, Jonathan Jogenfors,
Examiner: Guilherme Xavier
Teaching assistant: Niklas Johansson
Biometry lecturer: Ingo Hölscher, LiU-IT
Legal lecturer: Anna Süpke and Johannes Hassmund
Lab submission: firstname.lastname@example.org
The textbooks we use for this course are Computer Security: Principles and Practice, 3rd Edition and Ross Anderson: Security Engineering (Wiley, 2008). The second book is available online, free of charge, at the author's homepage. We won't use the book too much during the course so we recommend the online version.
|Lecture 1||Brief history, terminology, measuring security||Guilherme||Ch 1, 25.5|
|Remember to register for the lab sessions!|
|Lecture 2||Authentication, tokens, biometry||Ingo||Ch 15|
|Lecture 3||Access control||Jonathan||Ch 4.1-4.2.2, 8.1-8.3, 9.2.1|
|Lecture 4||Web security, penetration testing, lab preparation||Niklas||N/A|
|Lecture 5||Authentication, tokens, biometry (continued)||Ingo||Ch 15|
|Lecture 6||Implementation examples and Virtualization||Guilherme||Ch 4.2.3, 4.2.5, 4.2.7, 4.2.9-4.2.10, 8.5|
|Lecture 7||Database security and software security (briefly)||Guilherme||Ch 4.2.8, 4.4.1-4.4.2,|
|Lecture 8||Cryptography as a security tool||Jan-Åke||N/A|
|Lecture 9||Key management and trust, side channel attacks||Guilherme||N/A|
|Lecture 10||Legal perspectives on computer security||Anna and Johannes||N/A|
|Lecture 11||Communication and network security||Guilherme||Ch 21|
|Lecture 12||Social engineering, New access control paradigms, DRM, the Cloud||Guilherme||N/A|
|Guest lecture||See the guest lecture.|
Updated lecture slides appear shortly after each lecture on Lisam, and the chapter ref. is to Ross Anderson: Security Engineering (Wiley, 2008)
Lab PM can be found here. The TopDog Hacking Challenge starts after Lecture 4.
These seminars are not a compulsory part of the course, but provide interesting insight in how security is used in the industry.
Guest lecture 1: Bodforss consulting.
Date: 10th of December at 10:15
Rikard will talk about a critical vulnerability he discovered five years ago and some of the challenges in the disclosure process. The talk is a spin-off on the presentation he gave on CS3 Sthlm. In the second part of the lecture Rikard will discuss the security profession as a career path. What should you do if you want to pursue a career in IT and information security. What is the value of certification, and what experience is good to have. Finally some tips on how to kick start your career in the wonderful field of IT and information security.
About the presenters: Rikard Bodforss works as CEO and Senior Partner at Bodforss Consulting AB in Sweden. He has over 25 years of experience working with IT and information security from both private and public sector. Rikard holds CISSP and CISA certifications and was awarded the Thomas Fitzgerald award by ISACA for the highest score in the world on the CISA exam in 2009. His specialty is securing industrial control systems and public critical infrastructure. His sector experience ranges from automotive, finance and healthcare to energy and water. Before founding Bodforss Consulting he worked as CIO for Gothenburg Sustainable Waste and Water. Rikard is a popular speaker on international conferences, and in his free time he is part of the team behind the Swedish security podcast "Säkerhetspodcasten"
Guest lecture 2: Accenture Security.
Date: 11th of December at 13:15
Managing IT- and Information Security risks are more important than ever before. Security threats continue to evolve which put organizations under pressure to continuously improve their IT Security posture. But how do you decide what to prioritize? Or how much to invest on protective, detective and responsive security controls? Accenture Security enable big Swedish companies to transform and improve their IT security posture so they can perform their core business in a safe way. During this lecture we will talk about consultant life at Accenture, the questions we help clients solve and present the security trends we are seeing in the market and that we are currently working with.
About the presenters: John Göthner
A written examination three times a year. See the central schedule for examinations. Previous exams can be found in Lisam.
The examination will contain questions from the level of merely
repeating and explaining facts to drawing advanced conclusions from
knowledge in the subject. In order to pass, a student should be able
to repeat facts about basic principles and typical countermeasures, to
understand the concepts used, and to identify relevant basic security
concepts in simple situations. For higher grades, the student should
be able to do more detailed analyses, to apply general concepts in
more complex situations and to draw conclusions from this application
of general principles. Knowledge of specific details in products and
protocols, such as how to change permissions in UNIX, how to use an
NSF log, etc is not required.
Informationsansvarig: Guilherme Xavier
Senast uppdaterad: 2018-11-19