02239 - Data Security
General Information
Time: Wednesday afternoon (module E5B)
Examination: Written examination and reports.
Lecturers:
Christian Damsgaard Jensen (CDJE), Building 322/212
Sebastian Alexander Mödersheim (SAMO), Building 321/018
General Objectives
The objective of the course is to provide an introduction to
the basic concepts of computer security for graduate level
students. The course contents include: security concepts, such
as confidentiality, integrity, authenticity, availability
etc. Symmetric and asymmetric cryptography and their uses; key
distribution and digital signatures; discretionary and
mandatory access control policies for confidentiality and
integrity. Communication protocols for authentication,
confidentiality and message integrity. Network security;
system security, intrusion detection and malicious
code. Security models and security evaluation. Administration
of security. Legal aspects of computer security.
Learning objectives
A student who has met the objectives of the course will be able to:
- identify all major factors that have to be addressed in
a security analysis of a particular system;
- define operational security goals for a given computing system;
- analyse an application scenario and identify common
threats, vulnerabilities and risks;
- identify possible countermeasures against threats and
vulnerabilities in a given security scenario;
- compare and contrast the underlying security mechanisms
needed to implement security countermeasures;
- define operational security policies to achieve
specific security goals using specific security mechanisms;
- design a security infrastructure that implements an
operational security policy;
- use contemporary tools to analyse and implement (part
of) a security infrastructure;
- evaluate (informally) a given set of security policies
and mechanisms in a given application context in order to
determine whether they are likely to satisfy a given list of
security goals;
- document their work with the security process in a
clear and concise report.
Course Format
The course is given as a combination of lectures, given by the
course lecturers, and practical laboratory work.
Lectures
Many lectures will be based on the following text book (copies
are available at Polyteknisk Boghandel):
C. P. Pfleeger &
S. L. Pfleeger: "Security in Computing",
fifth edition, Prentice Hall, 2015.
We will however
also cover topics that are not described in this book in much
depth, and for this we will provide lecture notes/slides and
references for further reading.
Laboratory Work
The laboratory work consists of a number of small assignments,
most of them mandatory, which will take place in the databars.
These assignments are designed to provide hands-on experience
with different security technologies and will typically
involve a limited programming exercise, which will be
documented through a small report (4-8 pages).
Activity Calendar
The activity calendar may to change to reflect the progress of
the class, please check the calendar on the DTU Learn page of
the course.