02239 - Data Security, Autumn 2011.

General Information

Time: Wednesday afternoon (module E5B)
Location: Lectures: B.306, Auditorium 35; Practical classes (labs): B.341, E-databar.
Examination: Written course work and a larger final project report.
Text book: C. P. Pfleeger & S. L. Pfleeger: "Security in Computing", fourth edition, Prentice Hall, 2006.
Lecturers:
Christian Damsgaard Jensen (CDJ), Building 322/013 (course responsible)
Sebastian Alexander Mödersheim (SAMO), Building 322/120

General Objectives

The objective of the course is to provide an introduction to the basic concepts of computer security for graduate level students. The course contents include: security concepts, such as confidentiality, integrity, authenticity, availability etc. Symmetric and asymmetric cryptography and their uses; key distribution and digital signatures; discretionary and mandatory access control policies for confidentiality and integrity. Communication protocols for authentication, confidentiality and message integrity. Network security; system security, intrusion detection and malicious code. Security models and security evaluation. Administration of security. Legal aspects of computer security.

Learning objectives

A student who has met the objectives of the course will be able to:

identify all major factors that have to be addressed in a security analysis of a particular system;
define operational security goals for a given computing system;
analyse an application scenario and identify common threats, vulnerabilities and risks;
identify possible countermeasures against threats and vulnerabilities in a given security scenario;
compare and contrast the underlying security mechanisms needed to implement security countermeasures;
define operational security policies to achieve specific security goals using specific security mechanisms;
design a security infrastructure that implements an operational security policy;
use contemporary tools to analyse and implement (part of) a security infrastructure;
evaluate (informally) a given set of security policies and mechanisms in a given application context in order to determine whether they are likely to satisfy a given list of security goals;
document their work with the security process in a clear and concise report.

Course Format

The course is given as a combination of lectures, given by the course lecturers, practical laboratory work.

Lectures

Lectures will primarily be based on the text book by C. P. Pfleeger & S. L. Pfleeger: "Security in Computing", fourth edition, Prentice Hall, 2006 (Copies are available at Polyteknisk Boghandel,) but other material may be included, which will then be made available on the web.

Laboratory Work

The laboratory work consists of a number of small assignments, most of them mandatory, which will take place in the databars. These assignments are designed to provide hands-on experience with different security technologies and will typically involve a limited programming exercise, which will be documented through a small report (4-8 pages).

Activity Calendar

This is the first instance of 02239, so the activity calendar below is likely to change to reflect the progress of the class.

This plan is subject to change, so watch this space regularly to see the latest development.

Date	Time	Activity	Topic
31 Aug	13.00-15.00	Lecture	Introduction to data Security
	15.15-17.00	Exercises	There will be no exercises this week
7 Sep	13.00-15.00	Lecture	Cryptography I (CDJ) Lecture covers material from P&P 2-2.4.
	15.15-17.00	Tutorial	Introduction to cryptography in Java
14 Sep	13.00-15.00	Lecture	Cryptography II (CDJ) Lecture covers material from P&P 2.7-2.9.
	15.15-17.00	Lab work	Java cryptography lab
21 Sep	13.00-15.00	Lecture	Protocol security I (SAMO)
	15.15-17.00	Lab work	Presentation of protocol security lab
28 Sep	13.00-15.00	Lecture	Protocol security II (SAMO)
	15.15-17.00	Lab work	Continuation of protocol security lab
5 Oct	13.00-15.00	Lecture	Protection/Access Control (CDJ) Lecture covers material from P&P 4-4.3(p. 213), 4.5, 5-5.3.
	15.15-17.00	Lab work	Continuation of protocol security lab
12 Oct	13.00-15.00	Film	Operation Takedown: the Kevin Mitnick story (CDJ)
	15.15-17.00	Discussion	Human aspects of computer security - Security usability and the fight against social engineering
19 Oct			Autumn Holiday
26 Oct	13.00-15.00	Lecture	Software security I (SAMO)
	15.15-17.00	Tutorial	Introduction to Java Security
2 Nov	13.00-15.00	Lecture	Software security II (SAMO)
	15.15-17.00	Lab work	Java Authentication Lab
9 Nov	13.00-15.00	Lecture	Security in Networks I (CDJ) Lecture covers material from P&P 7-7.2.
	15.15-17.00	Lab work	Java Authentication Lab (cont.)
16 Nov	13.00-15.00	Lecture	Security in Networks II (CDJ) Lecture covers material from P&P 7.3-7.4.
	15.15-17.00	Lab work	Java Access Control Lab
23 Nov	13.00-15.00	Lecture	Security Management (CDJ) Lecture covers material from P&P 8.
	15.15-17.00	Lab work	Java Access control Lab (cont.)
30 Nov	13.00-15.00	Lecture	Legal Issues (CDJ) Lecture covers material from P&P 11 (we focus on danish and European legislation).
	15.15-17.00	Exercises	Presentation of Final Project Topics. Oral evaluation of the course