Search result: Catalogue data in Autumn Semester 2019

DAS in Cyber Security Information
Elective Courses
NumberTitleTypeECTSHoursLecturers
252-0463-00LSecurity Engineering Information W7 credits2V + 2U + 2AD. Basin, S. Krstic
AbstractSubject of the class are engineering techniques for developing secure systems. We examine concepts, methods and tools, applied within the different activities of the SW development process to improve security of the system. Topics: security requirements&risk analysis, system modeling&model-based development methods, implementation-level security, and evaluation criteria for secure systems
Learning objectiveSecurity engineering is an evolving discipline that unifies two important areas: software engineering and security. Software Engineering addresses the development and application of methods for systematically developing, operating, and maintaining, complex, high-quality software.
Security, on the other hand, is concerned with assuring and verifying properties of a system that relate to confidentiality, integrity, and availability of data.

The goal of this class is to survey engineering techniques for developing secure systems. We will examine concepts, methods, and tools that can be applied within the different activities of the software development process, in order to improve the security of the resulting systems.

Topics covered include

* security requirements & risk analysis,
* system modeling and model-based development methods,
* implementation-level security, and
* evaluation criteria for the development of secure systems
ContentSecurity engineering is an evolving discipline that unifies two important areas: software engineering and security. Software Engineering addresses the development and application of methods for systematically developing, operating, and maintaining, complex, high-quality software.
Security, on the other hand, is concerned with assuring and verifying properties of a system that relate to confidentiality, integrity, and availability of data.

The goal of this class is to survey engineering techniques for developing secure systems. We will examine concepts, methods, and tools that can be applied within the different activities of the software development process, in order to improve the security of the resulting systems.

Topics covered include

* security requirements & risk analysis,
* system modeling and model-based development methods,
* implementation-level security, and
* evaluation criteria for the development of secure systems

Modules taught:

1. Introduction
- Introduction of Infsec group and speakers
- Security meets SW engineering: an introduction
- The activities of SW engineering, and where security fits in
- Overview of this class
2. Requirements Engineering: Security Requirements and some Analysis
- overview: functional and non-functional requirements
- use cases, misuse cases, sequence diagrams
- safety and security
- FMEA, FTA, attack trees
3. Modeling in the design activities
- structure, behavior, and data flow
- class diagrams, statecharts
4. Model-driven security for access control (design)
- SecureUML as a language for access control
- Combining Design Modeling Languages with SecureUML
- Semantics, i.e., what does it all mean,
- Generation
- Examples and experience
5. Model-driven security (Part II)
- Continuation of above topics
6. Security patterns (design and implementation)
7. Implementation-level security
- Buffer overflows
- Input checking
- Injection attacks
8. Testing
- overview
- model-based testing
- testing security properties
9. Risk analysis and management 1 (project management)
- "risk": assets, threats, vulnerabilities, risk
- risk assessment: quantitative and qualitative
- safeguards
- generic risk analysis procedure
- The OCTAVE approach
10. Risk analysis: IT baseline protection
- Overview
- Example
11. Evaluation criteria
- CMMI
- systems security engineering CMM
- common criteria
12. Guest lecture
- TBA
Literature- Ross Anderson: Security Engineering, Wiley, 2001.
- Matt Bishop: Computer Security, Pearson Education, 2003.
- Ian Sommerville: Software Engineering, 6th ed., Addison-Wesley, 2001.
- John Viega, Gary McGraw: Building Secure Software, Addison-Wesley, 2002.
- Further relevant books and journal/conference articles will be announced in the lecture.
Prerequisites / NoticePrerequisite: Class on Information Security
252-1411-00LSecurity of Wireless Networks Information W5 credits2V + 1U + 1AS. Capkun, K. Kostiainen
AbstractCore Elements: Wireless communication channel, Wireless network architectures and protocols, Attacks on wireless networks, Protection techniques.
Learning objectiveAfter this course, the students should be able to: describe and classify security goals and attacks in wireless networks; describe security architectures of the following wireless systems and networks: 802.11, GSM/UMTS, RFID, ad hoc/sensor networks; reason about security protocols for wireless network; implement mechanisms to secure
802.11 networks.
ContentWireless channel basics. Wireless electronic warfare: jamming and target tracking. Basic security protocols in cellular, WLAN and
multi-hop networks. Recent advances in security of multi-hop networks; RFID privacy challenges and solutions.
268-0201-00LInformation Security Seminar and Project Restricted registration - show details
Only for CAS and DAS in Cyber Security.
W2 credits2SP. Schaller, D. Basin, S. Capkun, U. Maurer, K. Paterson, A. Perrig
AbstractParticipants of the seminar are assigned a recent topic in cyber security. They are expected to become acquainted with the assigned issue and to prepare a corresponding presentation in the context of the seminar.
Learning objectiveParticipants have understood and presented a publication or report on a present topic in information security. By attending other participants presentations students get further introduced to additional current information security related topics/incidents.
ContentParticipants of the seminar are assigned a recent topic in cyber security. They are expected to become acquainted with the assigned issue and to prepare a corresponding presentation in the context of the seminar.
268-0202-00LCyber Security Policy Restricted registration - show details
Only for CAS and DAS in Cyber Security.
W3 credits2GM. Dunn Cavelty, A. Wenger
AbstractThis course focuses on the interrelationship between digital technologies, their development, their use and misuse by human actors on the one hand and enduring negotiation processes between the state and its bureaucracies, society, and the private sector to develop solution on the other.
Learning objectiveThe aim of the course is to foster an understanding about how digital technologies are related to the realm of politics and how different actors (the state, but also non-state actors) react to the challenges emerging in the digital age with different governance approaches.
ContentHow to approach cyber insecurity politically continues to be a difficult issue for states. The willingness to use disruptive cyber tools in the context of great power rivalry has increased. Further digitalization of society comes with clear benefits, but also with new challenges. The dynamic interaction between technological vulnerabilities and the possibilities of their misuse creates a problem space with little stability.
In this course, we look at the threat environment, national and international counter strategies, and the possible future of this problem field. We understand cybersecurity politics as emerging from the interplay between digital technologies, their development, their use and misuse by human actors in conflictual economic, social and political contexts - and by enduring negotiation processes between the state and its bureaucracies, society, and the private sector in order to identify roles and responsibilities.
  •  Page  1  of  1