02239 - Data Security
General Information
Time: Wednesday afternoon (module E5B)
Examination: Written examination and reports.
Lecturers:
Sebastian Alexander Mödersheim, Building 321/018
Sébastien Gondron, external lecturer
General Objectives
The objective of the course is to provide an introduction to
the basic concepts of computer security for graduate level
students. The course contents include: security concepts, such
as confidentiality, integrity, authenticity, availability
etc. Symmetric and asymmetric cryptography and their uses; key
distribution and digital signatures; discretionary and
mandatory access control policies for confidentiality and
integrity. Communication protocols for authentication,
confidentiality and message integrity. Network security;
system security, intrusion detection and malicious
code. Security models and security evaluation. Administration
of security. Legal aspects of computer security.
Learning objectives
A student who has met the objectives of the course will be able to:
- identify all major factors that have to be addressed in
a security analysis of a particular system;
- define operational security goals for a given computing system;
- analyse an application scenario and identify common
threats, vulnerabilities and risks;
- identify possible countermeasures against threats and
vulnerabilities in a given security scenario;
- compare and contrast the underlying security mechanisms
needed to implement security countermeasures;
- define operational security policies to achieve
specific security goals using specific security mechanisms;
- design a security infrastructure that implements an
operational security policy;
- use contemporary tools to analyse and implement (part
of) a security infrastructure;
- evaluate (informally) a given set of security policies
and mechanisms in a given application context in order to
determine whether they are likely to satisfy a given list of
security goals;
- document their work with the security process in a
clear and concise report.
Course Format
The course is given as a combination of lectures, given by the
course lecturers, and practical laboratory work.
Lectures
The teaching materials are mainly the slides we provide in the lectures.
We use the tool OFMC in some lectures and it ships with additional documentation. We will
also reference research papers for further reading.
Some lectures were based on the book
C. P. Pfleeger &
S. L. Pfleeger: "Security in Computing",
fifth edition, Prentice Hall, 2015.
This book is however not necessary for following the course.
Laboratory Work
The laboratory work consists of a number of small assignments,
most of them mandatory, which will take place in the databars.
These assignments are designed to provide hands-on experience
with different security technologies and will typically
involve a limited programming exercise, which will be
documented through a small report (4-8 pages).
Activity Calendar
The activity calendar may to change to reflect the progress of
the class, please check the calendar on the DTU Learn page of
the course.