Syllabus for |
|
EDA263 - Computer security |
|
Syllabus adopted 2015-02-02 by Head of Programme (or corresponding) |
Owner: MPCSN |
|
7,5 Credits |
Grading: TH - Five, Four, Three, Not passed |
Education cycle: Second-cycle |
Major subject: Computer Science and Engineering, Information Technology
|
Department: 37 - COMPUTER SCIENCE AND ENGINEERING
|
Teaching language: English
Open for exchange students
Block schedule:
C
Course module |
|
Credit distribution |
|
Examination dates |
Sp1 |
Sp2 |
Sp3 |
Sp4 |
Summer course |
No Sp |
0107 |
Examination |
6,0 c |
Grading: TH |
|
|
|
6,0 c
|
|
|
|
|
19 Mar 2016 am H, |
09 Apr 2016 pm SB, |
24 Aug 2016 pm M |
0207 |
Laboratory |
1,5 c |
Grading: UG |
|
|
|
1,5 c
|
|
|
|
|
|
In programs
MPEES EMBEDDED ELECTRONIC SYSTEM DESIGN, MSC PROGR, Year 1 (elective)
MPCSN COMPUTER SYSTEMS AND NETWORKS, MSC PROGR, Year 1 (compulsory elective)
TKITE SOFTWARE ENGINEERING, Year 3 (elective)
TKDAT COMPUTER SCIENCE AND ENGINEERING, Year 3 (elective)
MPALG COMPUTER SCIENCE - ALGORITHMS, LANGUAGES AND LOGIC, MSC PROGR, Year 1 (elective)
MPALG COMPUTER SCIENCE - ALGORITHMS, LANGUAGES AND LOGIC, MSC PROGR, Year 2 (elective)
MPSOF SOFTWARE ENGINEERING, MSC PROGR, Year 2 (elective)
TIDAL COMPUTER ENGINEERING, Year 3 (compulsory elective)
MPIDE INTERACTION DESIGN AND TECHNOLOGIES, MSC PROGR, Year 2 (elective)
Examiner:
Docent
Magnus Almgren
Replaces
EDA261
Applied computer security EDA262
Computer security
Go to Course Homepage
Eligibility:
In order to be eligible for a second cycle course the applicant needs to fulfil the general and specific entry requirements of the programme that owns the course. (If the second cycle course is owned by a first cycle programme, second cycle entry requirements apply.)
Exemption from the eligibility requirement:
Applicants enrolled in a programme at Chalmers where the course is included in the study programme are exempted from fulfilling these requirements.
Course specific prerequisites
General requirements from a Bachelor's degree are required. Knowledge in a programming language, such as C, is also required.
The course EDA092 Operating systems or equivalent is recommended.
Aim
The course gives basic knowledge in the security area, i.e. how to protect your system against intentional intrusions and attacks. The purpose of intrusions can be made to change or delete resources (data, programs, hardware, etc), to get unauthorized access to confidential information or unauthorized use of the system's services. The course covers threats and vulnerabilities in the computer systems and networks, as well as rules, methods and mechanisms for protection. Modeling and assessment of security and dependability as well as metrication methods are covered. During a few lectures, a holistic security approach is taken and organizational, business-related, social, human, legal and ethical aspects are treated.
Learning outcomes (after completion of the course the student should be able to)
After completing the course the student shall have acquired the following knowledge goals. The student shall:
* have an overall, fundamental understanding of computer security and realize the consequences of insecurity
* have a general knowledge of protection mechanisms
* be capable of making a security analysis of different types of systems and suggest ways to improve security
* be able to deal with a few methods for security modeling
* understand common methods for security assessment, evaluation and metrication
* have improved his or her skill in technical writing
* be able to reason on the ethical and social aspects of computer security.
Content
Introduction to computer security: definitions, terminology, standards. Some practical examples. Relation to dependability, reliability, availability and safety.
UNIX security: file system, system administration, passwords and accounts, authorization.
Security threats: systematic approach, physical security, including tempest, viruses, worms, Trojan horses, and logic bombs.
Information hiding, steganography and covert channels.
Introduction to cryptography.
Secure operating systems. Security mechanisms: authentication, authorization, access control, file protection, reference monitor, encryption and separation.
Intrusion detection systems. Deception systems.
Security Models: Bell-LaPadula, Biba, Chinese wall etc.
Introduction to Network Security and firewalls.
Database security, defensive programming, injection attacks.
Security metrics.
Security management and organisation. Security policy and risk analysis. Social engineering, cyber criminality and information warfare.
Laws and ethics.
Organisation
The course consists of a series of lectures, a few exercises and laborative exercises. Normally, one or two lectures are given by lecturers from industry, who give an application perspective on security. The laborative exercises focus on a few common security mechanisms.
Computer security is one of the courses proposed in the security specialization at Chalmers and Göteborg University. It gives an overview of the field. For those with interest in the security specialization we recommend this course (EDA263) as an overview and refer to the other courses for depth, Cryptography (TDA351), Network security (EDA491) and Language-based security (TDA602). Ethical and social aspects in relation to computer science are further developed in the course DAT147.
Literature
See separate literature list.
Examination
Written exam and pass on laboratory exercises.