Winter
2007/08 |
Security Engineering
(half-course, 4VL + 2 PR)
VL: |
Tue, |
13:13-14:45, |
RUD 26, 1.305, |
Dr. Wolf Müller |
|
Thu, |
13:15-14:45, |
RUD 26, 1.305, |
Dr. Wolf Müller |
PR: |
Thu, |
15:00-16:30, |
RUD 26, 1.305, |
Dipl-Inf.
M.Kurth |
|
Computer Science Department
Systems Architecture Group |
|
Abstract: As a user of the Internet, you are fortunate to be tied into the
world's greatest communication and information exchange - but not
without a price. As a result of this connection, your computer, your
organization's network, and everywhere the network reaches are all
vulnerable to potentially disastrous infiltration by hackers. [W.
Cheswick. Firewalls and Internet Security]
|
Synopsis:
- Half-Course, Praktische Informatik, Hauptstudium.
- Offered regularly, at least once every two years, usually
in spring.
- 2 lectures per week, 2h each, over one semester
(4SWS VL).
- 1 lab (Praktikum) per week, 2h each, over one
semester (2SWS PR).
Credits:
- There will be a few, short, unannounced,
closed-book quizzes to verify your existence and to test your
understanding. These will be worth 40 percent of the final grade.
- An announced final examination will be
given at he end of the semester. It will cover all of the relevant
readings and material presented and discussed in class. It will be
worth 60 percent of the course grade.
- To qualify for the final examination, you have to complete all
lab assignments to the satisfaction of the teaching assistant (70% =
38.5 points).
- Regular class attendance is expected; frequent
absences are grounds for a failing grade regardless of other
performance. You may be missing for up to 1 lecture per
semester without prior
and reasonable excuse. 'prior' means notification
by email before the end of business the day before the lecture.
'reasonable' means sickness or study-related events that
require your attendance.
- Lectures begin on time. Students arriving
more than 10 minutes late will not be admitted to the
lecture and will be counted as 'missing' that day.
Prerequisites:
- Successful completion
of PI-1.
- Decent Java programming skills.
- At least one semester attendance of
'Development Tools and System Administration in Unix'.
Slides: (pdf)
Demonstrations: (please use with care and
conform to
CBO)
Syllabus:
- What is Security Engineering? How
to think about security?
- Principles and problems
- Authentication
- Authorization
- Access Control
- Integrity
- Privacy
- Solutions
- Passwords
- Protocols
- Biometry
- Cryptography
- Secure communication channels
- PKI / Certificates
- Monitoring Systems
- Physical Tamper Resistance
- Attack types (overview)
- Man in the middle
- Social engineering
- ...
- Case Studies
- Access Control in UNIX
- Access Control in Windows 2000/XP
- Denial of service attack in internet
- VISA-Card / Banking Cards
- Internet Banking
- Secure Electronic Documents (Acrobat/PDF)
- Secure Printing and Seals
- German Passport
- Advanced problems and solutions
- Emission Security
- Security in Distributed Systems
- Multilateral Security
- Multilevel Security
- Electronic and Information Warfare
- Telecom System Security
- Quantum Cryptography (optional if time left)
Syllabus - Lab (Practicum, 70% = 38.5 points required):
Further Readings (Books):
|
|
|