Winter
2007/08 | Security Engineering
(half-course, 4VL + 2 PR)| VL: | Tue, | 13:13-14:45, | RUD 26, 1.305, | Dr. Wolf Müller | | | Thu, | 13:15-14:45, | RUD 26, 1.305, | Dr. Wolf Müller | | PR: | Thu, | 15:00-16:30, | RUD 26, 1.305, | Dipl-Inf. M.Kurth |
| 
Computer Science Department
Systems Architecture Group
|
| |
Abstract: As a user of the Internet, you are fortunate to be tied into the world's greatest communication and information exchange - but not without a price. As a result of this connection, your computer, your organization's network, and everywhere the network reaches are all vulnerable to potentially disastrous infiltration by hackers. [W. Cheswick. Firewalls and Internet Security]
|
Synopsis:- Half-Course, Praktische Informatik, Hauptstudium.
- Offered regularly, at least once every two years, usually in spring.
- 2 lectures per week, 2h each, over one semester (4SWS VL).
- 1 lab (Praktikum) per week, 2h each, over one semester (2SWS PR).
Credits: - There will be a few, short, unannounced, closed-book quizzes to verify your existence and to test your understanding. These will be worth 40 percent of the final grade.
- An announced final examination will be given at he end of the semester. It will cover all of the relevant readings and material presented and discussed in class. It will be worth 60 percent of the course grade.
- To qualify for the final examination, you have to complete all lab assignments to the satisfaction of the teaching assistant (70% = 38.5 points).
- Regular class attendance is expected; frequent absences are grounds for a failing grade regardless of other performance. You may be missing for up to 1 lecture per semester without prior and reasonable excuse. 'prior' means notification by email before the end of business the day before the lecture. 'reasonable' means sickness or study-related events that require your attendance.
- Lectures begin on time. Students arriving more than 10 minutes late will not be admitted to the lecture and will be counted as 'missing' that day.
Prerequisites: - Successful completion of PI-1.
- Decent Java programming skills.
- At least one semester attendance of 'Development Tools and System Administration in Unix'.
Slides: (pdf) Demonstrations: (please use with care and conform to CBO) Syllabus: - What is Security Engineering? How to think about security?
- Principles and problems
- Authentication
- Authorization
- Access Control
- Integrity
- Privacy
- Solutions
- Passwords
- Protocols
- Biometry
- Cryptography
- Secure communication channels
- PKI / Certificates
- Monitoring Systems
- Physical Tamper Resistance
- Attack types (overview)
- Man in the middle
- Social engineering
- ...
- Case Studies
- Access Control in UNIX
- Access Control in Windows 2000/XP
- Denial of service attack in internet
- VISA-Card / Banking Cards
- Internet Banking
- Secure Electronic Documents (Acrobat/PDF)
- Secure Printing and Seals
- German Passport
- Advanced problems and solutions
- Emission Security
- Security in Distributed Systems
- Multilateral Security
- Multilevel Security
- Electronic and Information Warfare
- Telecom System Security
- Quantum Cryptography (optional if time left)
Syllabus - Lab (Practicum, 70% = 38.5 points required): Further Readings (Books): | |
|
