Syllabus 2007/2008 EIT060

Syllabus academic year 2007/2008

COMPUTER SECURITY

EIT060

Higher education credits: 7,5. Grading scale: TH. Level: G1 (First level). Language of instruction: The course will be given in Swedish. Compulsory for: C3. Optional for: D3, E3, F3, RH4. Course coordinator: Prof Ben Smeets, ben.smeets@it.lth.se, Inst f informationsteknologi. Prerequisites: Java programming capability. Assessment: Grade 3 requires approved home assignments, project reports, and laboratory assignments. Grade 4-5 can be obtained after successful written or oral exam. Re-examination in ordinary examination period: Yes Re-examination in ordinary re-examination period: NO. Home page: http://www.it.lth.se/courses/computersecurity.

Aim
The course wants to give the students a good overview of the most relevant areas in computer security. Some areas will be addressed in more detail.

Knowledge and understanding
For a passing grade the student must

Describe the general problems that are addressed by computer security
Classify security problems in relation to the different areas within computer security
Describe different building blocks used in computer security
Explain the principles behind different approaches to access control and digitial signatures.

Skills and abilities
For a passing grade the student must

Provide overview descriptions of systems that will add security into a technical system
Show that you are capable to perform an basic analysis of a security problem

Judgement and approach
For a passing grade the student must

During the course you have to present and discuss your solution of home assignments and projects

Contents
Introduction: The information technology development of the last decade has made computer security to one of the major and relevant areas when it comes to the use of existing and development of new information systems. Almost daily we see in the press articles about security in computers. We can read about malware in the form of viruses and trojan horses, export control of cryptographic technology, legal data interception, or plain hacks into computers. The goal of the course is to give an overview of the main areas of computer security. Some areas are dealt with in more depth.

Foundation: General principles and definitions in computer security, identification and authentication, access control, trust and security evaluation.

Cryptographic algorithms: Encryption methods, digital signing, digital certificates, X509, notion of public-key infrastructure (PKI), marking, code obfuscation.

Computer system Security: Operating system security, security in Unix, Windows, Java.Trusted computing group: TPM

Security problems: Malware, attacks, buffer overflow, software security.

Distributed systems: Access control, Kerberos, firewalls, intrusion detection,

Networks: Security in the Internet and radio networks like GSM/UMTS and WLAN. Security protocols TLS, SSL, IPSEC. Virtuella networks like VPN and Darknet

Smartcardt: History, architecture, Java card, attacks, verification

Security ni databases: Access control, information leakage, polyinstantiation

Contenct and IP protection: Protection of programs, music, film and e-books, overview of the copying problem, principles of a DRM system, Apple Fair Play, OMA DRM v1 and v2.

Literature
Gollmann D.: Computer Security. second edition (ISBN 0470862939)