Syllabus 2008/2009 EIT060

Syllabus academic year 2008/2009
(Created 2008-07-17.)

COMPUTER SECURITY

EIT060

Higher education credits: 7,5. Grading scale: TH. Level: G1 (First level). Language of instruction: The course will be given in Swedish. Compulsory for: C2. Optional for: D3, E3, F3, RH4. Course coordinator: Dr. Martin Hell, martin.hell@eit.lth.se, Inst för elektro- och informationsteknik. Prerequisites: Java programming capability. Assessment: Written exam (5 hours). Approved home exercises, laboratories and project are required to pass the course. Home page: http://www.eit.lth.se/course/eit060.

Aim
The course wants to give the students a good overview of the most relevant areas in computer security. Some areas will be addressed in more detail.

Knowledge and understanding
For a passing grade the student must

Describe the general problems that are addressed by computer security
Classify security problems in relation to the different areas within computer security
Describe different building blocks used in computer security
Explain the principles behind different approaches to access control and digitial signatures.

Skills and abilities
For a passing grade the student must

Provide overview descriptions of systems that will add security into a technical system
Show that you are capable to perform a basic analysis of a security problem

Judgement and approach
For a passing grade the student must

During the course you have to present and discuss your solution of home assignments and projects

Contents
Introduction: The information technology development of the last decade has made computer security to one of the major and relevant areas when it comes to the use of existing and development of new information systems. Almost daily we see in the press articles about security in computers. We can read about malware in the form of viruses and trojan horses, export control of cryptographic technology, legal data interception, or plain hacks into computers. The goal of the course is to give an overview of the main areas of computer security. Some areas are dealt with in more depth.

Foundation: General principles and definitions in computer security, identification and authentication, access control, trust and security evaluation.

Cryptographic algorithms: Encryption methods, digital signing, digital certificates, X509, notion of public-key infrastructure (PKI), marking.

Computer system Security: Operating system security, security in Unix, Windows, Java.Trusted computing group: TPM

Security problems: Malware, attacks, buffer overflow, software security.

Distributed systems: Access control, Kerberos, firewalls, intrusion detection,

Networks: Security in the Internet and radio networks like GSM/UMTS and WLAN. Security protocols TLS, SSL, IPSEC. Virtuella networks like VPN and Darknet

Smartcards: History, architecture, Java card, attacks, verification

Security in databases: Access control, information leakage, polyinstantiation

Content and IP protection: Protection of programs, music, film and e-books, overview of the copying problem, principles of a DRM system.

Literature
Gollmann D.: Computer Security. second edition (ISBN 0470862939)