Syllabus 2011/2012 EIT015

Syllabus academic year 2011/2012
(Created 2011-09-01.)

SECURE SYSTEMS AND APPLICATIONS

EIT015

Credits: 7,5. Grading scale: TH. Cycle: G2 (First Cycle). Main field: Technology. Language of instruction: The course might be given in English. Optional for: C4, C4da, C4ks, D4, D4ks, E4, E4ks. Course coordinator: Professor Ben Smeets, ben.smeets@eit.lth.se, Electrical and Information Technology. Recommended prerequisits: EIT060 Computer Security or EDI051 Cryptology. Assessment: Grade 3,4 requires approved project reports that will be graded. Grade 5 can be obtained after successful written or oral exam. Students should sign-up for written or oral exam. Re-examination in ordinary re-examination period: NO. Home page: http://www.eit.lth.se/course/eit015.

Aim
The goal of this course is to give the students an in-depth insight into the main stream problems and solutions within computer security. This to allow the student by him/herself to select among existing solutions and/or to present solutions with good quality.

Knowledge and understanding
For a passing grade the student must

Analyze a security problem in a computer system
Present solutions of good quality to many standard computer security problems
Possess detailed knowledge of building blocks used in computer security
Understand the mechanisms of the most frequent used attack methods

Skills and abilities
For a passing grade the student must

present detailed descriptions of systems that are applied to improve security in computer system
give a sound motivation of a proposal of a solution to a computer security problem

Judgement and approach
For a passing grade the student must

During the course you have to present and discuss your projects

Contents
Inledning: In-depth knowledge in computer security is needed when designing secure information systems and (computer) applications. In particular, it is important to understand how security protocols and cryptographic methods should be applied to obtain secure applications. Since attacks on systems will occur it is also important to understand how intrusion can be analyzed and should be dealt with in a professional way. Furthermore, one should understand how the enemy works and thinks to obtain his/her goal.

Computer Forensics: principles, standard practices, tools

Digital signatures: Digital signatures in reality, Public Key Infrastructure (PKI) (certificat, revocation, CA, RA, X509), XML signatures

Special crypto algorithms: blind signatures, e-voting, dual signatures

E-commerce: solutions (Amazon.com, E-cash), micro-payment,

DRM system: DRM (ebook, OMA DRM Phase 2),

Smartcardt: ISO standard, programming, attacks

Secure networks:: authentication methods, RADIUS, DIAMETER, description and comparison of IPSEC/VPN, TLS, SSL. WLAN security. UMTS, Denial of Service (DOS) attacks.

Trusted Platforms: Hardware vs Software, Java, Secure OS, Virtualization, Trusted Computing Group (TPM, MTM, authenticated boot), security in Android and MeeGo

Secure programming: methodolgy, tools, code protection

Literature
Lecture notes in form of powerpoint slides and articles.