Expected learning outcomes
Having completed the course, the student should have
- developed an advanced understanding of core issues from different sub-areas of information security research including security models, cryptography, network and operating system security, security management, and security engineering
- achieved in-depth knowledge on one of the core areas through independent study
- developed analytical skills enabling them to critically assess research publications and presentations
- Key results in the theory and modelling of information security
- Network security
- Operating system security
- Human factors in security
- Security engineering and assurance
- Cryptography and cryptanalysis
- Database security
- Security management
- Anonymity and privacy
Teaching Methods (additional text)
- Seminar discussions
Form(s) of Assessment
Form(s) of Assessment (additional text)
Students must provide two papers. One is a term paper on a topic chosen by the student in coordination with the lecturer (see below), the other is a final report which at least two other areas beyond those covered by the student in the term paper must be described concisely.
- Term paper: 67%
- Final report: 33%.
- Both parts must be passed.
Alphabetical Scale, A(best) – F (fail)
Evaluated by external and internal examiner.
The whole subject must be repeated.
Students are required to prepare a term paper on one of the subject areas covered in the course in coordination with and approved by the lecturer and must provide a presentation of results and findings in a seminar. The delivery date for the term paper is arranged individually to match the seminar schedule.
Textbooks, monographs, and research articles including but not limited to:
- M. Bishop: Computer Security: Art and Science.Addison-Wesley, 2003.
- M. A. Harrison, W. L. Ruzzo, J. D. Ullman: Protection in Operating Systems. Communications of the ACM 19(8):461-471 (1976)
- C. E. Landwehr: Formal Models for Computer Security. ACM Computing Surveys 13(3):247-278 (1981)
- D. Dolev and A. C. Yao: On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2):198–208, 1983
- J. Goubault-Larrecq: Towards Producing Formally Checkable Security Proofs, Automatically Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSFW 2008), IEEE, Pittsburgh, PA, USA, June 2008, pp. 224-238.
- L. F. Cranor and S. Garfinkel: Security and Usability: Designing Secure Systems that People Can Use O’Reilly, 2005
- J. C. Brustoloni and R.Villamarin-Salomon: Improving Security Decisions with Polymorphic and Audited Dialogs. Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS'2007), ACM, Pittsburgh, PA, USA, July 2007, pp. 76-87.
- W. Diffie and M. Hellman: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6):644-654 (1976)
- R. L. Rivest, A. Shamir,, and L. Adleman: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2):120-126 (1978)
- E. Bertino and R. Sandhu: Database Security - Concepts, Approaches, and Challenges. IEEE Transactions on Dependable and Secure Computing 2(1):2-19 (2005)
- J. Vaidya and C. Clifton: Privacy-Preserving Decision Trees over Vertically Partitioned Data. ACM Transactions on Knowledge Discovery from Data 2(3):14 (2008)
- K. Thompson: Reflections on Trusting Trust Communications of the ACM 27(8):761-763 (1984)
- J. Feigenbaum, A. Johnson, and P. Syverson: A Model of Onion Routing with Provable Anonymity" Proceedings of the 11th International Conference Financial Cryptography and Data Security (FC 2007), Vol. 4886 of Lecture Notes in Computer Science. Trinidad/Tobago, Feb. 2007, Springer-Verlag.
- E. Peeters, F.-X. Standaert, and J.-J. Quisquater: Power and Electromagnetic Analysis: Improved Model, Consequences, and Comparisons Integration: The VLSI Journal 40(1):52-60 (2007)
- D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi: The EM Side-Channel(s) Proceedings of Cryptographic Hardware and Embedded Systems (CHES 2002), Vol. 2523 of Lecture Notes in Computer Science, Lausanne, Switzerland, Sep. 2002, Springer-Verlag.
The course will be limited to 12 students except by arrangement with the lecturer.