Foundations of Information Security
2009-2010 - IMT6021 - 5 ECTS

Expected learning outcomes

Having completed the course, the student should have

  • the ability to derive and apply modelling techniques used for secure computer systems and reasoning about them
  • in-depth knowledge of selected access control mechanisms and their mathematical foundations as well as an in-depth understanding of identification and authentication mechanisms
  • obtained a solid understanding of security analysis and developmental assurance techniques and issues


  • Identification and authentication mechanisms including biometrics
  • Access control models and formalisms
  • Decidability results and limitations of access control and security models
  • Security models including the Bell-LaPadula, RBAC, and Chinese Wall models
  • Information-theoretic models of information flow and covert channels
  • Developmental assurance and evaluation criteria

Teaching Methods


Teaching Methods (additional text)

  • Lectures
  • Term paper

Form(s) of Assessment


Form(s) of Assessment (additional text)

Term paper. Ph.D. students must pass the written examination with at least an A or B grade, but will be evaluated mainly on the term paper, which is assessed to different, more stringent criteria than the M.Sc. version.

  • Written exam (alternatively oral exam): 33%
  • Term paper: 67%
  • Ph.D. students must pass both parts and pass with A or B on the written exam.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by external and internal examiner.

Re-sit examination

A new term paper must be provided and the examination must be re-sat next autumn.

Examination support

Dictionary, simple calculator

Coursework Requirements


Teaching Materials

The following textbooks are the primary references; further recommended reading is provided in the course syllabus.

  • M. Bishop: Computer Security: Art and Science. Addison-Wesley, 2003.
  • D. Gollmann: Computer Security, 2nd edition Wiley, 2006

Additional information

Capacity of the course is limited to 50 students unless explicitly arranged by lecturer.