Foundations of Information Security
2012-2013 - IMT4541 - 5 ECTS

Expected learning outcomes


  • Candidates are expected to possess in-depth knowledge of modelling techniques for secure computer systems
  • Candidates should have thorough knowledge of models and mechanisms for identification and authentication mechanisms
  • Candidates are capable of applying methods for security analysis to novel domains in a rigorous and systematic way


  • Candidates are expected to be capable of identifying suitable modelling techniques for analysing security requirements
  • Candidates are able to undertake a research study based in part on primary literature, formulating a concise and reasoned review of such literature in the form of a structured article
  • Candidates are able to apply relevant scientific methods in security modelling and analysis

General Competence

  • Candidates are able to understand and analyze the professional, ethical, and privacy-related problems arising from the design and implementation of security models and mechanisms
  • Candidates are familiar with terminology and concepts in security modelling and analysis and selected areas of information security, permitting independent work in the area
  • Candidates are capable of contributing to innovation and innovation processes in information security
  • Candidates are capable of discussing information security problems, particularly related to identification and authentication and security models with a specialist and also general audience.


  • Identification and authentication mechanisms
  • Access control models and formalisms
  • Decidability results and limitations of access controls and security models
  • Security models, including the Bell-LaPadula, role-based access control, and Chinese Wall models
  • Information theoretic models of information flow and covert channels
  • Developmental assurance and evaluation criteria (optional)

Teaching Methods


Teaching Methods (additional text)

  • Lectures
  • Tutorials
  • Term paper

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (ClassFronter).

Form(s) of Assessment


Form(s) of Assessment (additional text)

Assessment consists of two parts, pass decision is on cumulative grade of both parts:
   - Part 1 is a written examination (3 hours), accounting for 67% of grade.
   Internal and external examiners.
   - Part 2 is a term paper, accounting for 33% of grade.
   Term paper is evaluated by the lecturer.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by external and internal examiner.

Re-sit examination

A new term paper must be provided and the examination must be re-sat.

Examination support

Dictionary, simple calculator

Coursework Requirements


Teaching Materials

The following textbooks are the primary references; further recommended reading is provided in the course syllabus.

  • M. Bishop: Computer Security: Art and Science. Addison-Wesley, 2003.
  • D. Gollmann: Computer Security, 2nd edition Wiley, 2006
  • R. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Chichester, UK (2001)
  • A. K. Jain, P. J. Flynn, and A. A. Ross: Handbook of Biometrics. Springer-Verlag, Berlin, Germany (2007)

Replacement course for

IMT4162 Information Security and Security Architecture