Foundations of Information Security
2015-2016 - IMT6021 - 5 ECTS



On the basis of


Expected learning outcomes

The module provides an overview over several foundational areas in information security. In doing so, the module seeks to provide a consistent narrative emphasising the need for thorough analysis of threats and vulnerabilities and the inclusion of assurance mechanisms and metrics over considering security mechanisms in isolation.

The core of the module is given over to a rigorous discussion of security models and their relation to access control models with selected issues in identification and authentication and their required trust and reputation models also covered.

On concluding the module, candidates

  • are able to analyse an information system's security relying on formal and semi-formal methods
  • can identify appropriate formal security and information flow models consistent with threat and risk analyses as well as security policies
  • are able to evaluate and conduct developmental assurance processes

On concluding the module, candidates

  • will have an in-depth understanding of formal security models, particularly access control and information flow models
  • will be able to synthesise or analyse a formal or semi-formal system security analysis with emphasis on attack tree variant models
  • can articulate constraints and risks for identification and authentication mechanisms serving as a pre-requisite for formal security model

General Competence:
On concluding the module, candidates

  • are able to assess formal and informal security models 
  • have formed an overview of the foundations of information security allowing to contextualise and frame discussions in the area
  •  will have developed the ability to link disjoint areas of information security, synthesising security models and realisations


  • Security Analysis Models and Methods
  • Foundations of Identification and Authentication
  • Trust and Reputation Models
  • Access Control Models and Foundational Results
  • Security and Information Flow Models
  • Developmental Assurance

Teaching Methods


Teaching Methods (additional text)

  • Lectures
  • Literature study and term paper

Form(s) of Assessment


Form(s) of Assessment (additional text)

Assessment consists of two parts; both parts must be passed to secure an overall 'Pass' grade:

  • Part I is a written examination (3 hours), accounting for 33% of grade. Candidates must achieve an 'A' or 'B' grade to gain the equivalent 'Pass' Grade in Part I. The written exam evaluated by internal and external examiners.
  • Part II is a term paper, accounting for 67% of grade. The term paper is evaluated by the lecturer on a Pass/Fail scale.

Grading Scale


External/internal examiner

The written exam is evaluated by an internal or external examiner (external at least every three years)

Re-sit examination

Failing one part requires a re-sit of both parts, a new term paper must be provided.

Examination support

Not applicable

Coursework Requirements


Teaching Materials

The following textbooks are the primary references; further recommended
reading is provided in the course syllabus.

D. Gollmann: Computer Security, 3rd edition Wiley, 2011
M. Bishop: Computer Security: Art and Science. Addison-Wesley, 2003.

Additional information

Students must choose the term paper topic at the beginning of the semester in co-ordination with the course responsible; abstracts must be submitted to Fronter no later than five weeks after the start of the semester.

Final versions of the term paper must be submitted at the end of the module also via Fronter.

Capacity of the course is limited to 50 students unless explicitly arranged by lecturer.