System Security
Study plans 2016-2017 - IMT4123 - 7.5 ECTS

On the basis of

Candidates should have read IMT4113 Introduction to Cyber and Information Security.

Expected learning outcomes

Candidates who have successfully completed this course, should have achieved the following total learning outcome


  • Candidates are expected to possess in-depth knowledge of modelling techniques for secure computer systems
  • Candidates have advanced knowledge of common vulnerabilities, attack mechanisms, and methods against computer and information systems
  • Candidates have thorough knowledge on the theory and methods underlying access control
  • Candidates have thorough knowledge on security techniques and methods  applied in operating systems
  • Candidates have thorough knowledge about software security and secure development process


  • Candidates are capable of applying relevant methods for security modelling and analysis of software applications and information systems.
  • Candidates are capable of analysing, evaluating and enhancing the security of information systems independently by identifying potential threats and propose possible countermeasures

General Competence

  • Candidates  can analyse relevant professional and research ethical problems related to securing information system and software.
  • Candidates  are capable of applying their knowledge and skills in new fields, in order to carry out advanced tasks and projects.
  • Candidates  can work independently and are familiar with terminology of the field of software and system security.
  • Candidates can communicate about academic issues related to system and software security both with specialists and public audience.
  • Candidates can contribute to innovation and innovation processes in information security.


  • Access control (formal models and systems)
  • System security analysis (attack-defense trees and threat modelling)
  • Secure software development (requirement, design, code, testing)
  • Vulnerabilities and attack patterns and methods (injection, overflow, race conditions, MITM )
  • Distributed system security (covert channels, trust modelling and propagation)
  • Operating systems security (hardware protection, privileges,  I/O protection, virtualization)

Teaching Methods

Mandatory assignments

Teaching Methods (additional text)

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through the university’s learning management system.

Form(s) of Assessment

Written exam, 3 hours

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by internal examiner. External examiner is used periodically every fifth year, first time spring 2018

Re-sit examination

Ordinary re-sit examination in August.

Examination support


Coursework Requirements

Students are expected to hand in at least 4 (four) obligatory exercises.

Teaching Materials

The following textbooks are the primary references; further recommended reading is provided in the course syllabus.

  • M. Bishop: Computer Security: Art and Science. Addison-Wesley, 2003.
  • D. Gollmann: Computer Security, 2nd edition Wiley, 2006
  • R. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Chichester, UK (2001)

Replacement course for

IMT4541 Foundations of Information Security and IMT4122 Software Security Trends