The dSik course (2012), an introductory course in IT Security

Time and Place

The course starts Monday, April 2, at 8:15 in Store aud, IT huset. After the first week, all talks on Mondays start at 9:15.

Lectures

Monday 9:15-10 Store Aud, the IT house.

Wednesday 8:15-10 Store Aud, the IT House.

Exercises Classes

DA1 Friday 8-11, 5341-014 first session April 13

DA2 Thursday 9-12, 5342-026 first session April 12

DA3 Thursday 12-15, 5342-018 first session April 12

DA4 Tuesday 14-17, 5342-018 first session April 10 (changed from April 3)

These are the times and places from the original schedule. They can sometimes be modified during the quarter. If in doubt, check with your TA.

There will a mandatory exercise to hand in each week. The mandatory exercises are marked as mandatory in the sets of exercises for each week found under the Document menu. To attend the exam, you must have all 6 mandatory exercises approved by your TA. Read more about the exam below.

Note that there will not be exercises to hand in, in the first week of the course. Nevertheless, please show up for the first exercise session (see above), for a meeting with your TA to settle practical matters and to form some groups for exercise work.

Deadline for handing in the first mandatory exercise will be at the start of the exercise session in week 2 of the course, that is, week 16 in the calendar.

Course Plan

Course notes and various additional material can all be found under the Documents menu.

Week 1: Introduction to basic concepts, and Cryptography and Confidentiality
Week 2: Cryptography and Authentication
Week 3: Key Management and Infrastrucures
Week 4: Network Security, Protocols etc.
Week 5: System security and Security Policies
Week 6: Security Threats and Attacks
Week 7: A Case from Real Life: Security at the Science Faculty

Additional Material to be used in weeks 5 and 6 of the course

From Anderson: Security Engineering, on the GSM standard. Exam pensum is p.352-363, but no knowledge on the details of the cryptographic algorithms is expected.

From Li Gong: Inside Java 2, section on Java security model. Exam pensum is p.21-41

From Howard: Writing secure code, section on overflow attacks and related problems. Exam pensum is p.127-138

From McClure et al: Hacking Exposed, section on various attacks. Only superficial knowledge of this note is expected for the exam.

Exams etc.

The exam is oral, with no preparation, 20 minutes per person. You will choose one of the 6 subjects below at random. You may bring your notes to the exam, but we expect that you do not read from a manuscript.

Exam Questions

1. Cryptography, confidentiality

2. Cryptography, authentication

3. Key management and Infrastructures

4. Network Security

5. System Security and Models for Security Policies

6. Threats and Pitfalls

The exam questions each cover roughly one week of the course, and are meant to cover all the material that was covered in each week (with exceptions as stated under course materials above). One special case is firewalls, where it is rather difficult to say whether this subject belongs in network security or in system security. Firewalls are therefore considered as a part of the material for both week 4 and week 5.

For the exam, you should think about what you believe is important to say about each of the questions, and be prepared to say something about this on your own for about 12-15 minutes. In general, the more you can say that makes sense about the subject, the less time we have for asking unpleasant questions! The intention is to test whether you can classify and describe different tools and concepts in IT security, understand what they can be used for, and separate the important points from the less important details.