100 likes | 198 Views
T-110.4206 Information S ecurity Technology. Aalto University , autumn 2013. My background. Lecturer: Tuomas Aura PhD from Helsinki University of Technology in 2000 Microsoft Research, UK, 2001–2009 Professor at Aalto 2008– Research areas: Security of new technologies
E N D
T-110.4206 InformationSecurity Technology Aalto University, autumn 2013
My background • Lecturer: Tuomas Aura • PhD from Helsinki University of Technology in 2000 • Microsoft Research, UK, 2001–2009 • Professor at Aalto 2008– • Research areas: • Security of new technologies • Network security, DoS resistance • NFC applications, ticketing and payment • Privacy of mobile users • Security protocol engineering • Security of mobility protocols (Mobile IPv6, SEND, etc.)
Lectures • Lecturer: Tuomas Aura • 12 lectures in Sep-Oct 2013 • Tuesdays 12:15-14 T1 • Thursdays 14:15-16 T1 • Attendance not mandatory but some material will only be covered in the lectures • Lecture slides published in Noppa after each lecture • Published slides include some additional pages • No tutorial or exercise sessions to attend
Exercises • Goal: broadening the scope of the course with hands-on experience (sorry, no prep questions for the exam) • 6 exercise rounds, starting next week, continuing to exam week • Exercise problems in Noppa by Sunday each week (first round on 15 September) • Deadline on the following Sunday 23:59; reports to be returned to Rubyric • Course assistants • Aapo Kalliola and Markku Antikainen • email: t-110.4206@tkk.fi • Course assistants available in the Playroom for advice and equipment: • Wednesdays 16:15-18 room A120 • Thursdays 16:15-18 room A120 (these are the corrent times)
Advice for the exercises • Programming skills are a prerequisite for this course • Try to solve all problems at least partly • Individual work: It is ok to discuss with other students but do not copy or even read the written solutions of other students. Do all practical experiments independently • If you quote any text written by someone else, mark it clearly as a ”quotation” and give the source, e.g. [RFC 1234, section 5.6.7]
Assessment • Examination Thu 24 Oct 2013 at 13:00-16:00 in T1Remember to register for the exam two weeks earlier! • Examination scope: lectures, recommended reading material, exercises, good general knowledge of the topic area • Some old exams in Noppa under Additional Reading • Exercises are not mandatory but strongly recommended • Marking: • exam max. 30 points • exercises max 6 x 10 = 60 points • grading based on total points = exam + roundup(exercises / 10) (total max 30+6=36 points) • Course feedback is mandatory
Goals • You are familiar with the fundamental concepts and models of information security. You can analyze threats, know common security technologies, and understand how they can be applied to protect against the threats. You are able to participate in practical security work • Understand the limitations of security technologies to use them right • Be aware of many pitfalls in security engineering • Learn the adversarial mindsetof security engineering • Starting point for learning more
Approximate course contents • Computer security overview • Access control models and policies • Operating system security • Software security • User authentication • Applied cryptography • Certificates and network security • Encrypting stored data • Identity management • Threat modeling • Payment systems • Privacy
Recommended reading • Dieter Gollmann, Computer Security, 3rd ed., 2011 (good overview) • Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd ed., 2008 (fun real-life stories) • Matt Bishop, Introduction to computer security, 2004/2005 (for research students)
Course development • In 2014, thiscoursewillbeCSE-C3400 InformationSecurity • From3 cr to 5 cr; moreexercises on software security • No major changes to the course content this year. Annual updates to the content • What has or has not changed based on 2012 student feedback? • Students liked the hands-on exercises. Some found the exercises to be a lot of work, others way too easy. Only minor changes were for this year as it is still only a 3-cr course. • There is a fine line between the course assistant giving advice on the exercises and giving you the solution outright. We’ll try to find the right balance. • Students liked discussion in the lectures. Please do continue to tell about your experiences and do ask questions. • Sorry, I won’t publish model answers to the exam questions. There are many ways to answer the problems, and writing short model answers would create more questions than it answers. • Some slides are in the handouts but not shown during lectures. This is intentional. They are supporting material.