Suchergebnis: Katalogdaten im Herbstsemester 2021

Informatik Master Information
Master-Studium (Studienreglement 2020)
Ergänzungen
Ergänzung in Information Security
NummerTitelTypECTSUmfangDozierende
252-0463-00LSecurity Engineering Information W7 KP2V + 2U + 2AS. Krstic
KurzbeschreibungSubject of the class are engineering techniques for developing secure systems. We examine concepts, methods and tools, applied within the different activities of the SW development process to improve security of the system. Topics: security requirements&risk analysis, system modeling&model-based development methods, implementation-level security, and evaluation criteria for secure systems
LernzielSecurity engineering is an evolving discipline that unifies two important areas: software engineering and security. Software Engineering addresses the development and application of methods for systematically developing, operating, and maintaining, complex, high-quality software.
Security, on the other hand, is concerned with assuring and verifying properties of a system that relate to confidentiality, integrity, and availability of data.

The goal of this class is to survey engineering techniques for developing secure systems. We will examine concepts, methods, and tools that can be applied within the different activities of the software development process, in order to improve the security of the resulting systems.

Topics covered include

* security requirements & risk analysis,
* system modeling and model-based development methods,
* implementation-level security, and
* evaluation criteria for the development of secure systems
InhaltSecurity engineering is an evolving discipline that unifies two important areas: software engineering and security. Software Engineering addresses the development and application of methods for systematically developing, operating, and maintaining, complex, high-quality software.
Security, on the other hand, is concerned with assuring and verifying properties of a system that relate to confidentiality, integrity, and availability of data.

The goal of this class is to survey engineering techniques for developing secure systems. We will examine concepts, methods, and tools that can be applied within the different activities of the software development process, in order to improve the security of the resulting systems.

Topics covered include

* security requirements & risk analysis,
* system modeling and model-based development methods,
* implementation-level security, and
* evaluation criteria for the development of secure systems

Modules taught:

1. Introduction
- Introduction of Infsec group and speakers
- Security meets SW engineering: an introduction
- The activities of SW engineering, and where security fits in
- Overview of this class
2. Requirements Engineering: Security Requirements and some Analysis
- Overview: functional and non-functional requirements
- Use cases, misuse cases, sequence diagrams
- Safety and security
3. Modeling in the design activities
- Structure, behavior, and data flow
- Class diagrams, statecharts
4. Model-driven security for access control (Part I)
- SecureUML as a language for access control
- Combining Design Modeling Languages with SecureUML
- Semantics, i.e., what does it all mean,
- Generation
- Examples and experience
5. Model-driven security (Part II)
- Continuation of above topics
6. Security patterns (design and implementation)
7. Implementation-level security
- Buffer overflows
- Input checking
- Injection attacks
8. Code scanning
- Static code analysis basics
- Theoretical and practical challenges
- Analysis algorithms
- Common bug pattern search and specification
- Dataflow analysis
9. Testing
- Overview and basics
- Model-based testing
- Testing security properties
10. Risk analysis and management
- "Risk": assets, threats, vulnerabilities, risk
- Risk assessment: quantitative and qualitative
- Safeguards
- Generic risk analysis procedure
- The OCTAVE approach
- Example of qualitative risk assessment
11. Threat modeling
- Overview
- Safety engineering basics: FMEA and FTA
- Security impact analysis in the design phase
- Modeling security threats: attack trees
- Examples and experience
12. Evaluation criteria
- NIST special papers
- ISO/IEC 27000
- Common criteria
- BSI baseline protection
13. Guest lecture
- TBA
Literatur- Ross Anderson: Security Engineering, Wiley, 2001.
- Matt Bishop: Computer Security, Pearson Education, 2003.
- Ian Sommerville: Software Engineering, 6th ed., Addison-Wesley, 2001.
- John Viega, Gary McGraw: Building Secure Software, Addison-Wesley, 2002.
- Further relevant books and journal/conference articles will be announced in the lecture.
Voraussetzungen / BesonderesPrerequisite: Class on Information Security
252-1411-00LSecurity of Wireless Networks Information W6 KP2V + 1U + 2AS. Capkun, K. Kostiainen
KurzbeschreibungCore Elements: Wireless communication channel, Wireless network architectures and protocols, Attacks on wireless networks, Protection techniques.
LernzielAfter this course, the students should be able to: describe and classify security goals and attacks in wireless networks; describe security architectures of the following wireless systems and networks: 802.11, GSM/UMTS, RFID, ad hoc/sensor networks; reason about security protocols for wireless network; implement mechanisms to secure
802.11 networks.
InhaltWireless channel basics. Wireless electronic warfare: jamming and target tracking. Basic security protocols in cellular, WLAN and
multi-hop networks. Recent advances in security of multi-hop networks; RFID privacy challenges and solutions.
252-1414-00LSystem Security Information W7 KP2V + 2U + 2AS. Capkun, A. Perrig
KurzbeschreibungThe first part of the lecture covers individual system aspects starting with tamperproof or tamper-resistant hardware in general over operating system related security mechanisms to application software systems, such as host based intrusion detection systems. In the second part, the focus is on system design and methodologies for building secure systems.
LernzielIn this lecture, students learn about the security requirements and capabilities that are expected from modern hardware, operating systems, and other software environments. An overview of available technologies, algorithms and standards is given, with which these requirements can be met.
InhaltThe first part of the lecture covers individual system's aspects starting with tamperproof or tamperresistant hardware in general over operating system related security mechanisms to application software systems such as host based intrusion detetction systems. The main topics covered are: tamper resistant hardware, CPU support for security, protection mechanisms in the kernel, file system security (permissions / ACLs / network filesystem issues), IPC Security, mechanisms in more modern OS, such as Capabilities and Zones, Libraries and Software tools for security assurance, etc.

In the second part, the focus is on system design and methodologies for building secure systems. Topics include: patch management, common software faults (buffer overflows, etc.), writing secure software (design, architecture, QA, testing), compiler-supported security, language-supported security, logging and auditing (BSM audit, dtrace, ...), cryptographic support, and trustworthy computing (TCG, SGX).

Along the lectures, model cases will be elaborated and evaluated in the exercises.
263-4640-00LNetwork Security Information W8 KP2V + 2U + 3AA. Perrig, S. Frei, M. Legner, K. Paterson
KurzbeschreibungSome of today's most damaging attacks on computer systems involve exploitation of network infrastructure, either as the target of attack or as a vehicle to attack end systems.
This course provides an in-depth study of network attack techniques and methods to defend against them.
Lernziel- Students are familiar with fundamental network-security concepts.
- Students can assess current threats that Internet services and networked devices face, and can evaluate appropriate countermeasures.
- Students can identify and assess vulnerabilities in software systems and network protocols.
- Students have an in-depth understanding of a range of important state-of-the-art security technologies.
- Students can implement network-security protocols based on cryptographic libraries.
InhaltThe course will cover topics spanning four broad themes with a focus on the first two themes:
(1) network defense mechanisms such as public-key infrastructures, TLS, VPNs, anonymous-communication systems, secure routing protocols, secure DNS systems, and network intrusion-detection systems;
(2) network attacks such as hijacking, spoofing, denial-of-service (DoS), and distributed denial-of-service (DDoS) attacks;
(3) analysis and inference topics such as traffic monitoring and network forensics; and
(4) new technologies related to next-generation networks.

In addition, several guest lectures will provide in-depth insights into specific current real-world network-security topics.
Voraussetzungen / BesonderesThis lecture is intended for students with an interest in securing Internet communication services and network devices. Students are assumed to have knowledge in networking as taught in a communication networks lecture like 252-0064-00L or 227-0120-00L.
Basic knowledge of information security or applied cryptography as taught in 252-0211-00L or 263-4660-00L is beneficial, but an overview of the most important cryptographic primitives will be provided at the beginning of the course.
The course will involve several graded course projects. Students are expected to be familiar with a general-purpose or network programming language such as C/C++, Go, Python, or Rust.
KompetenzenKompetenzen
Fachspezifische KompetenzenKonzepte und Theoriengeprüft
Verfahren und Technologiengeprüft
Methodenspezifische KompetenzenAnalytische Kompetenzengeprüft
Entscheidungsfindunggeprüft
Medien und digitale Technologiengeprüft
Problemlösunggeprüft
Projektmanagementgeprüft
Soziale KompetenzenKommunikationgefördert
Kooperation und Teamarbeitgefördert
Kundenorientierunggefördert
Menschenführung und Verantwortunggefördert
Selbstdarstellung und soziale Einflussnahmegefördert
Sensibilität für Vielfalt gefördert
Verhandlunggefördert
Persönliche KompetenzenAnpassung und Flexibilitätgefördert
Kreatives Denkengeprüft
Kritisches Denkengeprüft
Integrität und Arbeitsethikgefördert
Selbstbewusstsein und Selbstreflexion gefördert
Selbststeuerung und Selbstmanagement geprüft
263-4657-00LAdvanced Encryption SchemesW5 KP2V + 1U + 1AR. Gay
KurzbeschreibungPublic-Key Encryption has had a significant impact by enabling remote parties to communicate securely via an insecure channel. Latest schemes go further by providing a fine-grained access to the encrypted data.
LernzielThe student is comfortable with formal security definitions and proof techniques used to analyze the security of the latest encryption schemes with advanced features. This prepares the student to start reading research papers on the field.
InhaltWe will start by presenting the notion of Public-Key Encryption with its various security guarantees and some constructions. Then we will look into encryption schemes with fine-grained access control to the encrypted data, such as identity-based encryption or attribute-based encryption and present different methodology to prove their security.
LiteraturLinks to relevant research papers will be given in the course materials.
Voraussetzungen / BesonderesIt is recommended for students to have prior exposure to cryptography, e.g.the D-INFK course "Digital Signatures" or "Applied Cryptography".
263-4665-00LZero-Knowledge Proofs Belegung eingeschränkt - Details anzeigen
Number of participants limited to 50.
W5 KP2V + 1U + 1AJ. Bootle
KurzbeschreibungThis course is a detailed introduction to zero-knowledge proof protocols.
LernzielTo understand various methods of constructing zero-knowledge proof protocols, and be able to analyse their security properties.
InhaltThe course will discuss interactive zero-knowledge proofs based on various commitment schemes, and explore connections to other areas like secure multi-party computation. The course may also describe some more advanced constructions of non-interactive proofs.
SkriptThe course notes will be written in English.
Voraussetzungen / BesonderesStudents should have taken a first course in Cryptography (as taught in the Information Security course at Bachelor’s level). Confidence with algebra and probability is desirable.
227-0579-00LHardware SecurityW7 KP2V + 2U + 2AK. Razavi
KurzbeschreibungThis course covers the security of commodity computer hardware (e.g., CPU, DRAM, etc.) with a special focus on cutting-edge hands-on research. The aim of the course is familiarizing the students with hardware security and more specifically microarchitectural and circuit-level attacks and defenses through lectures, reviewing and discussing papers, and executing some of these advanced attacks.
LernzielBy the end of the course, the students will be familiar with the state of the art in commodity computer hardware attacks and defenses. More specifically, the students will learn about:

- security problems of commodity hardware that we use everyday and how you can defend against them.
- relevant computer architecture and operating system aspects of these issues.
- hands-on techniques for performing hardware attacks.
- writing critical reviews and constructive discussions with peers on this topic.

This is the course where you get credit points by building some of the most advanced exploits on the planet! The luckiest team will collect a Best Demo Award at the end of the course.
LiteraturSlides, relevant literature and manuals will be made available during the course.
Voraussetzungen / BesonderesKnowledge of systems programming and computer architecture is a plus.
  •  Seite  1  von  1