Data Security

• identify all major factors that have to be addressed in a security analysis of a particular system;
• define operational security goals for a given computing system;
• analyse an application scenario and identify common threats, vulnerabilities and risks;
• identify possible countermeasures against threats and vulnerabilities in a given security scenario;
• compare and contrast the underlying security mechanisms needed to implement security countermeasures;
• define operational security policies to achieve specific security goals using specific security mechanisms;
• design a security infrastructure that implements an operational security policy;
• use contemporary tools to analyse and implement (part of) a security infrastructure;
• evaluate (informally) a given set of security policies and mechanisms in a given application context in order to determine whether they are likely to satisfy a given list of security goals;
• document their work with the security process in a clear and concise report.

Security concepts: confidentiality, integrity, authenticity, availability etc. Symmetric and asymmetric cryptography and their uses; key distribution and digital signatures; discretionary and mandatory access control policies for confidentiality and integrity. Communication protocols for authentication, confidentiality and message integrity; network security; system security, intrusion detection and malicious code. Security models and security evaluation. Administration of security. Legal aspects of computer security.

Introductory courses in programming, software engineering and system architecture (e.g. corresponding to 02101, 02161 and 02159)

Lectures, exercise classes, practical classes.