1 / 10

T-110.4206 Information S ecurity Technology

T-110.4206 Information S ecurity Technology. Aalto University , autumn 2012. My background. Lecturer: Tuomas Aura PhD from Helsinki University of Technology in 2000 Microsoft Research, UK, 2001–2009 Professor at Aalto 2008– Research areas: Network security DoS resistance

rainer
Download Presentation

T-110.4206 Information S ecurity Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. T-110.4206 InformationSecurity Technology Aalto University, autumn 2012

  2. My background • Lecturer: Tuomas Aura • PhD from Helsinki University of Technology in 2000 • Microsoft Research, UK, 2001–2009 • Professor at Aalto 2008– • Research areas: • Network security • DoSresistance • Privacy of mobile users • Security protocol engineering • Security of mobility protocols (Mobile IPv6, SEND, etc.) • Ticketing and payment

  3. Lectures • Lecturer: Tuomas Aura • 12 lectures in Sep-Oct 2011 • Wednesdays 14:15-16 T1 • Thursdays 14:15-16 TU1 • Attendance not mandatory but some material will only be covered in the lectures • No tutorial or exercise sessions to attend

  4. Exercises • 6 exercise rounds, starting next week • Exercise problems in Noppa by Sunday each week (first round on 16 September) • Deadline on the following Sunday 23:59; reports to be returned to Rubyric • Course assistants • Aapo Kalliola and Jaakko Salo • email: t-110.4206@tkk.fi • Course assistants available on in the Playroom for advice and equipment: • Wednesdays 16:15-18 room A120 • Thursdays 16:15-18 room A120

  5. Advice for exercises • Try to solve all problems at least partly • Individual work: It is ok to discuss with other students but do not copy or even read the written solutions of other students. Do all practical experiments independently • If you quote any text written by someone else, mark it clearly as a ”quotation” and give the source, e.g. [RFC 1234, section 5.6.7]

  6. Assessment • First examination Thu 25 Oct 2012 at 09:00-12:00 in T1Remember to register for the exam two weeks earlier! • Examination scope: lectures, recommended reading material, exercises, good general knowledge of the topic area • Exercises are not mandatory but strongly recommended • Marking: • exam max. 30 points • exercises max 6 x 10 = 60 points • grading based on total points = exam + (exercises / 10) (total max 30+6=36 points) • Course feedback is mandatory

  7. Goals • You are familiar with the fundamental concepts and models of information security. You can analyze threats, know common security technologies, and understand how they can be applied to protect against the threats. You are able to participate in practical security work • Understand the limitations of security technologies to use them right • Be aware of the pitfalls in security engineering: security is not just mathematics or just code • Starting point for learning more • Learn the adversarial mindset of security engineering

  8. Approximate course contents • Computer security overview • Access control models and policies • User authentication • Operating system security • Applied cryptography • Certificates and network security • Encrypting stored data • Software security • Identity management • Threat modeling • Security regulation and management • Payment systems

  9. Recommended reading • Dieter Gollmann, Computer Security, 3rd ed., 2011 (good overview) • Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd ed., 2008 (fun real-life stories) • Matt Bishop, Introduction to computer security, 2005 (for research students)

  10. Course development • No major changes to the course content this year. Some updates to the content. • Based on student feedback, this course was the 2nd most liked large course (over 50 students) in computer-science in the year 2011-12 • What has or has not changed based on student feedback? • Students liked the hands-on exercises. Only minor changes made to last year. • Students liked discussionsin the lectures. Please do continue to tell about your experiences and do ask questions. • For some students, the exercises are easy. — True, the exercises are planned not to take much time. The reporting was simplified for this reason last year. In the future, we plan to increase the credits and add more demanding projects. • The exercise topics are different from the lectures and the exercises do not prepare the students for the exam. — This is true. The hands-on exercise are designed to broaden the scope of the course. • The exercises are not fully in sync with the lectures. — True. Let’s see if we can improve this. • Some students would want to have the lecture slides in advance. Ok, I may publish some slides in advance but only some. The slides are typically not ready until 5 minutes before the lecture. • Other notes: • Some slides are in the handouts but not shown during lectures. This is intentional. There is more material in the handouts than can be covered in the lectures. • We will try to publish the exercise questions some days earlier than last year. However, course assistants can usually only set up and maintain the equipment for one exercise round at a time.

More Related