 |
Informationssicherheit 2
Sommersemester 2009
|
 |
This WWW page gives you a short overview on our course on
security and saftey. Also it provides actual information about the course and
additional material.
NEWS:
Due to business meetings the lecture on May, 19 is rescheduled to a later date.
- Evaluation of the course: to improve the course it is very helpful to
get your feedback. So please take your time to download the evaluation form (either in
German or in
English ), fill in your comments and return it to the lecturer (either during
the course, via e-mail or another transportation way preserving your privacy).
Content:
This course on security introduces into the methodologies and technologies of IT-security.
We analyse various security techniques like security protocols, and security policies and introduce in approaches
of security engineering. We address the several phases of security engineering, illustrate techniques for
risk/threat analysis and security measures and outline official criteria for IT-security (CC).
Outline:
- Basics of Security (short rephrase of notions from Informationssicherheit I)
- Introduction
- Multilateral Security
- Privacy, Integrity, Accessability ...
- Modeling
- Types of modeling
- Formal models
- What can we learn from models
- Specific modeling techniques
- Security Protocols
- Analysis of Security Protocols
- Modeling Protocols and Attackers (Dolev Yao and more)
- Symbolic Evaluation and Model Checking
- Strand Spaces
- Theorem Proving Approaches
- Security Policies
- Formalisation of Security Policies: What is known?
- Access Control
- Information Flow Control as a Dependency Relation
- Deterministic Information Flow Control
- Possibilistic Information Flow Control
- Languaged Based Security
- Application in the Semantic Web
- Privacy and Security in the Semantic Web
- ...
Dates and locations:
- Lecture: Tuesday 1pm - 3pm, MZH 7220
- Exercises: Tuesday 3pm - 5pm, MZH 7210
Slides of the course:
The slides will be available as PowerPoint presentations and in
PDF-format on this web page . There are public-domain viewers for PowerPoint
presentations
available (distributed by Microsoft and OpenOffice) at:
.
| 8.4.2009 |
Introduction |
ppt
|
pdf
|
| 15.4.2009 |
Access Control |
ppt
|
pdf
|
| 29.4.2009 |
Information Flow Control (Basics) |
ppt
|
pdf
|
| 5-26.5.2009 |
Language Based Security, Possibilistic Approaches |
ppt
|
pdf
|
| 2.6.2009 |
Security Protocols (Basics) |
ppt
|
pdf
|
| 9.6.2009 |
Principles of Security Protocols |
ppt
|
pdf
|
| 16.6.2009 |
Tools for Security Protocols |
ppt
|
pdf
|
Exercises:
Literature:
Books:
- Matt Bishop: Computer Security, Art and Science, 2003,
Addison Wesley
(don't confuse it with "Introduction to Computer Security" by the same
author !)
- Dieter Gollmann: Computer Security, 2nd edition, Wiley and Sons, 2006
-
- Ross Anderson: Security Engineering. Wiley and Sons, 2001
- Charlie Kaufman, Radia Perlman, Mike Speciner: Network Security, Prentice Hall, 2002, second edition(!)
(only for network security)
- Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone: Handbook of Applied Cryptography, CRC Press, 1996
available online
Papers:
