Course Information
Introduction: In-depth knowledge in computer, embedded devices, and network security is needed when designing secure information systems and (computer) applications. Modern systems will operate more autonomously and their security will depend increasingly on the availability of trusted execution environments. Special care is needed in the software development process for these system. Since attacks on systems will occur it is also important to understand how intrusion can be analyzed and should be dealt with in a professional way. The course contents is focussing on the following areas; Computer Forensics; Network Security; Platform Security, DRM, and Secure Software.
Computer Forensics:
principles,
standard practices,
Steganography tools.
Network Security revisited (main area I):
Authentication: Radius and Diameter, Login protocols,
Protocols in use: DTLS, Security in mobile networks UMTS and LTE, IPSec, types of VPNs,
Threats: Network threats, DDOS, Botnets
Platform security (main area II):
Secure execution: Special OSes, SELinux, Virtualisation and security, Java type VMs,
Special security hardware: TCG (TPM), ARM Trustzone, RFID, SMARTCARDS.
Mobile phone security: Android, MeeGo
DRM:
Basic protection problem,
Historical perspective on (failed) solutions
Content protection, SW protection, Licensing systems,
Obfuscation, white-box cryptography
Secure SW (main area III):
Common (security) faults in programs,
Secure SW development process,
Assisting code analysis tools,
Malware: Development, phising, clickfraud
Projects
Project 1: Forensic Analysis of disc and USB drive image
Project 2: Security analysis of WLAN off-loading solutions
Project 3: IPSec lab, setup and traffic logging
Project 4: DDos attack lab
Project 5: Reverse engineering of code
Literature:
Lecture notes in form of powerpoint slides and articles.
See also http://lubaspp.lu.se/lubas/pp/course/Kurs.seam?planOmgangId=6&kursId=3434
Deregistration: It is up to each student him/herself to unregister within three weeks if you decide not to follow the course.