Computer Security -- EDA263

Spring semester, study period 3, 2015/2016

(Course code DIT641 for Göteborg University)

News:

• [2016-09-22] All exams have been corrected and reported from the August re-examination. If you would like to review your exam with us, please send us an email.
• [2015-12-11] The site for 2016 is up but under constructions. Last year's homepage is found here.
• [2015-12-11] A version of the course book is available as an e-book from the library and it will be used as the official course book. There are also printed versions to buy.
• [2015-12-11] The course will participate in the Syssec 10k challenge to increase awareness.

Course Description

Examiner: Assistant Professor Magnus Almgren, phone: 031-772 1702, email: magnus.almgren

The Computer Security course gives a broad overiew of the security area. The approach is largely technical, but the course will also address the important societal implications of security (or rather lack of security). Roughly, security deals with how to protect your system against intentional intrusions and attacks. The purpose of intrusions can be made to change or delete resourses (data, programs, hardware, etc), to get unauthorized access to confidential information or unauthorized use of the system's services. The course covers threats and vulnerabilities as well as rules, methods and mechanisms for protection. During a few lectures, a holistic security approach is taken and organizational, business-related, social, human, legal and ethical aspects are treated.

The Computer security course is the first within our Security specialization.

Recommended text book (e-book at Chalmers library)
Stallings & Brown: Computer Security,
Pearson, second edition

Course Memo

Reading Instructions

Lab Information

Course Material

The following course material is electronically available. Please note that the lecture slides alone do not give a full coverage of the course contents.

All lectures are given in a HA4 (Monday, Friday) and HB4 (Thursday). As per the course memo, we will only have Friday lectures for the first couple of weeks.

The lectures and other material will be uploaded to PingPong.

Lectures and slides

• Lecture 1: Introduction, Threats, Vulnerabilities, Protection
  (Mon 2016-01-18, 13-15)
  Course Introduction, Lab Intro, Vulnerabilities, threats, and protection mechanisms.
  See also "Extra reading" = ER1 below.
  
  
• Lecture 2: (1) UNIX Security, (2) Passwords, (3) Authentication, Authorization and Access Control, (4) Mobile Malware
  (Thu 2016-01-21, 10-12)
  
  
• Lecture 3: (cont'ed) (1) UNIX Security, (2) Passwords, (3) Authentication, Authorization and Access Control, (4) Mobile Malware
  (Fri 2016-01-22, 15-17)
  
  
• Lecture 4: (1) Guest Lecture by Peter Magnusson from Fingerprints (2) Cryptography
  (Mon 2016-01-25, 13-15)
  
  
• Lecture X: Please refer to schedule in TimeEdit and PingPong for futher lectures
  
  

Extra Reading

1. Lecture 1: Here is a description of an attack and the resulting problems for a private individual. Note the difference in assumptions between Amazon and Apple regarding the privacy of the numbers of the credit card.

Course Evaluation

• Information on the process of course evaluation is found on the Course Evaluation page.
• The course representatives for the course 2015/2016 will be the following: (all emails in the chalmers domain, student.chalmers.se)
  Please contact them with any praise / concern that you may have.
• Introductory meeting will take place the first/second study week.
• The mid-period meeting will take place. A summary will be found online.

Examination dates 2015/2016 (preliminary)

Previous examinations

2015-04-18, 2015-03-21, 2014-03-15, 2014-01-18, 2013-08-28, 2013-03-12, 2013-01-17, 2012-08-29, 2012-03-08 + program for q5 2011-08-17, 2011-01-11, 2010-10-19, 2010-08-18, 2010-01-12, 2009-10-20

The following question from the exams above is no longer applicable: 2009-10-20 - 8c