Stammvorlesung: Sicherheit

Sommersemester 2007

Dieter Hutter und Werner Stephan

This WWW page gives you a short overview on our course on security and saftey. Also it provides actual information about the course and additional material.

NEWS:

We are sorry but due to important business obligations there will be no course on Wednesday July 11. Next course will take place on Friday, July 13
Link to the forum of this lecture

Content:

This course on security introduces into the basic concepts, the technologies and methodologies and the applications of IT-security. We start with an introduction into the general aspects of a multiliteral security like for instance secrecy, integrity, or availability. Futhermore, we analyse various security techniques like cryptographical approaches, security protocols, and security policies and introduce in approaches of network security (e.g. intrusion detection systems, mixes, firewalls). Another part of the course will be devoted to the area of security engineering. We address the several phases of security engineering, illustrate techniques for risk/threat analysis and security measures and outline official criteria for IT-security (ITSEC, CC). Finally we present applications of the presented techniques in the areas of, for instance, electronic commerce, mobile phones or public key infrastructure.

Outline:

Basics of Security
- Introduction
- Multilateral Security
- Privacy, Integrity, Accessability ...
Security Techniques
- Cryptographical Approaches
- Security Protocols
- Security Policies
- Network Security (Firewalls, IDS, Mixes..)
Security Engineering
- Threat Analysis
- Formalization of Security Aspects
- IT-Criteria
Applications

Dates:

Lecture: Wednesday, 9 - 11am and Friday, 9 - 11am, HS 002, building E 13
Exercise groups:

Group G1 (tutor: Christopher Krauss ), mondays 2 - 4pm, Hörsaal III, building E2.5 . Solutions to the exercises can be in German or English and the exercise course will be held in German.

Group G2 (tutor: Steffen Metzger ), mondays 4 - 6pm, Hörsaal III, building E2.5 . Solutions to the exercises can be in German or English and the language of the exercise course (German or English) will be decided depending on whether some participants do not understand German.

Group G3 (tutor: Roxana Ragneala ), tuesdays 4 - 6pm, Zeichensaal (H07), building E2.5 . Solutions to the exercises must be in English and the exercise course will be held in English.

Lassaad Cheikhrouhou

three

Registration:

Registration to this course will be possible during all the security lectures in May (room HS 002 in building E 13).

Examination

Examination will take place on Wednesday , July 25, 2007 10am -1pm, Hörsaal I and Hörsaal II, building E2 5 !!!
you are admitted to the examination only if you have collected about 50 percent of the maximally available amount of points of all assignments. A list of admitted persons will be available here at the end of exercises
no additional material (like lecture notes, books, etc.) is allowed during the examination. Sufficient paper will be provided.
mobile phones, laptops, cd-players, walkmans, calculators etc. have to be switched off and stowed away before the start of the examination
student ID is required.
registration to the examination is done via the HISPOS tool

Slides of the course:

The slides will be available as PowerPoint presentations and in PDF-format also. There are public-domain viewers for PowerPoint presentations available (distributed by Microsoft and OpenOffice) at:

Windows: Microsoft® PowerPoint Viewer 97 (about 2.7 MB)
http://office.microsoft.com/downloads/
Macintosh: Microsoft® PowerPoint Viewer 98 (about 6.5 MB)
http://allmacintosh.xs4all.nl/preview/206534.html
Linux: Open Office
http://www.openoffice.org

. You may also want to download the TeX-fonts used in the slides here

18/20.4.2007	Introduction	ppt	pdf
25/27.4.2007	Cryptography (Basics)	ppt	pdf
2/4/9.5.2007	Cryptographic Protocols	ppt	pdf
11/16/23.5.2007	Formal Analysis of Cryptographic Protocols (Strand Spaces)	ppt	pdf
23/25.5.2007	Formal Analysis of Cryptographic Protocols (Inductive Approach)-I	ppt	pdf
25/30.5.2007	Formal Analysis of Cryptographic Protocols (Inductive Approach)-II	ppt	pdf
1/6/8.6.2007	Access Control	ppt	pdf
13/15.6.2007	Information Flow Control	ppt	pdf
13/15.6.2007	Handout (Information Flow Control)	pdf
20/22.6.2007	Possibilistic Information Flow Control	ppt	pdf
27/++.6.2007	Proof Carrying Code	ppt	pdf
27/++.6.2007	Floyd Paper	pdf
4.7.2007	Network Security	ppt	pdf
6.7.2007	Quantum Cryptography	ppt	pdf
18/20.7.2007	Security Engineering	ppt	pdf
18/20.7.2007	Public Key Infrastructures	ppt	pdf

Literature:

(available in the computer science library)

Matt Bishop: Computer Security, Art and Science, 2003, Addison Wesley
(don't confuse it with "Introduction to Computer Security" by the same author !)

Dieter Gollmann: Computer Security, 2nd edition, Wiley and Sons, 2006
Ross Anderson: Security Engineering. Wiley and Sons, 2001
Johannes Buchmann: Einführung in die Kryptographie. Springer-Verlag, 2001 (german)
(also in English (!!!): Introduction to Cryptography, ISBN: 0387950346, Springer-Verlag)
Charlie Kaufman, Radia Perlman, Mike Speciner: Network Security, Prentice Hall, 2002, second edition(!) (only for network security)

Dieter Hutter