Course content

• Access control and information flow (formal models and systems)
• System security analysis (attack-defense trees and covert channels)
• Secure software development (security assurance and evaluation)
• Vulnerabilities and attack patterns (analysis and detection)
• Operating systems security (hardware protection, privileges, I/O protection, virtualization)

Learning outcome

Candidates who have successfully completed this course, should have achieved the following total learning outcome

Knowledge

• Candidates are expected to possess in-depth knowledge of formal modelling techniques for secure computer systems
• Candidates have advanced knowledge of common vulnerabilities, attack mechanisms, and methods against computer and information systems
• Candidates have thorough knowledge on the theory and methods underlying access control and information flow policies
• Candidates have thorough knowledge on security techniques and methods applied in operating systems
• Candidates have thorough knowledge about secure software system assurance and evaluation

Skills

• Candidates are capable of applying relevant methods for security modelling and analysis of software applications and information systems.
• Candidates are capable of analysing, evaluating and enhancing the security of information systems independently by identifying potential threats and propose possible countermeasures

General Competence

• Candidates can analyse relevant professional and research ethical problems related to securing information system and software.
• Candidates are capable of applying their knowledge and skills in new fields, in order to carry out advanced tasks and projects.
• Candidates can work independently and are familiar with terminology of the field of software and system security.
• Candidates can communicate about academic issues related to system and software security both with specialists and public audience.
• Candidates can contribute to innovation and innovation processes in information security.

Learning methods and activities

• Lectures
• Laboratory activities
• Home reading
• Obligatory assignments
• Sustainability Lab

Additional information:

• The course will be made accessible to both campus (Gjøvik) and remote students. The lectures in the course will be given digitally and are open for both categories of students. All the lectures will also be available through the university's learning management system.

Compulsory requirements:

• Students are expected to hand in all obligatory assignments given during the semester.

Compulsory assignments

• Coursework Requirements

Specific conditions

Recommended previous knowledge

Candidates should have read IMT4113 Introduction to Cyber and Information Security Technology.

Required previous knowledge

None

Course materials

Bishop, M. (2018). Computer Security: Art and Science. Addison-Wesley Professional