ETH Zuerich - Homepage
Information Security

Security Engineering (251-0463-00L)

Master in Information Security

For more information about the Information Security Master Track visit:

Specialized Course, AS 07

Lecturers: Prof. David Basin and Dr. Alexander Pretschner

Exercises: Dr. Cas Cremers

Class: 2V2U

The exams will take place on January 18th. You should have gotten information on place and time - otherwise, contact us!.

Exams: TBA

Credits: 6 (Diplomstudiengang, Master)

Requirements: Class on Information Security

Language: English

Security engineering is an evolving discipline that unifies two important areas: software engineering and security. Software Engineering addresses the development and application of methods for systematically developing, operating, and maintaining, complex, high-quality software.
Security, on the other hand, is concerned with assuring and verifying properties of a system that relate to confidentiality, integrity, and availability of data.

The goal of this class is to survey engineering techniques for developing secure systems. We will examine concepts, methods, and tools that can be applied within the different activities of the software development process, in order to improve the security of the resulting systems.

Modules taught:

  1. Introduction
    - Introduction of Infsec group and speakers
    - Security meets SW engineering: an introduction
    - The activities of SW engineering, and where security fits in
    - Overview of this class
  2. Requirements Engineering: Security Requirements and some Analysis
    - overview: functional and non-functional requirements
    - use cases, misuse cases, sequence diagrams
    - safety and security
    - FMEA, FTA, attack trees
  3. Modeling in the design activities
    - structure, behavior, and data flow
    - class diagrams, statecharts
  4. Model-driven security for access control (design)
    - SecureUML as a language for access control
    - Combining Design Modeling Languages with SecureUML
    - Semantics, i.e., what does it all mean,
    - Generation
    - Examples and experience
  5. Model-driven security (Part II)
    - Continuation of above topics
  6. Security patterns (design and implementation)
  7. Implementation-level security
    - Buffer overflows
    - Input checking
    - Injection attacks
  8. Testing
    - overview
    - model-based testing
    - testing security properties
  9. Risk analysis and management 1 (project management)
    - "risk": assets, threats, vulnerabilities, risk
    - risk assessment: quantitative and qualitative
    - safeguards
    - generic risk analysis procedure
    - The OCTAVE approach
  10. Risk analysis: IT baseline protection
    - Overview
    - Example
  11. Evaluation criteria
    - CMMI
    - systems security engineering CMM
    - common criteria


Course Material:


Wichtiger Hinweis:
Diese Website wird in älteren Versionen von Netscape ohne graphische Elemente dargestellt. Die Funktionalität der Website ist aber trotzdem gewährleistet. Wenn Sie diese Website regelmässig benutzen, empfehlen wir Ihnen, auf Ihrem Computer einen aktuellen Browser zu installieren. Weitere Informationen finden Sie auf
folgender Seite.

Important Note:
The content in this site is accessible to any browser or Internet device, however, some graphics will display correctly only in the newer versions of Netscape. To get the most out of our site we suggest you upgrade to a newer browser.
More information

© 2011 ETH Zurich | Imprint | Disclaimer | 11 January 2008