|
Master in Information Security
For more information about the Information Security Master Track visit: http://www.infsecmaster.ethz.ch
251-0463-00 (2V2U)
Fall Semester 2008
D. Basin, C. Cremers
Subject of the class are engineering techniques for developing secure
systems. We examine concepts, methods and tools, applied within the
different activities of the SW development process to improve security
of the system. Topics: security requirements&risk analysis, system
modeling&model-based development methods, implementation-level
security, and evaluation criteria for secure systems
Information Security (Wolf / Cremers)
Security engineering is an evolving discipline that unifies two
important areas: software engineering and security. Software
Engineering addresses the development and application of methods for
systematically developing, operating, and maintaining, complex,
high-quality software.
Security, on the other hand, is concerned
with assuring and verifying properties of a system that relate to
confidentiality, integrity, and availability of data.
The goal
of this class is to survey engineering techniques for developing secure
systems. We will examine concepts, methods, and tools that can be
applied within the different activities of the software development
process, in order to improve the security of the resulting systems.
Security engineering is an evolving discipline that unifies two
important areas: software engineering and security. Software
Engineering addresses the development and application of methods for
systematically developing, operating, and maintaining, complex,
high-quality software.
Security, on the other hand, is concerned
with assuring and verifying properties of a system that relate to
confidentiality, integrity, and availability of data.
The goal
of this class is to survey engineering techniques for developing secure
systems. We will examine concepts, methods, and tools that can be
applied within the different activities of the software development
process, in order to improve the security of the resulting systems.
Security requirements & risk analysis,
1. Introduction
2. Requirements Engineering: Security Requirements and some Analysis
3. Modeling in the design activities
4. Model-driven security for access control (design)
5. Model-driven security (Part II)
6. Security patterns (design and implementation)
7. Implementation-level security
8. Testing
9. Risk analysis and management 1 (project management)
10. Risk analysis: IT baseline protection
11. Evaluation criteria
12. Guest lecture
6 ECTS credits
Time : Every Wed (starting 17.09.2008), 10h00 - 12h00
Place : IFW B42
Time: Every Fri (starting 26.09.2008), 10h00-12h00
Place: IFW A34
Please login with your nethz-username and password here
The exams will take place on 17 and 18 Dec 08.
17-12-2008 afternoon: room D42
18-12-2008 morning: room C44
18-12-2008 afternoon: room D44
The exam will be closed book, oral, and 15 min/student.
Wichtiger Hinweis:
Diese Website wird in älteren Versionen von Netscape ohne
graphische Elemente dargestellt. Die Funktionalität der
Website ist aber trotzdem gewährleistet. Wenn Sie diese
Website regelmässig benutzen, empfehlen wir Ihnen, auf
Ihrem Computer einen aktuellen Browser zu installieren. Weitere
Informationen finden Sie auf
folgender
Seite.
Important Note:
The content in this site is accessible to any browser or
Internet device, however, some graphics will display correctly
only in the newer versions of Netscape. To get the most out of
our site we suggest you upgrade to a newer browser.
More
information