Studiegids

nl en

Security

Vak
2024-2025

Admission requirements

Not applicable.

Description

Livelihoods of modern societies depend on security of their infrastructure. Almost every day we hear news about recent data breaches at organizations and attacks on critical infrastructure. As users, we are constantly worried about security of our computers and privacy of our personal data. It is thus essential to know the fundamental security concepts and understand which protections are afforded to us by our systems. Moreover, for computer scientists it is necessary to be familiar with the key principles of secure design. This is what this course is about.

We will study the core security principles and requirements, and we will investigate the main pitfalls in system and software design (vulnerabilities) and the established techniques to ensure security (defenses). We will approach security at different levels: from basic cryptographic schemes and software vulnerabilities to secure systems and security in organizations.

The course includes practical, hands-on assignments.

Course objectives

After completing this course, the students are able to:

  • explain the three core security principles (i.e., CIA), and differentiate with the additional security principles (e.g., accountability, non-repudiation);

  • apply risk management models (e.g., tabular or graphical methods) and threat modelling (e.g., STRIDE) to realistic use cases;

  • illustrate network vulnerabilities, per layer of the OSI model, and describe how to address these vulnerabilities (e.g., corresponding secure protocols);

  • discuss application security concerns, by listing the steps of concrete well-known attacks (e.g., buffer overflow attacks), as well as deploy countermeasures to combat these attacks;

  • explain web security concerns (e.g., cookies), as well as discuss mitigations to address these concerns;

  • discuss the workings of hashing, symmetric cryptography, and asymmetric cryptography;

  • perform encryption, decryption, signing and signature verification on small numerical examples (e.g., based on the RSA cryptosystem);

  • elaborate on the complexity of the mobile security ecosystem, by identifying the numerous interconnected components (e.g., apps, stakeholders, mobile markets) and their role in security and mobile malware;

  • differentiate among the terms identification, authentication, authorization, and audit, and describe the common Access Control Models and Policies (e.g., MAC, DAC).

Timetable

You will find the timetables for all courses and degree programmes of Leiden University in the tool MyTimetable (login). Any teaching activities that you have sucessfully registered for in MyStudymap will automatically be displayed in MyTimetable. Any timetables that you add manually, will be saved and automatically displayed the next time you sign in.

MyTimetable allows you to integrate your timetable with your calendar apps such as Outlook, Google Calendar, Apple Calendar and other calendar apps on your smartphone. Any timetable changes will be automatically synced with your calendar. If you wish, you can also receive an email notification of the change. You can turn notifications on in ‘Settings’ (after login).

For more information, watch the video or go the the 'help-page' in MyTimetable. Pleas note: Joint Degree students Leiden/Delft have to merge their two different timetables into one. This video explains how to do this.

Mode of instruction

Lectures, practicals, assignments, exam

Total hours of study: 168 hrs. (= 6 EC). Of those (ca.):

  • 26 hrs of lectures

  • 26 hrs of practicals

  • 3 hrs written exam

  • 113 hrs work on assignments and self-study

Assessment method

  • There will be 3 practical assignments and a written exam, each evaluated on scale 0-10

  • The minimum passing grade for the final exam is 5.5

  • The assignments are mandatory, and they contribute with 15% to the final grade each; the average grade of the assignments should be at least 5.5

  • Final grade = 55% exam + 45% average assignments

  • It will be possible to re-take the exam

  • Assignments have deadlines and are re-takeable, however more stringent grading conditions apply

The teacher will inform the students how the inspection of and follow-up discussion of the exams will take place.

Reading list

Literature and reading materials will be announced during the course.
Recommended (but not required) textbook: Paul C. van Oorschot "Computer Security and the Internet. Tools and Jewels from Malware to Bitcoin" Springer 2021 authors book page

Registration

From the academic year 2022-2023 on every student has to register for courses with the new enrollment tool MyStudymap. There are two registration periods per year: registration for the fall semester opens in July and registration for the spring semester opens in December. Please see this page for more information.

Please note that it is compulsory to register for every exam and retake. Not being registered for a course means that you are not allowed to participate in the final exam of the course.

Extensive FAQ on MyStudymap can be found here.

Contact

Education coordinator LIACS bachelors

Remarks

Not applicable.