Admission requirements
Not applicable.
Description
Livelihoods of modern societies depend on security of their infrastructure. Almost every day we hear news about recent data breaches at organizations and attacks on critical infrastructure. As users, we are constantly worried about security of our computers and privacy of our personal data. It is thus essential to know the fundamental security concepts and understand which protections are afforded to us by our systems. Moreover, for computer scientists it is necessary to be familiar with the key principles of secure design. This is what this course is about.
We will study the core security principles and requirements, and we will investigate the main pitfalls in system and software design (vulnerabilities) and the established techniques to ensure security (defenses). We will approach security at different levels: from basic cryptographic schemes and software vulnerabilities to secure systems and security in organizations.
The course includes practical, hands-on assignments.
Course objectives
After completing this course, the students are able to:
- explain the three core security principles (i.e., CIA), and differentiate with the additional security principles (e.g., accountability, non-repudiation); 
- apply risk management models (e.g., tabular or graphical methods) and threat modelling (e.g., STRIDE) to realistic use cases; 
- illustrate network vulnerabilities, per layer of the OSI model, and describe how to address these vulnerabilities (e.g., corresponding secure protocols); 
- discuss application security concerns, by listing the steps of concrete well-known attacks (e.g., buffer overflow attacks), as well as deploy countermeasures to combat these attacks; 
- explain web security concerns (e.g., cookies), as well as discuss mitigations to address these concerns; 
- discuss the workings of hashing, symmetric cryptography, and asymmetric cryptography; 
- perform encryption, decryption, signing and signature verification on small numerical examples (e.g., based on the RSA cryptosystem); 
- elaborate on the complexity of the mobile security ecosystem, by identifying the numerous interconnected components (e.g., apps, stakeholders, mobile markets) and their role in security and mobile malware; 
- differentiate among the terms identification, authentication, authorization, and audit, and describe the common Access Control Models and Policies (e.g., MAC, DAC). 
Timetable
In MyTimetable, you can find all course and programme schedules, allowing you to create your personal timetable. Activities for which you have enrolled via MyStudyMap will automatically appear in your timetable.
Additionally, you can easily link MyTimetable to a calendar app on your phone, and schedule changes will be automatically updated in your calendar. You can also choose to receive email notifications about schedule changes. You can enable notifications in Settings after logging in.
Questions? Watch the video, read the instructions, or contact the ISSC helpdesk.
Note: Joint Degree students from Leiden/Delft need to combine information from both the Leiden and Delft MyTimetables to see a complete schedule. This video explains how to do it.
Mode of instruction
Lectures, practicals, assignments, exam
Total hours of study: 168 hrs. (= 6 EC). Of those (ca.):
- 26 hrs of lectures 
- 26 hrs of practicals 
- 3 hrs written exam 
- 113 hrs work on assignments and self-study 
Assessment method
- There will be 3 practical assignments and a written exam, each evaluated on scale 0-10 
- The minimum passing grade for the final exam is 5.5 
- The assignments are mandatory, and they contribute with 15% to the final grade each; the average grade of the assignments should be at least 5.5 
- Final grade = 55% exam + 45% average assignments 
- It will be possible to re-take the exam 
- Assignments have deadlines and are re-takeable, however more stringent grading conditions apply 
The teacher will inform the students how the inspection of and follow-up discussion of the exams will take place.
Reading list
Literature and reading materials will be announced during the course.
Recommended (but not required) textbook: Paul C. van Oorschot "Computer Security and the Internet. Tools and Jewels from Malware to Bitcoin" Springer 2021 authors book page
Registration
As a student, you are responsible for enrolling on time through MyStudyMap.
In this short video, you can see step-by-step how to enrol for courses in MyStudyMap.
Extensive information about the operation of MyStudyMap can be found here.
There are two enrolment periods per year:
- Enrolment for the fall opens in July 
- Enrolment for the spring opens in December 
See this page for more information about deadlines and enrolling for courses and exams.
Note:
- It is mandatory to enrol for all activities of a course that you are going to follow. 
- Your enrolment is only complete when you submit your course planning in the ‘Ready for enrolment’ tab by clicking ‘Send’. 
- Not being enrolled for an exam/resit means that you are not allowed to participate in the exam/resit. 
Contact
Education coordinator LIACS bachelors
Remarks
Software
Starting from the 2024/2025 academic year, the Faculty of Science will use the software distribution platform Academic Software. Through this platform, you can access the software needed for specific courses in your studies. For some software, your laptop must meet certain system requirements, which will be specified with the software. It is important to install the software before the start of the course. More information about the laptop requirements can be found on the student website.
