Security Engineering

Overview

Lecturer: David Basin

Time: Wed 10-12h
Place: ML H 41.1

Tutors: Mohammad Torabi Dashti and Grgur Petric Maretic

Time: Wed 15-17
Place: CAB G 51

Prerequisites: Information Security
Credit: 5 ECTS
Homework: Optional, but strongly recommended
Exam: 15 min oral exam
Language: English

Description

Security engineering is an evolving discipline that unifies two important areas: software engineering and security. Software Engineering addresses the development and application of methods for systematically developing, operating, and maintaining, complex, high-quality software. Security, on the other hand, is concerned with assuring and verifying properties of a system that relate to confidentiality, integrity, and availability of data. The goal of this class is to survey engineering techniques for developing secure software systems. We examine concepts, methods and tools, applied within the different activities of the software development process to improve security of the system.

Topics

System modeling, security requirements, model-based development methods, security designs, implementation-level security, validation and verification techniques, risk analysis, and standards and evaluation criteria for secure systems.

Resources

• Ross Anderson: Security Engineering, Wiley, 2001.
• Matt Bishop: Computer Security, Pearson Education, 2003.
• Ian Sommerville: Software Engineering, 6th ed., Addison-Wesley, 2001.
• John Viega, Gary McGraw: Building Secure Software, Addison-Wesley, 2002.
• Further relevant books and journal/conference articles will be announced in the lecture.