Tietojenkäsittelytieteen laitos 582215 INTRODUCTION TO COMPUTER SECURITY, 3th period, spring 2011 Last changes Jan 17, 2011
General The course is a bachelor-level course, compulsory for everybody. The importance of computer security has increased all the time. It must be taken into account in administration, software engineering, in the use of computers, and in maintenance. Because of this, it is compulsory and its aim is to give an overview of the area. It is assumed that every student has passed the course Introduction to Data Communication and that everybody knows something about operating systems. We do not use much cryptography in this course, so mathematical techniques are not needed. Only when introducing public key infrastructure we need modulo arithmetics, but it is easy and we go through the basic facts.
Lectures and Exercises
Lectures are in Finnish. Lecturer Timo Karvi. If there are several foreign students taking part in the course, an English exercise group can be arranged. Otherwise, it is possible to send the answers by email. Check the actualities after the course has started. The course exam consists of 54 points and the exercises can bring 6 points more. The exercises generate 6 points, if you have solved 80% of all the exercises. In order to take part in the course exam, you must solve at least 40% of the exercises and this produces 1 point. The course is passed with 30 points (1/5). After the course, there are 4 separate exams, where exercises are not taken into account.
There is no single course book, but the course is based on many sources. I will publish the relevant English sources every week on this page. Reference books 1. Bishop-1: Matt Bishop: Introduction to Computer Security. Addison Wesley 2005. 2. Bishop-2: Matt Bishop: Computer Security. Addison Wesley 2003. 3. Stallings: William Stallings: Cryptography and Network Security, Prentice Hall, 3rd or 4th edition (the same things also in earlier editions, but chapter and section numberings may be different). Schedule 1. Week 1: Pages 1-6, and 31-46 in this material. Plus Bishop-1, chapter 12, Design Principles (pp 199-209) or Bishop-1, chapter 13, Design Principles. 2. Week 2: Pages 16-30 in the previous week's material. Plus Bishop -2, section 4.4 (pp 103-104). Plus Rainbow Table in wikipedia. Plus Bishop-2, sections 22.1-22.6 3. Week 3: Bishop-2, section 29.5 (pages 887-913). 4. Week 4: The Java Security Model from http://java.sun.com/security/javaone97-whitepaper.html (Sandbox, Class LoaderByte-Code Verifier, Security Manager, Type Safety). Plus Gasperoni, Dismukes: Multilanguage Programming on the JVM: The Ada 95 Benefits (the problems with Java). Plus http://developers.sun.com/solaris/articles/secure.html (Secure C Programming). Plus Bishop-2: 26.2.1 (Data Classes), 26.2.2 (User Classes). Plus Bishop-2: 188.8.131.52 (File Deletion), 28.4.1 (Copying and Moving Files) 5. Week 5: Stallings 3.6, 3.7 Block Cipher Design Principles and Modes of Operation. Stallings 11.1 - 11.5 Message Authentication and Hash Functions. Plus Stallings 20.1 Firewall Design Principles. 6. Week 6: Stallings 9.1 (Principles of public-key cryptosystems), 9.2 (RSA: Description of the Algorithm), Stallings 14.2 (X.509 Authentication Service, 14.3 (Public-key Infrastructure). Plus article PKI: It's Not Dead, Just Resting by Peter Gutmann, University of Auckland (http://www.cs.auckland.ac.nz/~pgut001/pubs/notdead.pdf). Actual
This semester, we have followed a different order of the course topics. Especially, the topics of Week 5 have been lectured during the 6th week. Otherwise, the above list is correct. Notice, however, that firewalls have been lectured following the fifth edition of Stalling's book. Exercises Exercise 1. Material for the exercise 1.1-2: advo1 , advo2 , advo3 , advo4 , advo5 . Exercise 2. Exercise 3. Exercise 4. Exercise 5.