Professional Documents
Culture Documents
INSO Industrial Software Institute of Computer Aided Automation | Faculty of Informatics | Vienna University of Technology
ESSE
INSO Industrial Software Institute of Computer Aided Automation | Faculty of Informatics | Vienna University of Technology
Institute of Computer Aided Automation Research Group for Industrial Software (INSO) Working Group Establishing Security (ESSE) Lectures
Introduction to Security (WS, Bachelor) Security for Systems Engineering (CTF-Contest) (SS, Bachelor) Advanced Security for Systems Engineering (WS, Master) IT Security in Large IT Infrastructures (CTF-Contest) (SS, Master) Seminar on Security Projects Bachelor Thesis, Master Thesis, PhD Thesis AdvSecSysEng WS13 | Preliminary Discussion
3 / 19
Threat and Risk Assessment Methods to Dene Security Measures Consistent Traceability of Security Measures in the Lifecycle of IT Systems BSI IT-Grundschutz Methodology, Common Criteria/Protection Proles,. . . Condentiality, Anonymization, Pseudonymization Identication, Authentication, Authorization
4 / 19
5 / 19
Contact
6 / 19
INSO Industrial Software Institute of Computer Aided Automation | Faculty of Informatics | Vienna University of Technology
The class covers advanced aspects of multiple topics of IT security based on a broad overall view of IT security using theoretical lectures , guest lectures giving insights in real life of IT security and exciting exercises . When having nished this course the students shall have the skills to timely recognize advanced aspects of IT security and introduce appropriate security measures in order to achieve a sucient level of IT security during the operation of the respective systems. We expect of you interest in IT security , commitment , also in regard to the exercises, and the endeavor for good results .
8 / 19
Lecture
10 lectures and guest lectures 1 test, registration via TISS needed Grading: 60% exercises, 40% test, starting with the rst submission of a lab a certicate will be issued The test as well as the exercises have to be positive (i.e., more than 40 resp. 60 points) Course material: slides, notes, literature references (library) Registration via TISS until 14.10.2013
9 / 19
Exercises
3 exercises (1 individual, 2 in teams) Exercises are mandatory, lab0 is nal registration More than 5 points for lab0 compulsory! Team registration, submission of exercises etc. in tuwel Arrangement of teams is mandatory (otherwise, 0 points for lab1/lab2) If there are problems in teams, please write ASAP an e-mail to lva.security@inso.tuwien.ac.at
10 / 19
Registration for teams in tuwel You have to registrate yourself for a team Tuwel forum may be helpful for nding a team Before joining a team with members you dont know, please ask :) If you dont know anyone and cant nd a team please write us an e-mail to lva.security@inso.tuwien.ac.at and we will assign you to a team. If you neither write us an e-mail nor join a team for yourself you will not be registered for the course.
11 / 19
You will learn precise attacks on IT systems in the course This is only
to better understand IT security secure your own IT systems test your own IT systems in regard to the security level and/or use in other legal ways
Attacking the TU Vienna or conducting attacks based on systems of the TU Vienna may lead to the withdrawal of your eligibility to study Exception: Attacks within our lab in order to achieve the assignments are OK :-)
12 / 19
04.10.2013 Preliminary Discussion 11.10.2013 Web Application Security 18.10.2013 XML Security 25.10.2013 IT Security in the Field: Passport Security 08.11.2013 Secure Architectures 22.11.2013 Advanced Attacks on Applications 1 29.11.2013 Advanced Attacks on Applications 2
13 / 19
06.12.2013 Security of VoIP 13.12.2013 Skimming 20.12.2013 Forensics 10.01.2014 Mobile Applications 17.01.2014 Test 24.01.2014 Inspection of the test in Wiedner Hauptstrae 76/2/2
14 / 19
individual lab, 20 points, 17.10.31.10.2013 05.11.12.11.2013 teamwork, 50 points, 14.11.05.12.2013, exercise interview teamwork, 50 points, 12.12.201316.01.2014, exercise interview
Team registration
15 / 19
Specic questions
16 / 19
Literature 1/2
Ross Anderson. Security Engineering. A Guide to Building Dependable Distributed Systems. Wiley Publishing, Inc., 2. Auflage, 2008. ISBN 978-0-470-06852-6. http://www.cl.cam.ac.uk/~ rja14/book.html Ed Skoudis und Tom Liston. Counter Hack Reloaded. A Step-by-Step Guide to Computer Attacks and Eective Defenses. Pearson Education, Inc., 2. Auflage, 2006. ISBN 0-13-148104-5 Matt Bishop. Introduction to Computer Security. Pearson Education, Inc, 2003. ISBN 0-321-24744-2 Bruce Schneier. Secrets & Lies: Digital Security in a Networked World. Wiley Publishing, Inc., Indianapolis, Indiana, 2004. ISBN 0-471-45380-3
17 / 19
Literature 2/2
Florian Fankhauser, Christian Schanes, und Christian Brem. Sicherheit in der Softwareentwicklung. In Softwaretechnik - Mit Fallbeispielen aus realen Entwicklungsprojekten, Kapitel 13, Seiten 589646. Pearson Studium, M unchen, 1. Auflage, 2009. http://www.inso.tuwien.ac.at/publications/softwaretechnik/
18 / 19
Thank you!
http://security.inso.tuwien.ac.at/advsecsyseng-ws2013/
INSO Industrial Software Institute of Computer Aided Automation | Faculty of Informatics | Vienna University of Technology