Scribd Logo
Upload

Welcome to Scribd!

  • 00

    Uploaded by

    abdel_lak
    47 views19 pages
    sec

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    sec

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    47 views19 pages

    00

    Uploaded by

    abdel_lak
    sec

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    Advanced Security for Systems Engineering WS13 Lecture 00: Preliminary Discussion

    Florian Fankhauser Christian Schanes

    INSO Industrial Software Institute of Computer Aided Automation | Faculty of Informatics | Vienna University of Technology

    ESSE

    INSO Industrial Software Institute of Computer Aided Automation | Faculty of Informatics | Vienna University of Technology

    ESSE - Establishing Security


    Institute of Computer Aided Automation Research Group for Industrial Software (INSO) Working Group Establishing Security (ESSE) Lectures

    Introduction to Security (WS, Bachelor) Security for Systems Engineering (CTF-Contest) (SS, Bachelor) Advanced Security for Systems Engineering (WS, Master) IT Security in Large IT Infrastructures (CTF-Contest) (SS, Master) Seminar on Security Projects Bachelor Thesis, Master Thesis, PhD Thesis AdvSecSysEng WS13 | Preliminary Discussion
    3 / 19

    Research Topics (Excerpt) 1/2

    Security Engineering in IT Projects


    Threat and Risk Assessment Methods to Dene Security Measures Consistent Traceability of Security Measures in the Lifecycle of IT Systems BSI IT-Grundschutz Methodology, Common Criteria/Protection Proles,. . . Condentiality, Anonymization, Pseudonymization Identication, Authentication, Authorization

    AdvSecSysEng WS13 | Preliminary Discussion

    4 / 19

    Research Topics (Excerpt) 2/2

    Security Testing Public Key Infrastructures Security of VoIP Mobile Security

    AdvSecSysEng WS13 | Preliminary Discussion

    5 / 19

    Contact

    Questions regarding Advanced Security for Systems Engineering


    http://security.inso.tuwien.ac.at/ tuwel-Forum lva.security@inso.tuwien.ac.at

    Oce Hour usually MO 16.30-17.30, Exercise Interviews,. . . : Wiedner Hauptstrae 76/2/2

    esse@inso.tuwien.ac.at orian.fankhauser@inso.tuwien.ac.at christian.schanes@inso.tuwien.ac.at AdvSecSysEng WS13 | Preliminary Discussion

    6 / 19

    Advanced Security for Systems Engineering VU WS13

    INSO Industrial Software Institute of Computer Aided Automation | Faculty of Informatics | Vienna University of Technology

    Aim of the Lecture

    The class covers advanced aspects of multiple topics of IT security based on a broad overall view of IT security using theoretical lectures , guest lectures giving insights in real life of IT security and exciting exercises . When having nished this course the students shall have the skills to timely recognize advanced aspects of IT security and introduce appropriate security measures in order to achieve a sucient level of IT security during the operation of the respective systems. We expect of you interest in IT security , commitment , also in regard to the exercises, and the endeavor for good results .

    AdvSecSysEng WS13 | Preliminary Discussion

    8 / 19

    Lecture

    10 lectures and guest lectures 1 test, registration via TISS needed Grading: 60% exercises, 40% test, starting with the rst submission of a lab a certicate will be issued The test as well as the exercises have to be positive (i.e., more than 40 resp. 60 points) Course material: slides, notes, literature references (library) Registration via TISS until 14.10.2013

    AdvSecSysEng WS13 | Preliminary Discussion

    9 / 19

    Exercises

    3 exercises (1 individual, 2 in teams) Exercises are mandatory, lab0 is nal registration More than 5 points for lab0 compulsory! Team registration, submission of exercises etc. in tuwel Arrangement of teams is mandatory (otherwise, 0 points for lab1/lab2) If there are problems in teams, please write ASAP an e-mail to lva.security@inso.tuwien.ac.at

    Operating system used for exercises: Mainly Linux

    AdvSecSysEng WS13 | Preliminary Discussion

    10 / 19

    Registration for Teams

    Registration for teams in tuwel You have to registrate yourself for a team Tuwel forum may be helpful for nding a team Before joining a team with members you dont know, please ask :) If you dont know anyone and cant nd a team please write us an e-mail to lva.security@inso.tuwien.ac.at and we will assign you to a team. If you neither write us an e-mail nor join a team for yourself you will not be registered for the course.

    AdvSecSysEng WS13 | Preliminary Discussion

    11 / 19

    Note on attacks on the IT security of systems

    You will learn precise attacks on IT systems in the course This is only

    to better understand IT security secure your own IT systems test your own IT systems in regard to the security level and/or use in other legal ways

    Attacking the TU Vienna or conducting attacks based on systems of the TU Vienna may lead to the withdrawal of your eligibility to study Exception: Attacks within our lab in order to achieve the assignments are OK :-)

    AdvSecSysEng WS13 | Preliminary Discussion

    12 / 19

    Planned Lectures 1/2

    04.10.2013 Preliminary Discussion 11.10.2013 Web Application Security 18.10.2013 XML Security 25.10.2013 IT Security in the Field: Passport Security 08.11.2013 Secure Architectures 22.11.2013 Advanced Attacks on Applications 1 29.11.2013 Advanced Attacks on Applications 2

    AdvSecSysEng WS13 | Preliminary Discussion

    13 / 19

    Planned Lectures 2/2

    06.12.2013 Security of VoIP 13.12.2013 Skimming 20.12.2013 Forensics 10.01.2014 Mobile Applications 17.01.2014 Test 24.01.2014 Inspection of the test in Wiedner Hauptstrae 76/2/2

    AdvSecSysEng WS13 | Preliminary Discussion

    14 / 19

    Planned Excercise Dates

    Lab0 Lab1 Lab2

    individual lab, 20 points, 17.10.31.10.2013 05.11.12.11.2013 teamwork, 50 points, 14.11.05.12.2013, exercise interview teamwork, 50 points, 12.12.201316.01.2014, exercise interview

    Team registration

    Please note: ESSE exercises traditionally begin at 11:55pm

    AdvSecSysEng WS13 | Preliminary Discussion

    15 / 19

    Support for questions regarding the lecture (VO/UE)

    Questions that are interesting/should be visible for other students as well


    tuwel-Forum Please note: Other forums are not supported by us

    Specic questions

    lva.security@inso.tuwien.ac.at Oce hour

    AdvSecSysEng WS13 | Preliminary Discussion

    16 / 19

    Literature 1/2

    Ross Anderson. Security Engineering. A Guide to Building Dependable Distributed Systems. Wiley Publishing, Inc., 2. Auflage, 2008. ISBN 978-0-470-06852-6. http://www.cl.cam.ac.uk/~ rja14/book.html Ed Skoudis und Tom Liston. Counter Hack Reloaded. A Step-by-Step Guide to Computer Attacks and Eective Defenses. Pearson Education, Inc., 2. Auflage, 2006. ISBN 0-13-148104-5 Matt Bishop. Introduction to Computer Security. Pearson Education, Inc, 2003. ISBN 0-321-24744-2 Bruce Schneier. Secrets & Lies: Digital Security in a Networked World. Wiley Publishing, Inc., Indianapolis, Indiana, 2004. ISBN 0-471-45380-3

    AdvSecSysEng WS13 | Preliminary Discussion

    17 / 19

    Literature 2/2

    Florian Fankhauser, Christian Schanes, und Christian Brem. Sicherheit in der Softwareentwicklung. In Softwaretechnik - Mit Fallbeispielen aus realen Entwicklungsprojekten, Kapitel 13, Seiten 589646. Pearson Studium, M unchen, 1. Auflage, 2009. http://www.inso.tuwien.ac.at/publications/softwaretechnik/

    AdvSecSysEng WS13 | Preliminary Discussion

    18 / 19

    Thank you!
    http://security.inso.tuwien.ac.at/advsecsyseng-ws2013/

    INSO Industrial Software Institute of Computer Aided Automation | Faculty of Informatics | Vienna University of Technology

    You might also like