Technische Universität Ilmenau

Security Engineering - Modultafeln of TU Ilmenau

The module lists provide information on the degree programmes offered by the TU Ilmenau.

Please refer to the respective study and examination rules and regulations for the legally binding curricula (Annex Curriculum).

You can find all details on planned lectures and classes in the electronic university catalogue.

Information and guidance on the maintenance of module descriptions by the module officers are provided at Module maintenance.

Please send information on missing or incorrect module descriptions directly to modulkatalog@tu-ilmenau.de.

module properties module number 200035 - common information
module number200035
departmentDepartment of Computer Science and Automation
ID of group2255 (Distributed Systems and Operating Systems)
module leaderProf. Dr. Kai-Uwe Sattler
languageDeutsch
term Sommersemester
previous knowledge and experience

Betriebssysteme aus dem SG Bachelor Informatik, WP-Modul "Systemsicherheit" aus dem SG Bachelor Informatik

learning outcome 

Students are able to understand and discuss the methodical
steps of model-based security engineering. They can describe well-known,
fundamental formal models as well as revise and refine them for a selected
application scenario. They can apply analysis paradigms to design and implement
algorithms for validating scenario-specific security properties. They can
describe the purpose of security model specification languages, compare
different languages for specific application scenarios and apply them to a
given model. They can discuss security requirements for a complex scenario,
derive a formal security model from them, and implement this model in a
security architecture during the final workshop.

 

Students can discuss open questions and argue
for different solution approaches. They can give constructive criticism while
preparing workshop assignment. They can cooperatively develop ideas and manage
tasks and responsibilities during a complex final workshop. They can present
and defend their results.

content 

This module is an advanced class on systems security. It focuses on methodological engineering of security properties of IT systems based on formal security models. In an early stage of the engineering process formal security models are used for the precise and unambiguous representation of security policies which then are analyzed by static model checking and simulative model execution. Successful models afterwards are transformed via specification languages into executable code which finally is integrated into a system's TCB.

The class is organized in lectures and workshops; while theoretical knowledge is imparted in traditional lectures and exercises, practical skills are trained in a total of five workshops. Course topics are:

  • Requirements Engineering
  • Model Engineering
    • advanced security models  (take-grant model, schematic protection model, typed-access-matrix model, role-based access control (RBAC), attribute-based access control (ABAC)
    • model composition
    • model analysis
  • Specification Engineering
    • specification languages
    • workshop on language design
    • workshop on language implementation and compiler
  • TCB Engineering
    • TCBs
    • security architectures
  • Security Engineering
    • workshop: a complete security engineering project

media of instruction and technical requirements for education and examination in case of online participation
Lecture and discussions using beamer and whiteboard, home assignments, workshops, books and articles

literature / references

TAM Model:

R. Sandhu: The Typed Access Matrix Model
Proceedings of the 1992 IEEE Symposium on Security and Privacy (S&P '92), 1992, 122-136. IEEE Computer Society. ISBN 0-8186-2825-1. ACM Digital Library

Role Mining:

H. Lu, J. Vaidya, V. Atluri: An optimization framework for role mining
Journal of Computer Security (JCS), 2014, 22, 1-31. IOS Press 2014.

H. Lu, Y. Hong, Y. Yang, L. Duan, N. Badar: Towards user-oriented RBAC model
Journal of Computer Security (JCS)201523, 107-129. IOS Press 2015.

B. Mitra, S. Sural, V. Atluri, J. Vaidya: The generalized temporal role mining problem
Journal of Computer Security (JCS)201523, 31-58. IOS Press 2015.

Model Analysis:

Jaeger, T. & Tidswell, J. E.: Practical Safety in Flexible Access Control Models
ACM Transactions on Information Systems Security (TISSEC), 2001, 4, 158-190

SELinux:

Frank Mayer, Karl Macmillan, David Caplan: SELinux by Example. Prentice Hall 2007, 425 Seiten.

evaluation of teaching
Details reference subject
module nameSecurity Engineering
examination number2200678
credit points5
SWS4 (2 V, 2 Ü, 0 P)
on-campus program (h)45
self-study (h)105
obligationobligatory module
examoral examination performance, 20 minutes
details of the certificate
alternative examination performance due to COVID-19 regulations incl. technical requirements
signup details for alternative examinations
maximum number of participants
Details in degree program Master Informatik 2013, Master Informatik 2021, Master Wirtschaftsinformatik 2021
module nameSecurity Engineering
examination number2200678
credit points5
on-campus program (h)45
self-study (h)105
obligationelective module
examoral examination performance, 20 minutes
details of the certificate
alternative examination performance due to COVID-19 regulations incl. technical requirements
signup details for alternative examinations
maximum number of participants
Details in degree program Master Informatik 2013
module nameSecurity Engineering
examination number2200678
credit points5
on-campus program (h)79
self-study (h)71
obligationelective module
examoral examination performance, 20 minutes
details of the certificate
alternative examination performance due to COVID-19 regulations incl. technical requirements
signup details for alternative examinations
maximum number of participants