Technische Universität Ilmenau

Security Engineering - Modultafeln der TU Ilmenau

Die Modultafeln sind ein Informationsangebot zu den Studiengängen der TU Ilmenau.

Die rechtsverbindlichen Studienpläne entnehmen Sie bitte den jeweiligen Studien- und Prüfungsordnungen (Anlage Studienplan).

Alle Angaben zu geplanten Lehrveranstaltungen finden Sie im elektronischen Vorlesungsverzeichnis.

Informationen und Handreichungen zur Pflege von Modulbeschreibungen durch die Modulverantwortlichen finden Sie unter Modulpflege.

Hinweise zu fehlenden oder fehlerhaften Modulbeschreibungen senden Sie bitte direkt an modulkatalog@tu-ilmenau.de.

Modulinformationen zu Security Engineering im Studiengang Master Informatik 2013
Modulnummer200035
Prüfungsnummer2200678
FakultätFakultät für Informatik und Automatisierung
Fachgebietsnummer 2255 (Verteilte Systeme und Betriebssysteme)
Modulverantwortliche(r)Prof. Dr. Kai-Uwe Sattler
TurnusSommersemester
SpracheDeutsch
Leistungspunkte5
Präsenzstudium (h)45
Selbststudium (h)105
VerpflichtungWahlmodul
Abschlussmündliche Prüfungsleistung, 20 Minuten
Details zum Abschluss
Anmeldemodalitäten für alternative PL oder SL
max. Teilnehmerzahl
Vorkenntnisse

Betriebssysteme aus dem SG Bachelor Informatik, WP-Modul "Systemsicherheit" aus dem SG Bachelor Informatik

Lernergebnisse und erworbene Kompetenzen 

Students are able to understand and discuss the methodical
steps of model-based security engineering. They can describe well-known,
fundamental formal models as well as revise and refine them for a selected
application scenario. They can apply analysis paradigms to design and implement
algorithms for validating scenario-specific security properties. They can
describe the purpose of security model specification languages, compare
different languages for specific application scenarios and apply them to a
given model. They can discuss security requirements for a complex scenario,
derive a formal security model from them, and implement this model in a
security architecture during the final workshop.

 

Students can discuss open questions and argue
for different solution approaches. They can give constructive criticism while
preparing workshop assignment. They can cooperatively develop ideas and manage
tasks and responsibilities during a complex final workshop. They can present
and defend their results.

Inhalt 

This module is an advanced class on systems security. It focuses on methodological engineering of security properties of IT systems based on formal security models. In an early stage of the engineering process formal security models are used for the precise and unambiguous representation of security policies which then are analyzed by static model checking and simulative model execution. Successful models afterwards are transformed via specification languages into executable code which finally is integrated into a system's TCB.

The class is organized in lectures and workshops; while theoretical knowledge is imparted in traditional lectures and exercises, practical skills are trained in a total of five workshops. Course topics are:

  • Requirements Engineering
  • Model Engineering
    • advanced security models  (take-grant model, schematic protection model, typed-access-matrix model, role-based access control (RBAC), attribute-based access control (ABAC)
    • model composition
    • model analysis
  • Specification Engineering
    • specification languages
    • workshop on language design
    • workshop on language implementation and compiler
  • TCB Engineering
    • TCBs
    • security architectures
  • Security Engineering
    • workshop: a complete security engineering project

Medienformen
Lecture and discussions using beamer and whiteboard, home assignments, workshops, books and articles

Literatur

TAM Model:

R. Sandhu: The Typed Access Matrix Model
Proceedings of the 1992 IEEE Symposium on Security and Privacy (S&P '92), 1992, 122-136. IEEE Computer Society. ISBN 0-8186-2825-1. ACM Digital Library

Role Mining:

H. Lu, J. Vaidya, V. Atluri: An optimization framework for role mining
Journal of Computer Security (JCS), 2014, 22, 1-31. IOS Press 2014.

H. Lu, Y. Hong, Y. Yang, L. Duan, N. Badar: Towards user-oriented RBAC model
Journal of Computer Security (JCS)201523, 107-129. IOS Press 2015.

B. Mitra, S. Sural, V. Atluri, J. Vaidya: The generalized temporal role mining problem
Journal of Computer Security (JCS)201523, 31-58. IOS Press 2015.

Model Analysis:

Jaeger, T. & Tidswell, J. E.: Practical Safety in Flexible Access Control Models
ACM Transactions on Information Systems Security (TISSEC), 2001, 4, 158-190

SELinux:

Frank Mayer, Karl Macmillan, David Caplan: SELinux by Example. Prentice Hall 2007, 425 Seiten.

Lehrevaluation