Technische Universität Ilmenau

Security Engineering - Interaktive Studienpläne der TU Ilmenau

Die Interaktiven Studienpläne sind ein Informationsangebot zu den Studiengängen der TU Ilmenau.

Die rechtsverbindlichen Studienpläne entnehmen Sie bitte den jeweiligen Studien- und Prüfungsordnungen (Anlage Studienplan).

Alle Angaben zu geplanten Lehrveranstaltungen finden Sie im elektronischen Vorlesungsverzeichnis.

Bitte beachten Sie, dass auf dieser Seite keine Aktualisierungen mehr vorgenommen werden. Alle Module und Studienpläne ab der PO-Version 2021 (Bachelor- und Master-Studiengänge) sind ab sofort im Campus-Portal erreichbar.

Modulinformationen zu Security Engineering im Studiengang Master Ingenieurinformatik 2021
Modulnummer200035
Prüfungsnummer2200678
FakultätFakultät für Informatik und Automatisierung
Fachgebietsnummer 2255 (Verteilte Systeme und Betriebssysteme)
Modulverantwortliche(r)Prof. Dr. Boris Koldehofe
TurnusSommersemester
SpracheEnglisch
Leistungspunkte5
Präsenzstudium (h)45
Selbststudium (h)105
VerpflichtungWahlmodul
Abschlussalternative Prüfungsleistung
Details zum Abschluss

The module is completed with an alternative exam, performed in several parts over the course of the semester. After the end of the lecture period, no further examination is required. The final grade is determined by completing

- home assignments and classroom assignments (25%)

- three specialized workshops with creative, hands-on tasks (50%)

- one final project workshop (25%).

Link zum Moodle-Kurs https://moodle.tu-ilmenau.de/course/view.php?id=2926
Lehrende

Dr. Peter Amthor

Anmeldemodalitäten für alternative PL oder SL
max. Teilnehmerzahl
Vorkenntnisse

Betriebssysteme aus dem SG Bachelor Informatik, WP-Modul "Systemsicherheit" aus dem SG Bachelor Informatik

Lernergebnisse und erworbene Kompetenzen 

Students are able to understand and discuss the methodical
steps of model-based security engineering. They can describe well-known,
fundamental formal models as well as revise and refine them for a selected
application scenario. They can apply analysis paradigms to design and implement
algorithms for validating scenario-specific security properties. They can
describe the purpose of security model specification languages, compare
different languages for specific application scenarios and apply them to a
given model. They can discuss security requirements for a complex scenario,
derive a formal security model from them, and implement this model in a
security architecture during the final workshop.

 

Students can discuss open questions and argue
for different solution approaches. They can give constructive criticism while
preparing workshop assignment. They can cooperatively develop ideas and manage
tasks and responsibilities during a complex final workshop. They can present
and defend their results.

Inhalt

This module is an advanced class on systems security. It focuses on methodological engineering of security properties of IT systems based on formal security models. In an early stage of the engineering process formal security models are used for the precise and unambiguous representation of security policies which then are analyzed by static model checking and simulative model execution. Successful models afterwards are transformed via specification languages into executable code which finally is integrated into a system's TCB.

The class is organized in lectures and workshops; while theoretical knowledge is imparted in traditional lectures and exercises, practical skills are trained in a total of five workshops. Course topics are:

  • Requirements Engineering
  • Model Engineering
    • advanced security models  (take-grant model, schematic protection model, typed-access-matrix model, role-based access control (RBAC), attribute-based access control (ABAC)
    • model composition
    • model analysis
  • Specification Engineering
    • specification languages
    • workshop on language design
    • workshop on language implementation and compiler
  • TCB Engineering
    • TCBs
    • security architectures
  • Security Engineering
    • workshop: a complete security engineering project
Medienformen und technische Anforderungen bei Lehr- und Abschlussleistungen in elektronischer Form

Lecture and discussions using beamer and whiteboard, home assignments, workshops, books and articles

Literatur

TAM Model:

R. Sandhu: The Typed Access Matrix Model
Proceedings of the 1992 IEEE Symposium on Security and Privacy (S&P '92), 1992, 122-136. IEEE Computer Society. ISBN 0-8186-2825-1. ACM Digital Library

Role Mining:

H. Lu, J. Vaidya, V. Atluri: An optimization framework for role mining
Journal of Computer Security (JCS), 2014, 22, 1-31. IOS Press 2014.

H. Lu, Y. Hong, Y. Yang, L. Duan, N. Badar: Towards user-oriented RBAC model
Journal of Computer Security (JCS)201523, 107-129. IOS Press 2015.

B. Mitra, S. Sural, V. Atluri, J. Vaidya: The generalized temporal role mining problem
Journal of Computer Security (JCS)201523, 31-58. IOS Press 2015.

Model Analysis:

Jaeger, T. & Tidswell, J. E.: Practical Safety in Flexible Access Control Models
ACM Transactions on Information Systems Security (TISSEC), 2001, 4, 158-190

SELinux:

Frank Mayer, Karl Macmillan, David Caplan: SELinux by Example. Prentice Hall 2007, 425 Seiten.

Lehrevaluation