To give students an introduction to fundamental concepts in computer security and introduce central theories and techniques for the development and analysis of secure IT systems.

• identify all major factors that have to be addressed in a security analysis of a particular system;
• define operational security goals for a given computing system;
• analyse an application scenario and identify common threats, vulnerabilities and risks;
• identify possible countermeasures against threats and vulnerabilities in a given security scenario;
• compare and contrast the underlying security mechanisms needed to implement security countermeasures;
• define operational security policies to achieve specific security goals using specific security mechanisms;
• design a security infrastructure that implements an operational security policy;
• use contemporary tools to analyse and implement (part of) a security infrastructure;
• evaluate (informally) a given set of security policies and mechanisms in a given application context in order to determine whether they are likely to satisfy a given list of security goals;
• document their work with the security process in a clear and concise report.

Security concepts: confidentiality, integrity, authenticity, availability etc. Symmetric and asymmetric cryptography and their uses; key distribution and digital signatures; discretionary and mandatory access control policies for confidentiality and integrity. Communication protocols for authentication, confidentiality and message integrity; network security; system security, intrusion detection and malicious code. Security models and security evaluation. Administration of security. Legal aspects of computer security.