Course

Information and Software Security (DAT250)

The course will provide an introduction to information security and basic knowledge about software security. Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of a malicious external act. This means that attributes such as confidentiality and integrity are taken care of, not just availability. The course will present common errors and countermeasures, and describe software activities that contribute to better software security.


Dette er emnebeskrivelsen for studieåret 2021-2022. Merk at det kan komme endringer.

See course description and exam/assesment information for this semester (2024-2025)

Semesters

Fakta

Emnekode

DAT250

Vekting (stp)

10

Semester undervisningsstart

Autumn

Undervisningsspråk

English

Antall semestre

1

Vurderingssemester

Autumn

Timeplan

Vis timeplan

Litteratur

Pensumlisten finner du i Leganto

Content

Software security is how to develop software that continues to behave as expected even if it is subjected to attacks in the form of malicious external actions. This means that attributes such as confidentiality and integrity are taken care of, not just availability. Topics covered include:
  • Introduction to information security
  • Authentication
  • Access Control
  • GDPR and privacy
  • Typical attacks
  • OWASP top 10
    • Software vulnerability
  • Dependency checking
  • Threat Modeling
    • STRIDE
  • Software Security Activities - BSIMM
  • Privacy by design (built-in privacy)
  • Smooth software security
  • Protection Poker
  • Static analysis for safety
  • OWASP Testing Guide
  • Risk-based safety testing
  • Penetration Testing
    • Kali Linux
    • Red Team
    • Bug bounties
  • Software cryptography
    • Key Handling
  • Web security

Learning outcome

Knowledge:

  • Knowledge in basic information security concepts
  • Know the most common methods of attacking software
  • Know the most common techniques for threat modeling

Skills:

  • Manage basic access control mechanisms, including role-based access control
  • Use techniques to avoid the most common attacks on software
  • Use static security analysis of software
  • Use basic techniques for security testing of software, including penetration testing

General competence:

  • Be able to develop software that, as far as possible, does not contain security vulnerabilities, by performing certain software development activities.

Forkunnskapskrav

Introductory course for engineers - Computer science and electrical engineering (ING100)
Basic programming skills are required to solve mandatory exercises.

Anbefalte forkunnskaper

Introduction to Programming (DAT110)

Exam

Form of assessment Weight Duration Marks Aid Exam system Withdrawal deadline Exam date
Assignments 60/100 Letter grades
Group submission 40/100 Letter grades Inspera assessment 18.09.2021


Fagperson(er)

Head of Department:

Tom Ryen

Course coordinator:

Martin Gilje Jaatun

Coordinator laboratory exercises:

Ferhat Özgur Catak

Method of work

2 hours lecture per week + 4 hours lecture every other week. 2 hours of lab with teaching assistant every week.

Åpent for

Battery and Energy Engineering - Bachelor in Engineering Civil Engineering - Bachelor in Engineering Computer Science - Bachelor in Engineering Computer Science - Bachelor in Engineering, Part-Time Electrical Engineering, Vocational Path - Bachelor's Degree Programme Electrical Engineering - Bachelor's Degree Programme, part-time Electrical Engineering - Bachelor's Degree Programme Energy and Petroleum Engineering - Bachelor in Engineering Geosciences and Energy Resources - Bachelor in Engineering Environmental Engineering - Bachelor in Engineering Mechanical Engineering - Bachelor in Engineering Medical technology - Bachelor in Engineering Medical Technology - Bachelor in Engineering - part time
Admission to Single Courses at the Faculty of Science and Technology
Industrial Economics - Master of Science Degree Programme, Five Year Industrial Automation and Signal Processing - Master's Degree Programme - 5 year
Exchange programme at Faculty of Science and Technology

Emneevaluering

Form and/or discussion.

Litteratur

Book

Security engineering : a guide to building dependable distributed systems Anderson, Ross J., Indianapolis, Ind., Wiley Publ, XL, 1040 s., cop. 2008, isbn:978-0-470-06852-6, Boken er fritt tilgjengelig på nettet. https://www.cl.cam.ac.uk/~rja14/book.htmlView online

Book

Software security : building security in McGraw, Gary, Upper Saddle River, N.J., Addison-Wesley, XXXVI, 408 s., 2006, isbn:0321356705; 9780321356703,

Website

OWASP Testing Guide v4.0 Meucci, M., Muller, A., Boken er fritt tilgjengelig på nettet. https://www.owasp.org/images/1/19/OTGv4.pdfView online

Other

Forelesningsnotater Martin Gilje Jaatun, Norske sammendrag av utvalgte forelesninger. I utgangspunktet står det ingenting her som ikke er dekket av forelesningene. https://infosec.sintef.no/emne/undervisning/dat250/View online

Website

Building Security In Maturity Model | BSIMM McGraw, G., West, J., Migues, S., Ikke sentralt pensum, men nyttig bakgrunnsinformasjon. https://www.bsimm.com/View online

Presentation

Lysark fra forelesningene Martin Gilje Jaatun, Alle lysark (foiler) fra forelesningene er pensum

Kontakt

Head of Department:

Tom Ryen

Course coordinator:

Martin Gilje Jaatun

Coordinator laboratory exercises:

Ferhat Özgur Catak

Tilbys av

Faculty of Science and Technology

Department of Electrical Engineering and Computer Science

The course description is retrieved from FS (Felles studentsystem). Version 1