Lehrinhalte
a) Internet Security
As the common utilization of the Internet broadens, the threat from malicious programs and users increases. To counteract this development during the design of new applications and technologies, we will try to identify and discuss the different attacks and threats (e.g., worms, viruses, denial of service). Based on that countermeasures (e.g., firewalls, network intrusion detection/prevention systems, scanners) are introduced and the challenges those are facing are explained. In addition to these active security tools, secure protocols (e.g., SSL, Kerberos, TLS, VPN, IPsec, WLAN Security), key management approaches, and the security of different Internet services (e.g., E-Mail, SSH, VoIP, Network Storage) will be analysed.
b) Telecommunication Security
Telecommunications networks are a critical component of the economic and social infrastructures in which we live. Each day, well over three billion people across the globe rely upon these systems as their primary means of connecting to the world around them. Given the significant focus on securing this critical infrastructure in recent years, this course creates a starting place for students and young researchers into the field of secure telecommunications networks. This course not only discusses emerging threats, along with system vulnerabilities, but also presents the open questions raised by network evolution and defence mechanisms. The course will also discuss securing current and next generation telecommunications networks.
c) Software Security:
Broadly speaking, this course tries to address two questions: What are common software security
problems and what are their underlying causes? What are techniques, guidelines, principles, and
tools to prevent or detect them? Common security problems include buffer overflows, integer overflows, SQL injection, XSS, and race conditions. Techniques to prevent or detect problems include threat modelling, check lists and coding standards, static analysis tools, code reviews, typing, static analysis, language-based security (or platform-based security), security middleware, runtime monitoring, information flow analysis, program verification, and proof-carrying code. Both, problems and solutions can be specific to the operating system, the programming language, middleware, type of application, or just down to the individual application. In order not to get lost in the forest of possibilities, we will try to understand the common themes: the root causes that lie at the heart of many problems and the fundamental good principles embodied by some of the solutions.
