Security Engineering

Suggested learning time: 150 hours.

 

PRERREQUISITES AND RECOMMENDED PREVIOUS KNOWLEDGE

 

GENERAL DESCRIPTION OF THE COURSE

Security Engineering aims at building systems that remain dependable in the face of malice, error or mischance. This course covers a number of principles, methods, tools and good practices to secure systems all the way through its life cycle (specification, analysis, design, implementation, test and evolution) as well as tradeoffs involved during this process. 

Security management, threat identification, as well as risk analysis and measurement are some of the processes a security engineer must know in order to design and develop secure IT systems needed in modern societies.

OBJECTIVES: KNOWLEDGE AND SKILLS

The main goal of this course is to make students aware of the complexity of ensuring security principles in today's IT systems and architectures. Only by understanding IT security from an engineering point view, as a multidisciplinary subject, we can design and develop secure IT systems. The student will acquire the necessary skills to design and plan global security solutions. Students will also become familiar with different security mechanisms, their life cycle and costs. Finally, students must know the main laws and regulations involved in security decisions.

In order to achieve these goals, students must acquire specific knowledge, capacities and attitudes: Regarding knowledge, at the end of the course the student will be able to:

• Understand security as a complex process covering different areas and disciplines.
• Know the main security standards, norms, and certification procedures.
• Understand the risks associated to open distributed systems.
• Identify physical threats and the corresponding countermeasures.
• Identify the different components of a security plan.
• Understand the life cycle of a security plan and the feedback-based paradigms used.
• Know the legal framework applicable to information security at the national, European and international scales.

With regard to capacities, the students will acquire specific and generic capacities. Regarding specific capacities, the student will be able to:

• Analyze security protocols and manage security risks.
• Assess the suitability of different security mechanisms, depending on risk assessment.
• Create a complete security plan managing all the appropriate security measures.

Regarding generic capacities and skills, the student will be given the opportunity:

• To work on a specific system, in a particular environment, to investigate vulnerabilities and possible threats.
• To study and identify the information needed to solve a particular security problem.
• Apply knowledge from various disciplines (technical, organizational and legal) to solve a particular problem.

Regarding attitudes, the student will be encouraged to:

• Adopt a critical view over traditional, ad-hoc security systems based on the accumulation of security equipments, without ever conducting a formal analysis for the development of a global solution.
• Develop collaborative skills to be able to obtain, from security IT managers, the necessary information about a system to analyze and assess risk, and to communicate the proposed solutions.
• A positive attitude towards team working, to exchange different points of view and opinions.
• A positive attitude towards the laws that affect the implementation of systems and security products.

TEACHING MATERIAL

The teaching material used for this course is grouped into two main blocks. The first one covers lectures and activities carried out in a usual lecturing theater. It is organized into three main parts:

• Part I. Overview
• Part II. Access Control
• Part III. Network Security

 The second part comprises practical activities performed in the lab under the guidance of a demonstrator. 

 PRACTICAL ASSIGMENTS AND ASSESSMENT ACTIVITIES

The course is assessed both through written tests and deliveries/reports handed in by the students.