course-details-portlet

IMT6007

COINS IT Security Exercise

New from the academic year 2016/2017

Credits 5
Level Doctoral degree level
Course start Autumn 2016
Duration 1 semester
Language of instruction English
Examination arrangement Portfolio assessment

About

About the course

Course content

Vulnerabilities in software

Methods of manual and automated software inspection

Participation in an IT security exercise

Hosting a public IT security exercise

Secure software development

Validation of training approaches; motivation, relevance and impact

Learning outcome

After having completed the course, students are expected to have mastered the following learning outcomes:Knowledge

State of the art in discovery and exploitation of IT system vulnerabilities

Capability and limits of validation of training methods

Skills

Source code inspection under time pressure

Ability to find and exploit vulnerabilities in software and systems

Development of novel attack methods and tools

Assessment, selection and application of automated vulnerability discovery and removal approaches

Ability to determine limits, assess relevance and impact of group security exercises for the improvement of secure software development

General competence

Ability to collaborate and communicate in a team of skilled researchers with diverse backgrounds

Learning methods and activities

Annet

Utfyllende informasjon:

Active participation in an IT security exercise, producing write-ups for found and exploited vulnerabilities.

Individual reflection about relevance of vulnerabilities with respect to actual occurrence in the field, presence in exercises, focus in teaching material.

Development of teaching material to improve software development training.

Obligatoriske arbeidskrav:

Two obligatory exercises must be passed. An obligatory exercise will usually consist of a write-up that is not included in the portfolio.

Compulsory assignments

  • Coursework Requirements

Further on evaluation

Utfyllende om kontinuasjon:

Whole course must be re-taken.

Vurderingsformer:

Portfolio assessment - students select for inclusion in their portfolio:

an assessment categorizing challenges in a CTF competition according to vulnerability taxonomies and relating challenges to security vulnerabilities in the field AND

ONE of the following two options:

a write-up for one of the solved challenges in a CTF competition AND a documentation of training material/processes/tools to improve the learning experience of software architects and developers AND a (short) survey of approaches to validate training approaches in applied IT security

a documentation on a hosted CTF competition by the students AND a reflection report on how that competition could improve developer training and how its impact on learning has been (or should be) validated

Specific conditions

Admission to a programme of study is required:
Computer Science (PHD-CS)
Information Security (PHD-IS)

Required previous knowledge

None

Course materials

Scientific articles and hand-outs provided by lecturers.

Subject areas

  • Informatics

Contact information

Course coordinator

  • Hanno Langweg

Department with academic responsibility

Department of Information Security and Communication Technology

Examination

Examination

Examination arrangement: Portfolio assessment
Grade: Passed/Failed

Ordinary examination - Autumn 2016

Portfolio assessment
Weighting 100/100

All about examinations at NTNU