Course ObjectiveThis is an introductory course on information security. The emphasis
will be on how to develop applications with security in mind. At the
end of the course, students should be familiar with the following:
1. Importance of security in modern engineering.
2. How common cryptographic primitives work, and why they are essential.
3. How bugs can degrade the security of software.
4. Common memory corruption bugs and their (security) side-effects in
Course ContentThe course is divided into the following modules:
A. Understanding Cryptographic primitives
1. Confidentiality, Integrity and Authentication (CIA) properties
2. Symmetric/asymmetric/stream ciphers
3. Digital certificates/signatures
4. Cryptographic hash Functions
5. OpenSSL engineering
B. Understanding (and avoiding) low-level bugs
1. Process memory layout
2. Buffer overflows
3. Integer overflow/format strings
4. Bug detection and mitigation
5. Secure Development Lifecycle (SDL)
C. Special topics in Security (optional)
Teaching MethodsLectures and practical assignments.
Method of AssessmentWritten Exam (60%). Practical assignments (40%).
There is no resit opportunity for the practical assignments.
Entry RequirementsKnowledge of computer programming, preferably in C. Some knowledge of
assembly is beneficial.
Literature1. Principles of Information Security, By Michael E. Whitman and Herbert
2. Security Engineering: A Guide to Building Dependable Distributed
Systems by Ross J. Anderson (free on-line:
3. Online materials (articles)
Recommended background knowledgeBackground in mathematics (number theory), working knowledge of web,
programming in C and (to a limited extent) assembly, scripting in
|Language of Tuition||English|
|Faculty||Faculty of Science|
|Course Coordinator||dr. D.A. Andriesse|
|Examiner||dr. D.A. Andriesse|
dr. D.A. Andriesse
You need to register for this course yourself
Last-minute registration is available for this course.
This course is also available as: