| Detailed information |
| Original study plan |
Master's programme Computer Science 2025W |
| Learning Outcomes |
Competences |
| Students know the attack vectors for information systems and how to react on these. They understand architectures of information systems, authentication and authorization techniques and standards. In particular they are familiar with access control models and can choose proper ones for given real world environments. Additionally, they master data anonymization and differential privacy.
|
|
| Skills |
Knowledge |
Students
- understand the architecture of information systems and database management systems (K2)
- understand and analyze the most important access control models for information systems (K2, K3, K4)
- analyze a given real-world situation and choose the proper access control model (K4, K5)
- know XACML and the architecture behind (K2)
- know and understand the attack vectors for Information systems (K2)
- know how to harden an Information system (K2, K3)
- know and understand authentication and authorization techniques, frameworks and standards (K2)
- know and understand techniques for data anonymization and differential privacy (K2)
|
- Architecture of Information Systems and Database Management Systems
- Access Control Models (Access Matrix, Role-based, Attribute-based, Bell-LaPadula, Chinese Wall, and more)
- Break-the-glass technology
- XACML
- Attack vectors for Information Systems and Database Systems
- Hardening Information Systems and Database Systems
- Authentication and Authorization
- Data anonymization
- Differential privacy
|
|
| Criteria for evaluation |
Written exam at the end of the semester (66%), quality of a small investigation project (34%), both parts must be positive.
|
| Methods |
Standard lectures with study materials (slides) provided, plus an investigation and research project in small groups including a presentation of the results.
|
| Language |
English |
| Study material |
PDF-versions of the powerpoint slides used in the lecture will be made available via KUSSS. This is sufficient to prepare for the exam.
Eventually additional readings for the investigation project will be provided during the lecture.
|
| Changing subject? |
No |
| Further information |
This lecture is a combined course. It has a lecture part where the foundations are taught and an exercise part where the students have to investigate and research a particular topic in more depth than it was taught in the lecture part, and then present the results to the whole class.
|
| Corresponding lecture |
equivalent to INMNPKVSINF: KV Sicherheitsmodelle in Informationssystemen (3 ECTS) or
INBVFVOIFS3: VO Informationssysteme 3 (3 ECTS)
|
