Courses in cyber security

Collection of courses in cyber security, University of Gothenburg

The courses below are given both for students at University of Gothenburg, and at Chalmers University of Technology. At Chalmers you take the courses within a programme, while at University of Gothenburg you follow the courses as freestanding (i.e. the classes are mixed).

Computer Security
Computer Security, DIT642
The course Computer security provides basic knowledge in the field – how to protect your system against intrusions and attacks. Intrusions can be made with the intention of changing or destroying resources – data, software, hardware and so on, to gain access to confidential information, or to legitimately exploit the system and its services. The course deals with threats and weaknesses in computer systems and communication networks, as well as the regulations and mechanisms that can be used to protect systems. Security thinking is also taken into a wider context, by disussing organizational, business, social, legal, human, and ethical aspects. See also the short interview with course manager Magnus Almgren below.

Cryptography

Cryptography, DIT352

Cryptography (Greek: kryptos: "hidden", graphein: "writing") deals with communication designed to keep information secret from unauthorized persons. Before the IT era, the field was just about the secrecy of messages, encryption, which meant changing from an intelligible message to an unintelligible one, and vice versa. In recent decades, the field has broadened to include a variety of techniques for message integrity, authentication of both sender and receiver, digital signatures, and secure payments. See also the short written interview and the filmed interview with course manager Elena Pagnin below.

Language-Based Security

Language-Based Security, DIT101

Language-based security is about identifying security problems at application and programming language level, and to design and implement solutions for the problems discovered. The security systems that are standard today are not sufficient to protect against all types of attacks. Most attacks occur at the application level by exploiting bugs and gaps in the application. In this way, the attack can bypass the protection that is installed, by using the attacked application's own rights. Examples of application-level attacks can be so-called Trojan horses, various worms, overload attacks and web application attacks. One way to ensure that programs are secure is to use programming language methods to analyze the program's source code. Filmed interview with course manager Andrei Sabelfeld below.

Network Security

Network Security, DIT071

Network security consists of various policies, processes, and practices introduced to protect, detect, and monitor unauthorized access, misuse, or modification of computer networks and network-related resources. Network security concerns all imaginable computer networks, both public and private, to, for example, carry out transactions and communication between companies, authorities, and individuals.

Almost all computer systems we design today are connected and communicate with other systems. This applies to everything from games, everyday objects, and smart homes – to cars and other critical infrastructure in the society. To have a genuine understanding of possible weaknesses that can be exploited in the systems, and what the different attacks might look like, is fundamental when we create new systems and products. When the weaknesses are analyzed in a thorough way, we can decide what kind of protection we need and how the systems should be designed.

Today it is relatively easy to send fake messages and spoof network packets. Old packets and sessions can be replayed and duplicated, messages can be dropped, and many other things can happen, which means that awareness of problems and possible solutions is central to all design. In the course, we go through different types of protocols, secure as well as insecure, and see what distinguishes them. We also go through how to authenticate users over insecure networks, we look at firewalls, intrusion detection systems and various techniques to test the security of the system. The course is suitable for anyone who wants to know what a connected system requires today and conveys knowledge necessary for those who want to work with data communication, program development or testing of connected and distributed systems. Course manager: Tomas Olovsson (short interview on the way)

Magnus Almgren, responsible for the course "Computer Security":

Image

What will the students learn in your course?

"In the Computer Security course (DIT642), we take on a broad approach. The students will come to know many of the areas of modern cyber security. We discuss historical attacks, how malware have changed over the years, the importance of understanding the dynamics of security with the defenders vs the attackers, demonstrated by a simple example of using passwords to authenticate oneself to a system. The course offers an overview and a good basic set of tools that students can then develop further in the other courses connected to security offered at University of Gothenburg."

Why is a course in cyber security important?

"The world is becoming increasingly digitalised and computers and their services are becoming more important. This goes both for people using the services and for attackers trying to distort our life. I would recommend all students to take a first course in security (DIT642), regardless of whether they want to work with the topic full time or not. It is important to understand the concepts and different types of attacks, to be able to protect oneself."

"Of course, I find cyber security very interesting, and would recommend the complete cyber security module that our department has put together." (the four courses are listed above)

Elena Pagnin, responsible for the course "Cryptography":

What do you find most fascinating about cryptography?

"I love cryptography because it is science and art at the same time. It builds on genius ideas and uses mathematical tools to make our digital society safer.

I am teaching in the Cryptography course, which covers the most relevant aspects of modern cryptography: 

1. symmetric key schemes, including block ciphers such as the advanced encryption standard AES and the message authentication code HMAC.
2. public key schemes, including Diffie-Hellman key exchange, digital signatures, homomorphic encryption, and a mention of the state-of-the-art plausible post quantum secure constructions.
3. cryptographic protocols, that combine the schemes we just mentioned to achieve even more amazing functionalities. We look at the Signal protocol (used for secure messaging in the Signal app and WhatsApp), as well as zero-knowledge proofs and the basis of secure multi-party computation.

The course is intense and aims to give students tools to reason about security, recognise celebrated recent attacks and their implications, and find cryptographic vulnerabilities in flawed constructions."