Department of Applied Computer Sciences

IT & Mobile Security

My Studies

 

1. Semester

Application Security 1 | Integrated course (iL) | Coursecode: 180419105 Secure Mobile Software Development 3 SWS 4 ECTS
Development of basic apps using the functionality of mobile frameworks. Furthermore advanced knowledge of interaction concepts, navigation patterns, touch and guestures as well as sensors and location based services. All aspects are treated with special focus on security.
Application Security 1 | Seminar (Se) | Coursecode: 180419102 Security Fundamentals 1 SWS 3 ECTS
The lecture gives a basic overview of the topics of the degree programme. Topics: Motivation of hackers, Attack vectors, Information gathering, Software Exploitation, Wireless Security, Security Tools
Application Security 1 | Integrated course (iL) | Coursecode: 180419101 Software Security 3 SWS 3 ECTS
Software problems are a central critical aspect of computer security. Software security deals with active management of security risks. It starts with good software engineering practices and includes security aspects in each phase of software development.
Students should get to know the fundamental principles of the development of secure software systems:
- Secure Software Development Lifecycle
- Reverse Engineering
- Secure Coding
Encapsulation
Data Validation
Representation
Input Validation
Output Encoding
Error Handling & Logging
Security Features
Concurrency
- Static Code Analysis
Cryptography | Integrated course (iL) | Coursecode: 180419103 Cryptography 4 SWS 5 ECTS
The following topics are covered within the lecture:
Number Theory, Review linear algebra, Galois Fields in a Nutshell, Asymetric primitives (RSA, Diffie-Hellman), Formal Cryptosystems, Checksums, Hashes, Symmetric Primitives (DES/AES/etc.), Key Exchange Protocols, Authentication Protocols, Zero-Knowledge Protocols, Attacks & Defences, PKI - Concept
Information Systems | Tutorial (Ue) | Coursecode: 180419107 Cloud Computing 3 SWS 5 ECTS
Definition and characteristics of cloud computing, service and deployment models, hands-on experience with IaaS and PaaS systems
Information Systems | Integrated course (iL) | Coursecode: 180419108 Operating Systems 2 SWS 2 ECTS
Operating system basics, architectures and functional principles; special focus on operating systems in mobile systems and the specific requirements in this field, Introduction to C as a systems programming language and it's application; Virtualization principles
Information Systems | Tutorial (Ue) | Coursecode: 180419106 Platform Specific Mobile Apps 3 SWS 3 ECTS
Platform specific app development for iOS. Knowledge of Prototyping, Storyboards, Application Architecture, iOS Design patterns. Paradigms of Swift programming. Selected frameworks to use sensors, actuators watch or cloud services.
Infrastructure Security 1 | Integrated course (iL) | Coursecode: 180419104 Basic Network Security 4 SWS 5 ECTS
The course covers layer 1-4 of the OSI-model (Open Systems Interconnection Model) as the main topic. The focus is placed on attack vectors against computer networks and their countermeasures and mitigation strategies. In the first part of the course, the basic mechanisms (Addressing, address resolution, routing and packet filtering) of computer networks are repeated to create a common basis.
Topics: Physical Security, Layer-2 Security, VoIP-Security, WiFi Security, 802.1x, Spoofing, Denial of service attacks, trace back mechanisms and countermeasures.
Another part of the course is to work in small groups on a current topic of network security, build a practical szenario in the lab and present the results in form of a group presentation.

2. Semester

Application Security 2 | Tutorial (Ue) | Coursecode: 180419208 Native mobile Apps 2 SWS 3 ECTS
System near apps using the competences acquired in "Mobile Operating Systems" (C-Programming). Mobile Platform Native app development for several mobile operating systems (iOS, WP8, ...) including their special approaches and differences are covered.
Application Security 2 | Integrated course (iL) | Coursecode: 180419202 Secure Software Design 3 SWS 3 ECTS
Security is a very important topic for distributed software systems. In this lecture, different practices for the design of secure web applications are introduced.
- Architectural Risk Analysis
Secure Design Principles
Threat Modeling

- Secure Web Applications
Web Application Architecture & Risk Analysis
HTTP / HTTPS Protocol
Client-Side Controls
Access Control
Authentication
Session Management
Authorization
Data Stores
XSS Prevention
CSRF Prevention
Application Security 2 | Tutorial (Ue) | Coursecode: 180419206 Secure Web Applications 3 SWS 4 ECTS
Development of HTML5 web apps for different platforms (Web, Android, iOS). Selected HTML5 APIs are discussed, for example, to use local storage, sensors, gps for location based services or web sockets for real time web application. Furthermore, social media integration will be covered.
Infrastructure Security 2 | Integrated course (iL) | Coursecode: 180419207 Applied Cryptography 2 SWS 3 ECTS
The following topics are covered within the lecture:
Application in example Internet Protocols (IPSec, SSL, TLS, SSH), Random Number Generators, Cryptographic Libraries & APIs for mobile Platform, Correct usage of cryptographic primitives in mobile solutions, Challenge/Response techniques, One Time Passwords, Elliptic Curves, Anonymity + Unlinkability, selected advanced topics
Infrastructure Security 2 | Seminar (Se) | Coursecode: 180419204 Database Security 2 SWS 2 ECTS
This course covers all important aspects of Database Security (DB-Authentication, Applicaton & Password-Security, DB-Authorization, Granular Access Control, DB2DB Communication, DB-Encryption, DB Auditing). It also provides a thorough introduction to the subject of data quality by studying definitions of data quality, methods of measurement and assurance of data quality (e.g., metrics & constraints) and DB refactoring.
Infrastructure Security 2 | Integrated course (iL) | Coursecode: 180419201 Mobile Network Security 3 SWS 5 ECTS
This course expands the basic knowledge of network security to get an insight into security for mobile devices and mobile infrastructures. The main topics of the course are Wireless LAN, WiMax, Bluetooth, NFC, etc. After an introduction to mobile networks such as GSM, UMTS, LTE follows SSL, SSH and VPN-technologies as the basis for a secure connection within distributed networks.  The topic VPN includes the basics, authentication and the implementation in the OSI layers 2, 3, and 4. In addition, the course discusses core topics such as IPSec, "KeyManagement", opportunistic encryption, performance, availability, DDOS-solution, " network monitoring ", NIDS, algorithms for pattern recognition, "honeypots/ -nets" as well as "Intrusion Prevention and Detection Systems". An outlook on "Next Generation Networks" like Sensornets and "Smart Grids" etc. concludes the course at hand.
Mobile Development | Integrated course (iL) | Coursecode: 180419205 Mobile Cross-Platform Development 2 SWS 5 ECTS
Selected aspects of mobile development like cross-plattform code generation are presented in this lecture.
Offensive Security 1 | Integrated course (iL) | Coursecode: 180419203 Ethical Hacking 3 SWS 5 ECTS
The course covers the topic of Penetration Testing (also known as white hat hacking oder ethical hacking). In the first part typical attack verctors are analyzed and simulated in a laboratory environment. The main focus is placed on the exploitation of programming errors and other typical weaknesses of software products (Buffer overflows, race conditions, logical errors). Students are aware of exploit development methods and exploit mitigation mechanisms of modern operating systems (ASLR, Stack cookies, SafeSEH, DEP,..).
Another focus is to understand typical weaknesses and attack patterns of WEB applications and the mitigation steps to avoid them.
The third part of the course covers the structured analysis of security problems and steps used in a Penetration test. (Analysis, preparation, exploitation, documentation, giving recommendations)

3. Semester

Advanced Security | Seminar (Se) | Coursecode: 180419303 Scientific Research 2 SWS 3 ECTS
This course teaches students about the basic principles of scientific work in the field of applied computer sciences. It is an introduction into the fascinating field of research. The course shows the power of theory and literature, helps formulating intriguing research questions, provides an overview of scientific methods and data analysis, and gives hints on how to derive insightful conclusions out of results. Using this topic area, we will understand what it means to 'do science' and to develop skills such as how to do literature review, how to critically read and review written papers, hold oral presentations and posters.
Advanced Security | Seminar (Se) | Coursecode: 180419307 Secure Big Data 1 SWS 2 ECTS
The course offers an application-oriented study of Big Data data models, architectures and principles. Storage and database systems in the Big Data environment are tested using practice-oriented scenarios. In particular, the security aspects of these technologies, as well as related best practices, are discussed. Special care is taken to provide enough room for discussion of current technological developments in the area of ??Big Data.
Application Security 3 | Integrated course (iL) | Coursecode: 180419301 Secure Service Oriented Architectures 3 SWS 5 ECTS
Enterprise applications consist typically of different services manufactures in different programming languages, which operate on different platforms. Service oriented architectures and microservices are attempts to realize such huge heterogenous distributed systems.

In this lecture, the following security relevant topics of web services are introduced
- Web Service Architecture & Risk Analysis
- Access Control
Authentication
Authorization
- XML Attacks & Schema Validation
- Message Encryption
Published Identifiers
Digital Signatures
Encrypting Representations
Offensive Security 2 | Tutorial (Ue) | Coursecode: 180419306 Advanced System Exploitation 2 SWS 3 ECTS
The course covers advanced attack scenarios of experienced hackers. The attack vectors are analyzed and simulated in a lab environment. The main focus is on the detection, analysis and design of countermeasures.
Topics:
Malware analysis
Code analysis
Reverse engineering
Firmware analysis
Race conditions in software
Bypass methods of exploit mitigation mechanisms like ASLR, SafeSEH, SEHOP, DEP by using advanced exploitation techniques like ROP (return oriented programming), Heap Spraying, partial overwrite of memory areas,..
Bypass anti virus protection
Attacks against cryptographic systems, secure/unsecure algorithms and implementations
Attacks against ICS systems and countermeasures
Offensive Security 2 | Integrated course (iL) | Coursecode: 180419308 Operating System Security 2 SWS 2 ECTS
Basic, inherent security mechanisms of operating systems, especially those common in mobile environments. Security enhancements, specific high security operating systems, security certification of operating systems
Project Work | Seminar (Se) | Coursecode: 180419302 Project Work 8 SWS 10 ECTS
Students are expected to independently carry out a medium sized project of average difficulty. The tasks of this project reflect most of the main objectives of the master program.
System Security | Lecture (Vo) | Coursecode: 180419305 Quantum Cryptography 2 SWS 2 ECTS
An introduction into quantum cryptography, its physical fundamentals and technical implementation as well as a comparison to standard cryptographic methods, revealing the benefits and drawbacks of quantum cryptography and its present state of development.
System Security | Integrated course (iL) | Coursecode: 180419304 Secure Systems 2 SWS 3 ECTS
Introduction on Secure Elements
• Key Parameters
Secure Implementation and building blocks
• Mobile Phone and Device security
• CPUs
• Memory technology
• Secure Cryptographic Implementations
• Random Number Generators
• Physical uncloneable functions

4. Semester

Infrastructure Security 3 | Integrated course (iL) | Coursecode: 180419407 Embedded Security Assessment 2 SWS 2 ECTS
Introduction on Embedded Secure Elements
• Programming Interfaces
• Secure System Integration
* Attack Scenarios and Countermeasures
• Differential Power Analysis and EMA Attacks
• Light Attacks
• Timing Analysis
• Countermeasures in HW and SW
• Setups for Analysis and Attacks
* Common Criteria Certification
• Definition
• Development Process and Security Evaluation
• Lifecycle
Infrastructure Security 3 | Seminar (Se) | Coursecode: 180419406 Secure Server Environments 2 SWS 3 ECTS
Directory services and single-sign-on, monitoring, high availability and scalability, Internet Protocol Security (IPsec)
Master Thesis | Seminar (Se) | Coursecode: 180419403 Examination on Master Thesis 0 SWS 1 ECTS
The final examination on the master thesis.
Master Thesis | Seminar (Se) | Coursecode: 180419401 Master Thesis 0 SWS 14 ECTS
Students work independently on a research topic and write their master thesis. They are expected to make use of scientific research methods and to demonstrate a high level of expertise in the particular field of their thesis.
Master Thesis | Seminar (Se) | Coursecode: 180419404 Scientific Working 2 SWS 2 ECTS
This seminar aims at helping students to develop effective scientific writing skills (clear and effective academic writing; note-taking; paraphrasing; register) becasue not matter how professional a student/ researcher's background may be, often difficulties arise in conveying technical and academic content concisely in English. The objective of the course is to improve the participants' written expression in English: identifiyng and practicing common phrases and terms used in scientific writing, common errors' correction.
Master Thesis | Seminar (Se) | Coursecode: 180419402 Workshop on Master Thesis 3 SWS 3 ECTS
This course is designed to guide students through the process of writing their master thesis.
Security Management | Seminar (Se) | Coursecode: 180419405 Security Management 2 SWS 5 ECTS
The course will cover management systems for secure IT operations. Information Security Management Systems (ISMS) and Business Continuity Management Systems (BCM) are the core topics. Students are given an insight into the conception, introduction, operation and ongoing improvement of the systems. Topics such as risk assessments and risk management as well as compliance requirements and the preparation of companies for an ISO 27001 certification round off the topic.