Erinevus lehekülje "ITI8610" redaktsioonide vahel

Allikas: Kursused
Mine navigeerimisribale Mine otsikasti
 
(ei näidata 3 kasutaja 59 vahepealset redaktsiooni)
9. rida: 9. rida:
 
==Time and place==
 
==Time and place==
  
Lectures: Wednesdays 10:00, ICT-315 <br>
+
Lectures: Thursdays 16:00, ICT-A2 '''NEW!'''<br>
Labs: Wednesdays 12.00 <br>
+
Labs: Thursdays 17.45, ICT-A2 <br>
 
* Lab supervisors:
 
* Lab supervisors:
 
** Aleksandr Lenin (aleksandr.lenin ätt ttu.ee) - Module I
 
** Aleksandr Lenin (aleksandr.lenin ätt ttu.ee) - Module I
 
** Jüri Vain (juri.vain ätt ttu.ee),  Leonidas Tsiopoulos (letsio ätt ttu.ee) - Module II
 
** Jüri Vain (juri.vain ätt ttu.ee),  Leonidas Tsiopoulos (letsio ätt ttu.ee) - Module II
  
==News 2018==
+
==News 2019==
 
<br>
 
<br>
 
Deadline for submitting lab assignments of Module II  -- TBA
 
Deadline for submitting lab assignments of Module II  -- TBA
 +
<p>
 +
Please fill in [https://doodle.com/poll/3g7333mkn59wp6fe this] Doodle poll and indicate your availability for Module I: Security Assurance lecture and practice slots. Please note that everyone is free to make more than a single choice, you can mark as many slots as you see fit, as well as that every person has 3 options: yes, no, ifneedbe, where yes means this time slot is free for you and you are available at this time, no means you are absolutely unavailable, and ifneedbe means this time slot is unconvenient for you, but if necessary you will be able to make it.
  
 
==Lecture plan==
 
==Lecture plan==
* [[Media:ITI_8610_lecture_1.pdf|Lecture 1]]: Introduction to software assurance
+
# [[Media:ITI_8610_lecture_1.pdf|Lecture 1]]: Introduction to software assurance
====Module I: Assurance processes, risk management & security assurance==== ====
+
 
Lecture 1: Security Risk Management<br />
+
 
Lecture 2: Security Risk Management (contd.)<br />
+
====Module I: Assurance processes, risk management & security assurance====
Lecture 3: Security Best Practices<br />
+
# [[Media:ITI8610-2019-Risk.pdf|Risks - definitions, terminology, risk taxonomies]]
Lecture 4: Input Validation<br />
+
# [[Media:Risk-Taxonomy-FAIR.pdf|FAIR Risk Taxonomy]]
Lecture 5. Web Application Security. Cross-Site Scripting Attacks<br />
+
# [[Media:ITI8610-Riskmanagement.pdf|Risk Management]]
 +
# [[Media:ITI8610-2019-FAIR_Template.zip|Qualitative Risk Analysis Template]]
 +
# [[Media:ITB8811-2019-Probability.pdf|Theory of Probability]]
 +
# [[Media:ITI8610-2019-Reliability.pdf|Reliability and Availability]]
 +
# [[Media:ITI8610-2019-Security_Modeling.pdf|Security Modeling. Quantitative Risk Management]]
  
 
====Module II: : Assured Software Analytics ====
 
====Module II: : Assured Software Analytics ====
33. rida: 39. rida:
 
* [[Media:e.pdf|Module II Lecture 3]]: Multi-view contracts of cyber-physical systems
 
* [[Media:e.pdf|Module II Lecture 3]]: Multi-view contracts of cyber-physical systems
 
* [[Media:Module III 4th lecture.pdf|Module II Lecture 4]]: JML contracts for OOP methods
 
* [[Media:Module III 4th lecture.pdf|Module II Lecture 4]]: JML contracts for OOP methods
* [[Media:Module III 5th lecture.pdf|Module II Lecture 5]]: A Tutorial on OpenJML
+
* [[Media:OpenJML - Solvers - 15_11_2018.pdf|Module II Lecture 5]]: OpenJML and SMT Solvers
 +
* [[Media:WorstPracticesInSWDevelopment.pdf|Module II Lecture 6]] (Guest lecture): M. Markvardt (ASA Quality) "Worst Practices in Software Quality a.k.a How to Deal with Risks"
 +
* Lecture 7 (Guest lecture): Dr. Mohammad Al-Taye (Philadelphia Univ., Jordan) "QA by testing"
 +
* Lecture 8: Safety analysis techniques (28.11.2019)
 +
* [[Media:Automotive audio amplifiers.pdf|Module II Lecture 9]] (Guest lecture): R. Kadastik (Adacore) "Automotive audio amplifiers" (5.12.2019)
 +
* Projects review and preparation for final presentation
 +
 
 +
==Practice Assignments ==
 +
Possible topics for course project (same topic can be chosen by several teams)
 +
* Smart parking slot /Nutikas parkla
 +
* Moon habitad IGLUNA safety system / Kuuelamu IGLUNA ohutuse tagamise süsteem
 +
* Moon habitad IGLUNA security system / Kuuelamu IGLUNA turbesüsteem
 +
* Railway crossing control / Raudtee ülesõidukoha juhtimine
 +
* Nutikas autode paigutaja praamidele
 +
* Automaatne haigla ravimite annustamise ja kohaletoimetamise süsteem
 +
* Smart home air quality control
 +
* Automaatse tunnustamisega trahvisüsteem
 +
* Automaatne videosalvestussüsteem
 +
* TESLA (auto) juhtimisüsteem
 +
* Bolt tõukerataste rentimissüsteem
 +
* Biometric locking systems (ukse- ja relvalukud).
 +
 
 +
==Project Teams==
 +
* Team 1: Allan Paalo, Siim Suviste, Oliver Tooming "TESLA self-driving car"
 +
* Team 2: Krõõt Grete Mänd, Ilja Samoilov "Smart home air quality control"
 +
* Team 3: Veronika Zamakhova, Sergei Zarembo, Dmitri Golovatš "Bolt tõukerataste rentimissüsteem"
 +
* Team 4: Magnus Teekivi, Ly Tempel, Mirjam Pajumägi "Railway crossing control / Raudtee ülesõidukoha juhtimine"
 +
* Team 5: Kristjan-Martin Kirjanen, Kaarel Värk, Andreas Nagel " Biometric locking systems"
 +
* Team 6: Rasmus Tomsen, Henry Härm "Smart video recording system / Automaatne videosalvestuse süsteem"
 +
* Team 7: Johanna Kammiste,  Igor Podgainõi "Smart parking slot / Nutikas parkla I"
 +
* Team 8: Kristjan Vool, Regina Helena Lõpp-Elmeste "Smart parking slot / Nutikas parkla II"
 +
 
  
==Practice Assignments==
 
 
====Module I: Security Assurance ====
 
====Module I: Security Assurance ====
Assignment 1: Risk Analysis using the FAIR (Factor Analysis of Information Security Risk) framework<br />
+
Assignment 1: Perform a qualitative Risk Analysis of your case study using FAIR (Factor Analysis of Information Security Risk) framework and submit a report in pdf format.<br />
Assignment 2: Vulnerability Identification in Code using Static Analysis Tools<br />
+
Assignment 2: Model one threat in the form of an ADT (Attack-Defense Tree) using the ADTool software http://satoss.uni.lu/members/piotr/adtool/ , export your model in XML format (File->export) and submit the generated XML file.<br />
Assignment 3: Architectural Risk Analysis<br />
 
Assignment 4: Web Application Exploitation
 
  
 
====Module II ====
 
====Module II ====
* [[Media:HomeAssignmnet_of ModuleII.pdf|Lab instruction]]: Lab assignment plan
+
* [[Media:HomeAssignmnet_of Module_II.pdf|Lab instruction]]: Lab assignment plan
 +
* [[Media:OpenJML installation instructions.pdf|OpenJML Installation]]: OpenJML Installation Instructions
 
NB!
 
NB!
 
To report completed lab assignments go to web page https://ained.ttu.ee
 
To report completed lab assignments go to web page https://ained.ttu.ee
  
 
and register as user with uniID of TUT
 
and register as user with uniID of TUT
 +
* Some reporting examples from earlier years
 +
** [[Media:Climate_control.pdf| Smart home climate control]]: Project report
 +
** [[Media:Energy_control.pdf| Smart house energy management]]: Project report
  
 
== Grading ==
 
== Grading ==

Viimane redaktsioon: 12. detsember 2019, kell 13:56

Course code: ITI8610

Lecturer: prof. Jüri Vain
Contact: juri.vain ätt ttu.ee, ICT-418
Co-lecturer: Leonidas Tsiopoulos
Co-lecturer: Aleksandr Lenin


Time and place

Lectures: Thursdays 16:00, ICT-A2 NEW!
Labs: Thursdays 17.45, ICT-A2

  • Lab supervisors:
    • Aleksandr Lenin (aleksandr.lenin ätt ttu.ee) - Module I
    • Jüri Vain (juri.vain ätt ttu.ee), Leonidas Tsiopoulos (letsio ätt ttu.ee) - Module II

News 2019


Deadline for submitting lab assignments of Module II -- TBA

Please fill in this Doodle poll and indicate your availability for Module I: Security Assurance lecture and practice slots. Please note that everyone is free to make more than a single choice, you can mark as many slots as you see fit, as well as that every person has 3 options: yes, no, ifneedbe, where yes means this time slot is free for you and you are available at this time, no means you are absolutely unavailable, and ifneedbe means this time slot is unconvenient for you, but if necessary you will be able to make it.

Lecture plan

  1. Lecture 1: Introduction to software assurance


Module I: Assurance processes, risk management & security assurance

  1. Risks - definitions, terminology, risk taxonomies
  2. FAIR Risk Taxonomy
  3. Risk Management
  4. Qualitative Risk Analysis Template
  5. Theory of Probability
  6. Reliability and Availability
  7. Security Modeling. Quantitative Risk Management

Module II: : Assured Software Analytics

  • Module II Lecture 1: Design by Contract
  • Module II Lecture 2: Specification cases
  • Module II Lecture 3: Multi-view contracts of cyber-physical systems
  • Module II Lecture 4: JML contracts for OOP methods
  • Module II Lecture 5: OpenJML and SMT Solvers
  • Module II Lecture 6 (Guest lecture): M. Markvardt (ASA Quality) "Worst Practices in Software Quality a.k.a How to Deal with Risks"
  • Lecture 7 (Guest lecture): Dr. Mohammad Al-Taye (Philadelphia Univ., Jordan) "QA by testing"
  • Lecture 8: Safety analysis techniques (28.11.2019)
  • Module II Lecture 9 (Guest lecture): R. Kadastik (Adacore) "Automotive audio amplifiers" (5.12.2019)
  • Projects review and preparation for final presentation

Practice Assignments

Possible topics for course project (same topic can be chosen by several teams)

  • Smart parking slot /Nutikas parkla
  • Moon habitad IGLUNA safety system / Kuuelamu IGLUNA ohutuse tagamise süsteem
  • Moon habitad IGLUNA security system / Kuuelamu IGLUNA turbesüsteem
  • Railway crossing control / Raudtee ülesõidukoha juhtimine
  • Nutikas autode paigutaja praamidele
  • Automaatne haigla ravimite annustamise ja kohaletoimetamise süsteem
  • Smart home air quality control
  • Automaatse tunnustamisega trahvisüsteem
  • Automaatne videosalvestussüsteem
  • TESLA (auto) juhtimisüsteem
  • Bolt tõukerataste rentimissüsteem
  • Biometric locking systems (ukse- ja relvalukud).

Project Teams

  • Team 1: Allan Paalo, Siim Suviste, Oliver Tooming "TESLA self-driving car"
  • Team 2: Krõõt Grete Mänd, Ilja Samoilov "Smart home air quality control"
  • Team 3: Veronika Zamakhova, Sergei Zarembo, Dmitri Golovatš "Bolt tõukerataste rentimissüsteem"
  • Team 4: Magnus Teekivi, Ly Tempel, Mirjam Pajumägi "Railway crossing control / Raudtee ülesõidukoha juhtimine"
  • Team 5: Kristjan-Martin Kirjanen, Kaarel Värk, Andreas Nagel " Biometric locking systems"
  • Team 6: Rasmus Tomsen, Henry Härm "Smart video recording system / Automaatne videosalvestuse süsteem"
  • Team 7: Johanna Kammiste, Igor Podgainõi "Smart parking slot / Nutikas parkla I"
  • Team 8: Kristjan Vool, Regina Helena Lõpp-Elmeste "Smart parking slot / Nutikas parkla II"


Module I: Security Assurance

Assignment 1: Perform a qualitative Risk Analysis of your case study using FAIR (Factor Analysis of Information Security Risk) framework and submit a report in pdf format.
Assignment 2: Model one threat in the form of an ADT (Attack-Defense Tree) using the ADTool software http://satoss.uni.lu/members/piotr/adtool/ , export your model in XML format (File->export) and submit the generated XML file.

Module II

NB! To report completed lab assignments go to web page https://ained.ttu.ee

and register as user with uniID of TUT

Grading

Each of the two modules is graded independently on the scale 0-100 points. A student must receive a positive grade in every module. Therefore, a student may obtain max 200 points for the entire course. 51%, or 101 points is the absolute minimum required to pass the course. The standard TalTech grading rules are applied to calculate the student's final grade.

Resources

https://ained.ttu.ee -- õppekeskkonas olevad materjalid
Gary McGraw "Software Security. Building Security In"