Erinevus lehekülje "ITI8610" redaktsioonide vahel
24. rida: | 24. rida: | ||
* [[Media:ITI_8610_lecture_1.pdf|Lecture 1]]: Introduction to software assurance | * [[Media:ITI_8610_lecture_1.pdf|Lecture 1]]: Introduction to software assurance | ||
* [[Media:ITI8610-2019-Risk.pdf|Risks - definitions, terminology, risk taxonomies]] | * [[Media:ITI8610-2019-Risk.pdf|Risks - definitions, terminology, risk taxonomies]] | ||
+ | * [[Media:Risk-Taxonomy-FAIR.pdf|FAIR Risk Taxonomy]] | ||
====Module I: Assurance processes, risk management & security assurance==== ==== | ====Module I: Assurance processes, risk management & security assurance==== ==== |
Redaktsioon: 19. september 2019, kell 13:14
Course code: ITI8610
Lecturer: prof. Jüri Vain
Contact: juri.vain ätt ttu.ee, ICT-418
Co-lecturer: Leonidas Tsiopoulos
Co-lecturer: Aleksandr Lenin
Time and place
Lectures: Wednesdays 10:00, ICT-315
Labs: Wednesdays 12.00
- Lab supervisors:
- Aleksandr Lenin (aleksandr.lenin ätt ttu.ee) - Module I
- Jüri Vain (juri.vain ätt ttu.ee), Leonidas Tsiopoulos (letsio ätt ttu.ee) - Module II
News 2019
Deadline for submitting lab assignments of Module II -- TBA
Please fill in this Doodle poll and indicate your availability for Module I: Security Assurance lecture and practice slots. Please note that everyone is free to make more than a single choice, you can mark as many slots as you see fit, as well as that every person has 3 options: yes, no, ifneedbe, where yes means this time slot is free for you and you are available at this time, no means you are absolutely unavailable, and ifneedbe means this time slot is unconvenient for you, but if necessary you will be able to make it.
Lecture plan
- Lecture 1: Introduction to software assurance
- Risks - definitions, terminology, risk taxonomies
- FAIR Risk Taxonomy
Module I: Assurance processes, risk management & security assurance====
Lecture 1: Security Risk Definitions and Taxonomy
Lecture 2: Security Risk Management
Lecture 3: Introduction to the theory of probability
Lecture 4: Reliability and Availability
Lecture 5. Quantitative Risk Analysis
Assignments:
- Prepare a description of the system or product selected by your group (in the form of regular human readable text)
- Record functional and non-functional requirements for your system. You may consult this and this websites if needed.
Module II: : Assured Software Analytics
- Module II Lecture 1: Design by Contract
- Module II Lecture 2: Specification cases
- Module II Lecture 3: Multi-view contracts of cyber-physical systems
- Module II Lecture 4: JML contracts for OOP methods
- Module II Lecture 5: OpenJML and SMT Solvers
Practice Assignments
Possible topics for course project (same topic can be chosen by several teams)
- Smart parking slot /Nutikas parkla
- Moon habitad IGLUNA safety system / Kuuelamu IGLUNA ohutuse tagamise süsteem
- Moon habitad IGLUNA security system / Kuuelamu IGLUNA turbesüsteem
- Railway crossing control / Raudtee ülesõidukoha juhtimine
- Nutikas autode paigutaja praamidele
- Automaatne haigla ravimite annustamise ja kohaletoimetamise süsteem
- Smart home air quality control
- Automaatse tunnustamisega trahvisüsteem
- Automaatne videosalvestussüsteem
- TESLA (auto) juhtimisüsteem
- Bolt tõukerataste rentimissüsteem
- Biometric locking systems (ukse- ja relvalukud).
Project Teams
- Team 1: Allan Paalo, Siim Suviste, Oliver Tooming "TESLA self-driving car"
- Team 2: Krõõt Grete Mänd, Ilja Samoilov "Smart home air quality control"
- Team 3: Veronika Zamakhova, Sergei Zarembo, Dmitri Golovatš "Bolt tõukerataste rentimissüsteem"
- Team 4: Magnus Teekivi, Ly Tempel, Mirjam Pajumägi "Railway crossing control / Raudtee ülesõidukoha juhtimine"
- Team 5: Kristjan-Martin Kirjanen, Kaarel Värk, Andreas Nagel " Biometric locking systems"
- Team 6: Rasmus Tomsen, Henry Härm, Roland Peetsalu "Automaatne videosalvestuse süsteem"
...
- Team 9:
Module I: Security Assurance
Assignment 1: Risk Analysis using the FAIR (Factor Analysis of Information Security Risk) framework
Assignment 2: Vulnerability Identification in Code using Static Analysis Tools
Assignment 3: Architectural Risk Analysis
Assignment 4: Web Application Exploitation
Module II
- Lab instruction: Lab assignment plan
NB! To report completed lab assignments go to web page https://ained.ttu.ee
and register as user with uniID of TUT
- Some reporting examples from earlier years
- Smart home climate control: Project report
- Smart house energy management: Project report
Grading
Each of the two modules is graded independently on the scale 0-100 points. A student must receive a positive grade in every module. Therefore, a student may obtain max 200 points for the entire course. 51%, or 101 points is the absolute minimum required to pass the course. The standard TalTech grading rules are applied to calculate the student's final grade.
Resources
https://ained.ttu.ee -- õppekeskkonas olevad materjalid
Gary McGraw "Software Security. Building Security In"