Allikas: Kursused
Redaktsioon seisuga 12. detsember 2019, kell 13:56 kasutajalt Vain (arutelu | kaastöö) (→‎Module II: : Assured Software Analytics)
(erin) ←Vanem redaktsioon | Viimane redaktsiooni (erin) | Uuem redaktsioon→ (erin)
Mine navigeerimisribale Mine otsikasti

Course code: ITI8610

Lecturer: prof. Jüri Vain
Contact: juri.vain ätt, ICT-418
Co-lecturer: Leonidas Tsiopoulos
Co-lecturer: Aleksandr Lenin

Time and place

Lectures: Thursdays 16:00, ICT-A2 NEW!
Labs: Thursdays 17.45, ICT-A2

  • Lab supervisors:
    • Aleksandr Lenin (aleksandr.lenin ätt - Module I
    • Jüri Vain (juri.vain ätt, Leonidas Tsiopoulos (letsio ätt - Module II

News 2019

Deadline for submitting lab assignments of Module II -- TBA

Please fill in this Doodle poll and indicate your availability for Module I: Security Assurance lecture and practice slots. Please note that everyone is free to make more than a single choice, you can mark as many slots as you see fit, as well as that every person has 3 options: yes, no, ifneedbe, where yes means this time slot is free for you and you are available at this time, no means you are absolutely unavailable, and ifneedbe means this time slot is unconvenient for you, but if necessary you will be able to make it.

Lecture plan

  1. Lecture 1: Introduction to software assurance

Module I: Assurance processes, risk management & security assurance

  1. Risks - definitions, terminology, risk taxonomies
  2. FAIR Risk Taxonomy
  3. Risk Management
  4. Qualitative Risk Analysis Template
  5. Theory of Probability
  6. Reliability and Availability
  7. Security Modeling. Quantitative Risk Management

Module II: : Assured Software Analytics

  • Module II Lecture 1: Design by Contract
  • Module II Lecture 2: Specification cases
  • Module II Lecture 3: Multi-view contracts of cyber-physical systems
  • Module II Lecture 4: JML contracts for OOP methods
  • Module II Lecture 5: OpenJML and SMT Solvers
  • Module II Lecture 6 (Guest lecture): M. Markvardt (ASA Quality) "Worst Practices in Software Quality a.k.a How to Deal with Risks"
  • Lecture 7 (Guest lecture): Dr. Mohammad Al-Taye (Philadelphia Univ., Jordan) "QA by testing"
  • Lecture 8: Safety analysis techniques (28.11.2019)
  • Module II Lecture 9 (Guest lecture): R. Kadastik (Adacore) "Automotive audio amplifiers" (5.12.2019)
  • Projects review and preparation for final presentation

Practice Assignments

Possible topics for course project (same topic can be chosen by several teams)

  • Smart parking slot /Nutikas parkla
  • Moon habitad IGLUNA safety system / Kuuelamu IGLUNA ohutuse tagamise süsteem
  • Moon habitad IGLUNA security system / Kuuelamu IGLUNA turbesüsteem
  • Railway crossing control / Raudtee ülesõidukoha juhtimine
  • Nutikas autode paigutaja praamidele
  • Automaatne haigla ravimite annustamise ja kohaletoimetamise süsteem
  • Smart home air quality control
  • Automaatse tunnustamisega trahvisüsteem
  • Automaatne videosalvestussüsteem
  • TESLA (auto) juhtimisüsteem
  • Bolt tõukerataste rentimissüsteem
  • Biometric locking systems (ukse- ja relvalukud).

Project Teams

  • Team 1: Allan Paalo, Siim Suviste, Oliver Tooming "TESLA self-driving car"
  • Team 2: Krõõt Grete Mänd, Ilja Samoilov "Smart home air quality control"
  • Team 3: Veronika Zamakhova, Sergei Zarembo, Dmitri Golovatš "Bolt tõukerataste rentimissüsteem"
  • Team 4: Magnus Teekivi, Ly Tempel, Mirjam Pajumägi "Railway crossing control / Raudtee ülesõidukoha juhtimine"
  • Team 5: Kristjan-Martin Kirjanen, Kaarel Värk, Andreas Nagel " Biometric locking systems"
  • Team 6: Rasmus Tomsen, Henry Härm "Smart video recording system / Automaatne videosalvestuse süsteem"
  • Team 7: Johanna Kammiste, Igor Podgainõi "Smart parking slot / Nutikas parkla I"
  • Team 8: Kristjan Vool, Regina Helena Lõpp-Elmeste "Smart parking slot / Nutikas parkla II"

Module I: Security Assurance

Assignment 1: Perform a qualitative Risk Analysis of your case study using FAIR (Factor Analysis of Information Security Risk) framework and submit a report in pdf format.
Assignment 2: Model one threat in the form of an ADT (Attack-Defense Tree) using the ADTool software , export your model in XML format (File->export) and submit the generated XML file.

Module II

NB! To report completed lab assignments go to web page

and register as user with uniID of TUT


Each of the two modules is graded independently on the scale 0-100 points. A student must receive a positive grade in every module. Therefore, a student may obtain max 200 points for the entire course. 51%, or 101 points is the absolute minimum required to pass the course. The standard TalTech grading rules are applied to calculate the student's final grade.

Resources -- õppekeskkonas olevad materjalid
Gary McGraw "Software Security. Building Security In"