Security
2025/2026
Content, progress and pedagogy of the module
Disclaimer.
This is an English translation of the module. In case of
discrepancy between the translation and the Danish version, the
Danish version of the module is valid.
Learning objectives
Knowledge
- basic security policies/properties/models, e.g. CIA model, Saltzer and Schroeder, Lampson, etc.
- formal methods for software verification, e.g. fuzzing, model checking, static analysis, type systems, evidence-based etc. access control models, e.g. Multi-Level Security, Biba, Role-Based and/or Attribute-Based Access Control
- processes for developing secure software, e.g. "building security in" (BSI/BSIMM), OWASP SAMM, Secure Software Development Lifecycle (SSDL) or Secure Software Development Framework (SSDF)
- software security, e.g. language-based security, secure information flow, software verification and techniques/tools for securing software basic knowledge of operational attack techniques and methods ("hacking"), e.g. network-based attacks, reverse engineering
- general classes of software vulnerabilities, e.g. buffer overflow, injection attacks and information leaks
- special security conditions for web and/or cloud-based solutions, including e.g. privacy protection
Skills
- could do high-level security analyses, e.g. using the CIA model, of a simple IT system
- could apply one or more relevant security tools for analysis, modeling or (simulated) attack
- able to document and prioritize identified security features/problems in a smaller IT system
Competences
- be able to apply one or more of the above models/theories to identify and analyze relevant security features in a small IT system; as well as based on a security analysis be able to propose and argue for the choice of countermeasures as well as choose/design an appropriate security model for a smaller IT system
- able to keep up to date with the latest developments in particular attack methods and targets as well as associated countermeasures
Type of instruction
The teaching is organized in accordance with the general teaching methods for the education, cf. section 17.
Extent and expected workload
The student is expected to spend 30 hours per ECTS, which for this activity means 150 hours.
Exam
Exams
| Name of exam | Security |
| Type of exam | Written or oral exam |
| ECTS | 5 |
| Permitted aids | Aids (if any) will be posted on the course page In MOODLE |
| Assessment | 7-point grading scale |
| Type of grading | External examination |
| Criteria of assessment | The criteria of assessment are stated in the Examination Policies and Procedures |
Additional information
Contact: Study Board for Computer Science via cs-sn@cs.aau.dk or 9940 8854
Facts about the module
| Danish title | Sikkerhed |
| Module code | DSNSWB632 |
| Module type | Course |
| Duration | 1 semester |
| Semester | Spring
|
| ECTS | 5 |
| Language of instruction | Danish |
| Empty-place Scheme | Yes |
| Location of the lecture | Campus Aalborg |
| Responsible for the module |
Organisation
| Education owner | Bachelor of Science (BSc) in Engineering (Software) |
| Study Board | Study Board of Computer Science |
| Department | Department of Computer Science |
| Faculty | The Technical Faculty of IT and Design |
