Foundations of Information Security
2012-2013 - IMT4541 - 5sp

Forventet læringsutbytte


  • Candidates are expected to possess in-depth knowledge of modelling techniques for secure computer systems
  • Candidates should have thorough knowledge of models and mechanisms for identification and authentication mechanisms
  • Candidates are capable of applying methods for security analysis to novel domains in a rigorous and systematic way


  • Candidates are expected to be capable of identifying suitable modelling techniques for analysing security requirements
  • Candidates are able to undertake a research study based in part on primary literature, formulating a concise and reasoned review of such literature in the form of a structured article
  • Candidates are able to apply relevant scientific methods in security modelling and analysis

General Competence

  • Candidates are able to understand and analyze the professional, ethical, and privacy-related problems arising from the design and implementation of security models and mechanisms
  • Candidates are familiar with terminology and concepts in security modelling and analysis and selected areas of information security, permitting independent work in the area
  • Candidates are capable of contributing to innovation and innovation processes in information security
  • Candidates are capable of discussing information security problems, particularly related to identification and authentication and security models with a specialist and also general audience.

Emnets temaer

  • Identification and authentication mechanisms
  • Access control models and formalisms
  • Decidability results and limitations of access controls and security models
  • Security models, including the Bell-LaPadula, role-based access control, and Chinese Wall models
  • Information theoretic models of information flow and covert channels
  • Developmental assurance and evaluation criteria (optional)

Pedagogiske metoder


Pedagogiske metoder (fritekst)

  • Lectures
  • Tutorials
  • Term paper

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (ClassFronter).




  • Assessment consists of two parts, pass decision is on cumulative grade of both parts:
      - Part 1 is a written examination (3 hours), accounting for 67% of grade.
       Internal and external examiners.
      - Part 2 is a term paper, accounting for 33% of grade.
       Term paper is evaluated by the lecturer.


Bokstavkarakterer, A (best) - F (ikke bestått)


Evaluated by external and internal examiner.

Utsatt eksamen (tidl. kontinuasjon)

A new term paper must be provided and the examination must be re-sat.

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

Dictionary, simple calculator

Obligatoriske arbeidskrav



The following textbooks are the primary references; further recommended reading is provided in the course syllabus.

  • M. Bishop: Computer Security: Art and Science. Addison-Wesley, 2003.
  • D. Gollmann: Computer Security, 2nd edition Wiley, 2006
  • R. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Chichester, UK (2001)
  • A. K. Jain, P. J. Flynn, and A. A. Ross: Handbook of Biometrics. Springer-Verlag, Berlin, Germany (2007)


IMT4162 Information Security and Security Architecture