Web Trust and Security

From WebScience

Jump to: navigation, search


Fact Box
Module
representatives
Stefan Karsch
Credits 12
Term Term 3, Term 4
Workload 300 h


News

Learning outcomes

The participants achieve good knowledge about the most important aspects allowing and involving “secure” web based communication in a comprehensive view. This covers on the one hand the so called classical topics concerning IT security (e. g. assurance of confidentiality or privacy, of integrity and of availability in respect of certain protection targets) in a way focused on the web. On the other hand specific questions on authenticity and originality of web contents’ and identities have to be answered. Special notice – because of the strongly increasing usage of mobile web access – has to be attracted to mobile environments and their specific implications on security aspects.

In this module the students learn to systematically analyse scenarios in respect of their relevant security aspects in a comprehensive way. The development of concepts for those scenarios is also part of the methodology. This covers the systematic itself as well as its application, in general and in the special web context. Basis is here the IT baseline protection (in German: IT-Grundschutz) and derived methods. Besides methods also practice, utilities and tools will be considered and their successful application will be imparted. Important competences in this regard are the ability to analyse systems in view of security vulnerabilities, the knowledge of reasons for security weaknesses, the critically challenge of conclusions concerning security and training of analytical skills based on concrete use cases.

Another focus is put on procurement of required competences to use resources available in the web appropriately. To achieve this topics concerning aspects of contents and their evaluation (according to correctness, availibitity, authenticity, ...) are dealt with and analysed based on case studies, as well as the identity question (involved systems, instances, humans, resources in general) and the verification of identities. Ways of abusing and possible countermeasures will of course also be considered.

In mobile environments there are special conditions. For example, certain security features of communication channels may be unknown, communication may be intercepted or recorded, terminal equipment may get lost or be stolen. Or the usability of special services may depend on the current context of usage, e. g. the user’s current environment. By working out systematic and methods the students acquire competences to handle such constraints in a qualified manner.

All Courses of this module

required


optional


Currently not offered courses