Skip to main content
Till KTH:s startsida

EP2790 Security Analysis of Large-Scale Computer Systems 7.5 credits

Today's large complex systems-of-systems are difficult to overlook and manage, while an attacker only needs to find one vulnerability to get in. This course teaches methods for analyzing threats, risks and defense mechanisms of large systems, which can streamline security work and improve protection.

Information per course offering

Termin

Information for Autumn 2024 Start 28 Oct 2024 programme students

Course location

KTH Campus

Duration
28 Oct 2024 - 13 Jan 2025
Periods
P2 (7.5 hp)
Pace of study

50%

Application code

50486

Form of study

Normal Daytime

Language of instruction

English

Course memo
Course memo is not published
Number of places

Places are not limited

Target group

Open for all master's programmes as long as it can be included in your programme.

Planned modular schedule
[object Object]

Contact

Examiner
No information inserted
Course coordinator
No information inserted
Teachers
No information inserted

Course syllabus as PDF

Please note: all information from the Course syllabus is available on this page in an accessible format.

Course syllabus EP2790 (Autumn 2019–)
Headings with content from the Course syllabus EP2790 (Autumn 2019–) are denoted with an asterisk ( )

Content and learning outcomes

Course contents

Companies today have thousands of software based computer systems that all are depending on one another in a large complex network, a system-of-systems. That IT attacks succeed to a large extent due to this complexity. A company needs to understand the whole system while an attacker only needs find one way in. At the same time, there is a large set of attack types that are utilised and plenty of proposed defence mechanisms. This course main content aims to develop students' understanding of:

  • the complex IT landscape of today by creating models of such.
  • which attacks that are utilised today to cause harm and how these can propagate through a large network.
  • what defences there are and when they are best suited against different attack types.
  • how risk can be calculated and used to prioritise security work.

Intended learning outcomes

After passing the course, the students should be able to:

  • model threats in large-scale computer systems (including software, networks etc),
  • simulate attacks in large-scale computer systems
  • carry out risk analysis based on a model and simulation
  • describe which defence mechanisms computer system can have
  • report and present models, simulation, risk analysis, and defense strategy for a given system

In order to:

  • understand and explain which threats a specific system can have
  • understand and explain how attacks work and propagate through a system architecture
  • argue why certain risks should be prioritised
  • choose the right defence to decrease risk.

Literature and preparations

Specific prerequisites

Completed course in Programming equivalent DD1315 Programming technique and Matlab, DD1316 Programming technique, C, DD1337 Programming and ID1018 programming I or the equivalent.

Recommended prerequisites

No information inserted

Equipment

Own computer.

Literature

Information about the course literature will be announced in the course memo.

Examination and completion

If the course is discontinued, students may request to be examined during the following two academic years.

Grading scale

A, B, C, D, E, FX, F

Examination

  • PRO1 - Project work, 6.0 credits, grading scale: A, B, C, D, E, FX, F
  • SEM1 - Seminars, 1.5 credits, grading scale: P, F

Based on recommendation from KTH’s coordinator for disabilities, the examiner will decide how to adapt an examination for students with documented disability.

The examiner may apply another examination format when re-examining individual students.

Other requirements for final grade

The examiner decides, in consultation with KTH's coordinator for disabilities (Funka), about possible adapted examination for students with documented, permanent disabilities. The examiner may permit other examination format for re-examination of individual students.

Opportunity to complete the requirements via supplementary examination

No information inserted

Opportunity to raise an approved grade via renewed examination

No information inserted

Examiner

Ethical approach

  • All members of a group are responsible for the group's work.
  • In any assessment, every student shall honestly disclose any help received and sources used.
  • In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.

Further information

Course room in Canvas

Registered students find further information about the implementation of the course in the course room in Canvas. A link to the course room can be found under the tab Studies in the Personal menu at the start of the course.

Offered by

Main field of study

Computer Science and Engineering

Education cycle

Second cycle

Add-on studies

No information inserted

Supplementary information

In this course, the EECS code of honor applies, see:
http://www.kth.se/en/eecs/utbildning/hederskodex.

This course overlaps with EP279V.