Institute of Computer Science
  1. Courses
  2. 2023/24 spring
  3. Principles of Secure Software Design (MTAT.03.307)
ET
Log in

Principles of Secure Software Design 2023/24 spring

  • Main
  • Lectures
  • Reading
  • Upload
  • Exam

Disclaimer: The following schedule might be updated as needed.

Legend: L - lecture, E - exercise, V - video, D - demo, GL - guest lecture

Lectures

  • Course introduction: L000

Principles

  • Lecture 1 (15.February):
    • Introduction: L101, E1, E1a
    • Secure System Development: L102
    • ISSRM domain model: L103, E2
  • Lecture 2 (22.February):
    • Protected assets: L201, E21, E22
    • Security risk: L202, E23
    • Risk evaluation: L203, E24
  • Lecture 3 (29.February): System modelling
    • Security requirements: L204, E25
    • System modelling: L301, E301, example
  • Lecture 4 (7.March): Securing organisation business processes
    • Securing organisation business processes: L411, E411, E412
    • Security patterns: L421, E421
  • Lecture 5 (14.March): Securing system functions and behaviour
    • Securing system functions: L511, E511, E512
    • Securing system behaviour: L521, E521
    • Bridging functional and behavioural analysis: L531, E531
  • Lecture 6 (21.March):
    • Role-based access control: L601
    • Exercises: E601, E602, E602a, E603, E604, E604a
    • Model-driven security: L602, L603, V601, V602, V603
  • Lecture 7 (28.March): Workshop
    • Test answers
    • Case description
    • Asset definition pdf, docx
    • Risk analysis pdf, docx
    • Security requirements/controls pdf, docx
    • Risk measurement pdf, docx
    • Whole template pdf, docx
  • Lecture 8 (4. April): Workshop
    • System context and asset modelling
    • Security risk modelling
    • Security requirements and controls
    • Access control policy
    • Whole template - 2 pdf, docx

Use Cases

  • Lecture 9 (11.April): Secure business process-aware systems (lect.: R. Matulevičius)
    • Use case slides
    • Example of implement mockup
  • Lecture 10 (18.April): Secure intelligent infrastructure and systems (lect.: AAO. Affia)
    • Use case slides
    • Exercise slides
  • Lecture 11 (25.April): Secure distributed systems (lect.: M. Iqbal)
    • Use case slides
  • Lecture 12 (2.May): Risk-aware forensic ready systems (lect.: L.Daubner)
    • Use case slides
    • Use case extras: model and docker container
  • Lecture 13 (9.May): Secure identity management (lect.: M. Bakhtina)
    • Use case slides
      • Exercise 1 models
      • Exercise 2 models
      • Exercise 3 models
      • Exercise 4 task
  • Lecture 14 (16.May): Workshop
    • Goal: improve the workshop solution according to given feedback!
  • Presentations of workshop solutions:
    • TAA, TBB, TDD, THH, TKK,
    • TMM, TOO, TRR, TSS, TTT
  • Lecture 15 (23.May): Threshold Cryptography Workshop''' (lect.: A. Dufka and J. Kvapil)
    • Slides
  • Lecture 16 (30.May): Summary
  • Institute of Computer Science
  • Faculty of Science and Technology
  • University of Tartu
In case of technical problems or questions write to:

Contact the course organizers with the organizational and course content questions.
The proprietary copyrights of educational materials belong to the University of Tartu. The use of educational materials is permitted for the purposes and under the conditions provided for in the copyright law for the free use of a work. When using educational materials, the user is obligated to give credit to the author of the educational materials.
The use of educational materials for other purposes is allowed only with the prior written consent of the University of Tartu.
Terms of use for the Courses environment