The traditional approach to computer security is incident driven, while in the design stages of a computer system, security is often an afterthought. The challenge is to train a new generation of computer professionals who are aware of the implications of security with respect to all aspects of a computer-based system.
On an international scale these observations have led to the development of several Master's programs in computer security. In the Netherlands, there are initiatives to develop so-called Master's program profiles in this field. In order to strengthen and converge these local initiatives, three Dutch universities (Radboud University in Nijmegen, Eindhoven University of Technology, and Twente University) have joined forces to develop a common Master program in Computer Security of outstanding quality. We achieve this by combining the complementary expertise of the three sites. Our approach is incremental, and lightweight. The initial curriculum is partly based on existing courses, extended with some newly developed courses.
Computer security is not just a matter of cryptography or program correctness. This master programme focuses on the problem of making computer systems (hardware and software) secure, i.e. correct as well as invulnerable to attacks. As a result, the master programme will have a computer science perspective.
The master programme will be located at three sites. This will lead to organisational challenges in order to keep the overhead for both teachers and students low. To keep teaching load low, and to attain high teaching efficiency, courses will be given at a single site only. As a consequence, students will have to travel to other locations in order to participate in those courses (some of which are mandatory). But in order to minimise student travel, the teaching schedule is set up in such a way that, on average, students will have to travel to another location only once per week each semester.
The societal aspects cover organisational and legal measures, which support and complement the technical aspects. How does one control the access to assets? Which sanctions exist on breaking the rules, or on downright (computer) criminality? How is privacy protected? Human-machine interaction may also be classified as a societal aspect. What level of identification or authentication is still acceptable and feasible?
In the technical issues one may distinguish security engineering from analysis. Security engineering deals with tools, methods and techniques for the design and implementation of secure (computer) systems. How could one design and build systems such that they are a priori guaranteed not to leak information, and are invulnerable for intruders?
Analysis refers to verification a posteriori. Given an existing system, could it possibly leak, or be attacked successfully? In particular with respect to analysis there exists a whole spectrum of methods, from very formal to very pragmatic.
In every day practise, one often uses extensive checklists against which systems are examined. Other, somewhat more formal analyses try to establish whether a given system will keep upright under a certain type of attack. Really formal methods try to prove that the given system does not possess certain unwanted properties.
The expertise of the three partners covers the three mentioned areas quite well. Eindhoven focuses particularly on design and analysis, Nijmegen on analysis and societal aspects, and Twente on societal aspects and design. Therefore, these areas are the core of the proposed master programme, with an emphasis on software and on a rather theoretical, academic, formal approach.
The following subjects will not be covered in the master programme, or only at an introductory level. We name physical security (of persons, buildings, etc.), other physical aspects (radiographic techniques, tamper-resistant hardware), systems and network management auditing, signals and communication intelligence, and forensic techniques.
"The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents".In the academic security community Kerckhoffs' Principle is widely supported: in the design of a system, security through obscurity is considered bad practise, and present day secure systems (like SSL, AES, and UMTS to name but a few) are designed in all openness.
Hans Meijer also contributed to the initial phases of this project.