The following optional courses are offered to students of the master programme by the three locations.

Pattern Analysis with applications in Biometrics: Raymond Veldhuis, Asker Bazen (UT)

Content: - Introduction - biometrics and its applications - overview of biometric recognition methods - The biometric recognition problem - Verification - Identification - Optimal classifiers - Other classifiers - Feature extraction - High- vs. low-level features. - Dimensionality reduction - Estimating the parameters of a classifier - Training - The small sample size problem - Dimensionality reduction - Principal component analysis - Linear Discriminant analysis - Pre-processing and signal conditioning - Object detection - Alignment (registration) - Normalization - "Hot topics" - 3d face recognition - active appearance models - TBD - Applications and their specific requirements Face recognition will be used throughout as an example.
Style: lecture + seminar
Examination: - (MATLAB) exercises - practical assignment - end paper.
Materials: Selected book chapters and articles.

Security of Information Services: M. van Sinderen, A. van Cleeff, S. Houmb (UT)

Content: The migration to information services in a networked business world comes with new problems and challenges in the security domain. As long as information is stored and used within one organization, security policies and mechanisms can be designed and implemented by this organization. These policies and mechanisms aim at preventing people outside the organization to access the information. Because security budgets are finite, policy specification and implementation always involve a risk analysis to determine against which threats an organization has to protect itself. In a networked world, businesses cooperate with other businesses by performing information services for each other, and thereby sharing information. Security policies and mechanisms must now selectively make information available to other organizations, rather than shield the information from other organizations. At the same time, organizations must trust that other organizations have effective internal security policies and mechanisms in place. This places risk and trust management in the center of information security management. Risks may be managed by performing an analysis of the business threats and considering different (configurations of) security measures to deal with these threats. In this way, well-informed decisions can be made regarding the deployment, configuration and operation of information services for cooperation between different businesses. In this course, we study the new security challenges in the security domain and their solutions. Topics: security for web services, trust in service oriented business cooperation, risk management, threat analysis, value networks, security governance.
Style: lecture + seminar
Examination: Written examination: 40%. Presentation + Report: 60%
Materials: - Selected Articles - SOA Security, Ramarao Kanneganti and Prasad Chodavarapu, Manning Publications (2008) ISBN-13: 978-1932394689 (also available as e-book via the publisher)

Secure data management: Ling Feng, Wim Jonker (UT)

Content: Introduce the fundamental knowledge of security in the context of XML data management, including XML encryption, search in encrypted XML data, cryptography, private/public key management, access control, identity management, digital right management, privacy protection; etc. Practice the theories learned during the course in solving a real-world security problem, like building a secure email server with advertisement function, searching in encrypted data, etc. Introduction to cryptography and private/public key management; Introduction to XML and XML encryption; Search in encrypted XML data; Digital right management; Access control for databases; Identity Management; Privacy Protection.
Style: 2hc + practical assignment
Examination: Written examination 70%. One practical group assignment 30%.
Materials: Reader

Cryptography 2: dr.ir. L.A.M. Schoenmakers, dr. B.M.M. de Weger (TU/e)

Content: In this course we extend the exploration of cryptography from basic cryptographic algorithms (covered in Cryptography 1) to cryptographic protocols, and more generally to cryptographic systems. Whereas cryptographic algorithms can be executed locally, by entities on their own, a cryptographic protocol requires two or more entities to interact by exchanging messages to jointly achieve a set of security (and privacy) goals. A typical cryptographic system combines the use of several cryptographic algorithms and protocols to provide security services to the surrounding information systems. The goal of this course is to treat a wide range of cryptographic protocols and to get a basic understanding of the cryptographic systems that are in use today. In some cases, the security goals will be defined formally, and some cryptographic protocols will be accompanied by a security proof showing that the goals are met. Furthermore, practical examples of cryptographic systems will be treated showing how security goals such as message protection, transaction security, or access control can be achieved.
Style: Lecture, 2 hours per week
Examination: Written exam plus assignments
Materials: Lecture notes

Seminar Information Security Technology: dr.ir. L.A.M. Schoenmakers, dr. A. Serebrenik (TU/e)

Content: In the course of the seminar we will discuss a number of information security-related subjects, such as side-channel attacks and security considerations in radio frequency identification applications. The lecturers will provide an introduction to the chosen subjects. Students are responsible for choosing a topic related to the subject proposed, performing a literature study, and reporting on the findings in a proposed form (oral, written, oral and written). Participation in all meetings is obligatory. Participants are expected to contribute actively to the discussion as well as to review presentations by their peers.
Style: Seminar
Examination: Assignments (paper and presentation)
Materials:

Linux Kernel and Hackers Hut: prof.dr. A.E. Brouwer (TU/e)

Content: System security can be approached from two sides - the viewpoint of the attacker and that of the defender. For a defender it is necessary to know what threats to defend against, no use installing a heavily shielded front door when intruders enter through unprotected backdoors and windows. The present course talks about security primarily from the hackers' point of view - it points out categories of weaknesses in various systems, shows how to learn about these weaknesses and how to exploit them. It is a hands-on course - students are expected to write some exploits themselves. Topics are for example Discovery, Active Data, Smashing the Stack, Local and Remote Root Exploits, Stealth, Unicode, Password Cracking, Denial of Service, Cross-site Scripting, DNS spoofing, etc. Most examples are formulated in a Unix context, but the concepts apply everywhere. Illegal activities are strongly discouraged.
Style: Lecture, 2 hours per week
Examination: Assignments
Materials: Lecture notes

Hardware and Operating Systems Security: Erik Poll (RU)

Content: Hardware & OS Security, especially for smaller devices: smart cards, mobile phones, RFID. Trusted Computing. Also: OS security basic (kernel/user model, memory protection, etc.). OS access control. OS-like functionality in middleware, eg. .NET, Java, CORBA, MIDP.
Style:
Examination:
Materials:

Privacy Seminar: J. H. Hoepman (RU)

Content: Privacy has always been a controversial topic. Governments and business want to collect information about their citizens and customers - for their own benefit as well their clients. In surveys, people claim that they value their privacy. In practise, people give away personal information very easily, either because they do not receive a service otherwise, or because they are unable to protect that information reliably. With the calls for ever increasing security - after the events of the last few years - privacy has eroded even further, it seems. In this seminar we will explore the state of the art in privacy enhancing technologies (PET), and discuss theories (technical, legal and societal) of privacy.
Style: seminar
Examination: Presentation in class, writing a student paper, and refereeing a student paper.
Materials: A selection of scientific papers.

Law in Cyberspace: Ronald Leenes (TILT) (RU)

Content: Can I legally play a dvd bought in the US on a European dvd player? Is downloading music from the internet stealing? Is using an open WiFi access point legally permissible? What about liability when illegal activities are conducted by someone else than the owner of the access points? Do I have a right to be anonymous on the Internet? These are but some of the legal questions arising in the network society. In this course, provided by researchers of TILT - the Tilburg Institute of Law, Technology, and Society - an introduction is provided to the role of law with regard to ICT. Focusing on problems arising in everyday life online, the course will provide an overview of these issues from a legal perspective. The course will start with a brief introduction to law, regulation and the defining features of core two legal areas: private law and criminal law. This is followed by 5 lectures on important areas within Cyberlaw: 1) privacy, data protection, and identity management 2) copyright and 'code' as code 3) computer crime I 4) computer crime II 5) electronic signatures and e-commerce. The lecures are scheduled as follows. Note that the first lecture is on Sept 29. - Introduction, Leenes 29 Sept. - Assignment I. - Privacy, data protection, and identity management, Leenes 20 Oct. - Copyright and 'code' as code, Leenes 27 Oct. - Assignment II. - Computer crime I, Koops 10 Nov. - Computer crime II, Koops 17 Nov. - Electronic signatures and e-commerce, Van der Hof 24 Nov.
Style:
Examination:
Materials: