Credits	4 cr
Teaching period	I - II
Learning outcomes	Students will learn to write a technical report. They know how to find up-to-date information from the technical documentation and scientific publications. They can narrow down a topic, write about it in based on the source material, and present technical information in both written and oral form.
Content	The course addresses varying issues in communications networks security. Every participant must prepare a written presentation and present their work in the seminar.
Prerequisites	T-110.4200
Substitutes for courses
Target audience
Assessment methods	Active participation, preparation of a written presentation, and its presentation during the seminar, and acting as opponent. More detailed requirements.
Evaluation
Study materials
Language of instruction	EN. English
Course staff and contact information	Tuomas Aura, responsible teacher Petri Savolainen, course assistant Course email address.
Office hours
Further information
CEFR-level

The Netsec seminar is an advanced MSc-level course where students write a technical paper in English on a topic related to network security and present the paper in a two-day seminar in December. Each paper is assigned a tutor, many of which are university researchers and IT professionals from the local industry. Thus, the course is a great opportunity for students, TKK alumni and those working in the local industry or government departments to network and engage in security teaching at the university.

The theme for this year’s network security seminar is security policies, their specification and enforcement. This includes both policies written specifically for network usage and security policies of the systems that connect to the Internet or to local communications links, and both policies intended for computers and for human consumption. Security policies are not always explicitly specified but, fundamentally, all security mechanisms aim to implement some kind of policy. When there is a security failure in an IT system, there must be some policy that is being violated. Thus, practically all security and privacy technology can be viewed from the point of view of the policy that it implements. I would therefore request both the students and instructors to think about familiar security mechanisms and processes and ask themselves what policy is implemented, how it is specified, and how it is enforced.

There are two major reasons why it is important for software developers to think about the policies behind security mechanisms. First, when developing or deploying technical security solutions, engineers too often forget to ask the fundamental questions of what is the security policy that drives the work, how the proposed technology implements it and, indeed, can it be implemented. Second, security policies that arise from business decisions and legal obligations increasingly influence everyday engineering decisions. It is important for engineers to understand the distinction between policy and enforcement, and how to the influence each other.

Updated 17 Aug 09 at 16:48