MPŠ MP&Scaron MP&Scaron MP&Scaron Avtorji

Jožef Stefan
Postgraduate School

Jamova 39
SI-1000 Ljubljana

Phone: +386 1 477 31 00
Fax: +386 1 477 31 10


Course Description

Information Systems Security


Information and Communication Technologies, second-level study programme


doc. dr. Tomaž Klobučar


Security is one of the most crucial requirements for implementing information services. The goal of this course is to provide from different points of view a broad overview of the technology, services and applications for information systems protection.

The students will gain theoretical and practical knowledge in information security measures, such as cryptographic algorithms, network security protocols, public key infrastructures or access control methods. The most recent security technologies and applications, such as biometrics, secured wireless network or intrusion detection systems will also be presented.

Gained knowledge will enable the students to use and develop security technologies. The students will be able to analyze an information system with respect to security, evaluate security threats, select appropriate protection measures and implement them. When developing their own information applications and solutions the knowledge will enable the students to meet the security requirements imposed by environment, legislation and standards. The students will also be able to continue research and development work in the area of information system security.


presentation of basic concepts, information system, threats, attacks, basic security services and mechanisms

Threats and attacks:
types of threats and attacks (e.g. sniffing, masquerading, session hijacking, denial of service, social engineering), information system vulnerabilities, malware (virus, worm, Trojan horse, back door)

Security policies:
security models, security policy elements, physical, administrative and technical protection methods, risk management, security economics (cost optimal selection of security measures), ISO/IEC 27000

Basic cryptography:
Symmetric cryptography (stream ciphers, block ciphers, cryptoalgorithms, e.g. AES, IDEA, RC2, DES), asymmetric cryptography (Diffie-Hellman, RSA, elliptic curve cryptosystems), key management, one-way hash functions, digital signature, timestamp, encryption and signature tools

Public-key infrastructure:
public-key certificate, certification authority, public-key infrastructure elements

passwords, onetime passwords, cryptographic authentication mechanisms, biometric methods, single sign-on

Authorisation and access control:
management and implementation of information system access control, privilege management infrastructure, AAA (Radius, Diameter), firewall (packet filtering, circuit gateway, application proxy, etc.), intrusion detection system

Network security:
security services and mechanisms at different network layers, protection in different types of networks, wireless networks security (IEEE 802.11, IEEE 802.16)

Application security:
secure e-mail, secure world wide web, XML security, databases

Course literature:

Selected chapters from the following books:

• W. Stallings and L. Brown, Computer Security – Principles and Practice. Pearson International Edition, 2008, ISBN 978-0-13-513711-6
• R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition. Wiley Computer Publishing, 2008, ISBN 978-0470068526
• M. Bishop, Computer security: art and science. Addison-Wesley, 2003, ISBN 978-0201440997
• R. Bojanc, B. Jerman-Blažič and M. Tekavčič, Informacijska varnost v podjetniškem okolju: potrebe, ukrepi in ekonomika vlaganj, (Znanstvene monografije Ekonomske fakultete). Ljubljana: Ekonomska fakulteta, 2014. VI, 168 pages, ilustr. ISBN 978-961-240-283-9

Significant publications and references:

• V. Jovanovikj, D. Gabrijelčič and T. Klobučar, “A conceptual model of security context,” International journal of information security, ISSN 1615-5262, vol. 13, no. 6, pp. 571-581, 2014
• B. Ivanc and T. Klobučar, “Attack modeling in the critical infrastructure = Modeliranje napadov v kritični infrastrukturi,” Elektrotehniški vestnik, ISSN 0013-5852. [Slovenska tiskana izd.], vol. 81, no. 5, pp. 285-292, 2014
• T. Klobučar, D. Gabrijelčič and V. Pagon, “Cross-border e-learning and academic services based on eIDs : case of Slovenia” in eChallenges 2014 : 29-30 October, 2014 Belfast, Ireland. Dublin: IIMC: = International Information Management Corporation, 8 pages, 2014
• P. Cigoj and T. Klobučar, “Cloud security and OpenStack” in R. Trobec (Ed.). Proceedings of the 1th International Conference on CLoud Assisted ServiceS, Bled, Slovenia, October 22 -25: CLASS. 1st ed. Ljubljana: Univerza v Ljubljani, pp. 20-27, 2012
• V. Jovanovikj, D. Gabrijelčič and T. Klobučar, “Access control in BitTorrent P2P networks uisng the enhanced closed swarms protocol” in Netware 2011: August 21-27, 2011, Nice - Saint Laurent du Var, France. [S. l.], pp. 97-102, 201
• B. Jerman-Blažič (Ed.), W. Schneider (Ed.) and T. Klobučar (Ed.), Security and privacy in advanced networking technologies, (NATO science series, Series III, Computer and systems sciences, vol. 193). Amsterdam [etc.]: IOS Press, VIII, 250 pages, 2004. ISBN 1-58603-430-8
• A. Jerman-Blažič, T. Klobučar and B. Jerman-Blažič, “Long-term trusted preservation service using service interaction protocol and evidence records,” Comput. stand. interfaces. [Print ed.], vol. 29, no. 3, pp. 398-412, 2007
• T. Klobučar and B. Jerman-Blažič, “A formalization and evaluation of certificate policies,” Comput. commun.. [Print ed.], vol. 22, pp. 1104-1110, 1999
• T. Klobučar and B. Jerman-Blažič, “An infrastructure for support of digital signatures,” Informatica (Ljublj.), vol. 23, spec. issue, no. 4, pp. 447-481, 1999


Seminar work with oral defense (50%)
Oral or written exam (50%)

Students obligations:

Seminar work and oral defense of seminar work.