CS263 15 CATS (7.5 ECTS) Term 1
Option - CS, CSE, DM
Note: This module is only available to students in the second year of their degree and is not available as an unusual option to students in other years of study.
The module aims to provide students with a grounding in the specification, design, implementation and evaluation of secure systems. This includes coverage of formal, pattern-based and domain-specifics approaches to development, as well as the human factors relevant to secure systems.
On completion of the module the student will be able to:
Understand core security concepts and technologies relating to the development of secure systems.
- Understand the significance of context in the development of secure systems, as relating to varying computer architectures and platforms.
- Understand how software development methodologies can be augmented to account for the development of secure systems, including coverage of pattern and model-driven development approaches.
- Understand and have experience applying defensive programming approaches in the development and analysis of secure systems.
- Understand and have experience the principles of state-of-the-art approaches for the testing of secure testing, including penetration testing and fuzzing.
- Appreciate the long-term challenges surrounding and approaches for managing secure systems in an organisational context.
The emphasis of the module is on the specification, design, implementation and evaluation of secure systems. The outline below is illustrative of what will be covered, though the nature of computer security means that the specific topics covered will vary as developments dictate
Secure Systems Development Context
- Core concepts - confidentiality, availability, authenticity, control, trust, etc.
- Core technologies - authentication, permissions and access control, privacy controls, communication protocols, event monitoring, sandboxing, cryptographic hashes, etc.
- Architectures - Distributed systems, centralised systems, dynamic composition, etc.
- Platforms - Operating systems, middleware, virtualisation, etc.
Specification and Design
- Formal specification methods and secure systems
- Secure model-driven development
- Secure architecture and pattern-based design
- Methodologies and standards for secure systems development
Implementation and Testing
- Secure programming techniques
- Security and design-patterns for systems implementation
- Network security – IPSec, tunnelling, VPNs, etc.
- Obfuscation and de-obfuscation
- Reverse Engineering
Evaluation and Maintenance
- Validation methods and system hardening
- Human factors and organisational security
- Software and threat evolution
- Remote protection
- Penetration testing
- Bishop, M. Introduction to Computer Security, 2004, Addison-Wesley.
- Bejtlich, R. The Practice of Network Security Monitoring, 2013, No Starch Press.
- Merkow, M. S., Raghavan, L., Secure and Resilient Software: Requirements, Test Cases and Testing Methods, 2011, Auerbach Publications.
- Stallings, W., Cryptography and Network Security: Principles and Practice, 2016, Pearson.
- Zhu, L., Zhang, Z., Xu, C., Secure and Privacy-Preserving Data Communication in Internet of Things, 2017, Springer.
Two hour examination (70%), coursework (30%)
30 lectures and 10 practical classes