Coronavirus (Covid-19): Latest updates and information
Skip to main content Skip to navigation

Cyber Security for Virtualisation Systems (15cr)


This module considers the cyber security consequences of virtualised systems and the opportunities that they offer. Focusing on software containerisation systems such as Docker, and comparing their properties with other virtualisation tools and techniques, the course looks at the trust relationships and the available security controls between the underlying operating system, the container, or other virtualised environment, and the software executing within the container.

Principal module aim is to enable students to regulate the various security relationships between components of a virtualised ecosystem.


Upon successful completion participants will be able to:

  • Analyse the security relationships within a virtualised ecosystem: - between a virtualised container and its sibling containers; - between a virtualised container and the underlying host
  • Evaluate the extent to which a virtualised container ecosystem satisfies its desired security properties
  • Configure a virtualised container ecosystem to achieve the desired security properties from the perspective of both the container and the underlying host


Overall context:
- why is virtualisation and containment needed?

Development of containment in computing:
- bare metal evolution, instruction sets, clock speed, storage, multicore
- operating system, multitasking, scheduling, sharing and isolation
- root jails, virtualisation, containers
- resources: cpu cycles, storage, communications bandwidth, entropy, input, output.

Containment ecosystem:
- host, container (guest) and sibling containers (guests)
- virtualisation vs containerisation

Lifecycle of the provision of a service:
- concept, specification, design, development, versioning, signing, testing, deployment, maintenance, evolution, decommissioning, timescales

Security in virtualisation and containment:
- threats, sources, agents, vulnerabilities, exploits, vectors,
- controls, privilege, capabilities – in host and container (guest)
- resource separation, storage, execution, networking – in host and container (guest)


Post-module assignment (100%)


1 week, including 15 hours of lectures and 25 hours of practical classes.