Skip to main content

Unit information: Security 101 in 2017/18

Unit name Security 101
Unit code COMS10005
Credit points 10
Level of study C/4
Teaching block(s) Teaching Block 1 (weeks 1 - 12)
Unit director Professor. Elisabeth Oswald
Open unit status Open
Pre-requisites

None

Co-requisites

None

School/department Department of Computer Science
Faculty Faculty of Engineering

Description

The primary goal of the unit is to impart knowledge about dangers/threats (practice orientated) specific to security critical applications. A secondary goal is to raise awareness of how such threats impact on individual’s (online) lives, as well as how they impact on organisations. A third goal is to create awareness about tools and techniques to improve ones online security.

Consequently, the unit centres around lectures that explain basic threats, in part based on real life case studies. To ensure that the topics covered are sufficiently relevant to students but also expose them to new ideas, the principle of designing the unit is to identify ‘core’ topics and ‘extension’ topics. All core topics will be delivered every year the unit runs, whereas extension topics can be chosen, and I envision that students vote on them at the end of month 1.

Core Topics: (taught over 5ish weeks)

  1. Intro/Unit outline/Assessment; who am I online: user/roles, access rights, authentication
  2. How can I proof my identity online? Authentication cont.: passwords (storing passwords?), authentication tokens (one time passwords), signatures (hint towards public key cryptography)
  3. CIA: how does cryptography help to achieve confidentiality, integrity, authenticity, what does ‘secure’ mean?
  4. Securing data at rest: revisit passwords, file/disk encryption
  5. Securing data in transit: TLS, SSH, email encryption
  6. Staying clear from malware: viruses, worms, trojans
  7. Computer security: what is inside WinOS, MacOS, Unix to improve security

Optional Topics: (a subset will be selected each time)

  1. Developing secure software: checking inputs to avoid exploiting buffer overflows, stack smashing
  2. Security challenges in the context of embedded devices: physical security
  3. Security challenges in the context of large and complex systems: deduplication (clouds), maybe a little on computing on encrypted data
  4. Privacy: Tor, security of web applications, web fingerprinting
  5. Failing gracefully: disaster recovery
  6. Psychology of security: how do human biases inform how we judge risk and uncertainty
  7. Banking security: EMV standard
  8. Mobile security: GSM vs. UMTS
  9. IoT security: connects with small devices: D/TLS
  10. Critical infrastructures

Intended learning outcomes

Explain and define the basic principles fundamental to modern information security concepts.

Identify information security principles within their own use of information technology.

Raise awareness about the existence of tools improving their online security.

Teaching details

Delivery via lectures (2 hours per week) and bi-weekly labs (a 2 hour slot every other week).

Assessment Details

Assessment: in line with the goals, there are three assessment components:

a) submitted by end of week 6, via a signed and encrypted email to the course director (or some email-alias specific to the unit), a 2-page summary of their experience setting up email encryption and signatures, specifically focussing on usability but also explaining their understanding of the processes involved.

b) submitted by end of week 12, via a signed and encrypted email to the course director (or to some email-alias specific to the unit), an up to 2 page reflection on their own practice regarding computer security. This might include: how they choose passwords, how/where they save them, if or not they have antivirus installed/configured, what online providers they use, what they share on Social Media, what certificates they have installed, their awareness of the information security policies of whatever organisations they are in (University), have they got a back up, etc. Students should aim to cover 3 different points in their reflection and aim to choose one of the areas of reflection in connection with one of the additional topics that we will have covered.

The definition of 1 page equals, A4, 2cm borders on all sides, 11pt Arial font. Text beyond the page limit will ignored, and any story/explanation or argument that due to that becomes meaningless is to the detriment of the student. There will be no penalty (other than ignoring what is beyond the page limit) imposed.

c) in the January assessment period a multiple choice test.

Assessments a) and b) will each count 30%. They will test the increase in awareness of the students regarding the mechanisms available to improve their online security (and that of the wider public). They will also test students’ ability to practically use at least one tool that improves their online security. Assessment c) will count 40% and test their knowledge.

Reading and References

Anderson: Security Engineering, Wiley

Schneier: Cryptography Engineering, Wiley

Schneier: Liars and Outliers, Wiley

Feedback