Skip to main content

Unit information: Systems Security in 2018/19

Please note: It is possible that the information shown for future academic years may change due to developments in the relevant academic field. Optional unit availability varies depending on both staffing and student choice.

Unit name Systems Security
Unit code COMSM1500
Credit points 10
Level of study M/7
Teaching block(s) Teaching Block 1 (weeks 1 - 12)
Unit director Dr. Bernhard
Open unit status Not open
Pre-requisites

None

Co-requisites

None

School/department Department of Computer Science
Faculty Faculty of Engineering

Description

Computer and information security is a huge topic that can be approached from many angles. Whereas Cryptography A/B (COMS30002/COMSM0007) deal with mathematical foundations and Applied Security (COMS30901) focuses on secure implementation, this course takes a step back and looks at security from a systems perspective:

  • What does "security" really mean?
  • How can we design for security rather than trying to bolt it on at the end?
  • Why, in the 21st century, does, for example, a SQL injection vulnerability still occur every other week even though this should be common knowledge by now?

The gist of this course is that organisational, systemic and above all human aspects of security are at least as important as technical ones. We will look at some of the following topics in more detail and from a systemic viewpoint. This unit deliberately presents a large amount of material in more breadth than depth.

  • Key definitions, systems thinking, safety vs. security
  • Standards and best practice (PCI DSS, OWASP, ISO, FIPS, NIST etc.)
  • Authentication and access Control (especially passwords)
  • Hardware security and processor features; cryptographic hardware
  • Software security / secure programming including stack/buffer overflows, injection vulnerabilities and shellcode
  • Operating system security
  • Malware
  • Trusted Computing
  • Cryptography (with no focus on the mathematical elements)
  • Network security: network stack, TCP/IP, SSL/TLS, firewalls

We will also discuss some security topics or breaches that make the news during the course - losing a million customer records happens so often these days there's bound to be at least one major breach in the 12 week teaching block!

Intended learning outcomes

After completing this unit, you will be able to:

  • Apply principles of computer/information security to formulate or assess a high-level security analysis of an application or website
  • Audit code and identify and suggest mitigations for instances of the most common security vulnerabilities
  • Categorise common security protocols according to their aims and suggest a (combination of) protocol(s) to achieve a particular security aim
  • Critically discuss security requirements for individual components in the context of larger systems
  • Avoid the most common computer security mistakes in your future career!

Teaching details

20 hours of lectures.

Assessment Details

40% exam and 2 pieces of coursework worth 30% each. For the coursework you will work in groups of 2 or 3.

The exam focuses on concepts and their interactions whereas the courseworks each contain a technical and a reflective part. For each technical task there will be a lab, for the reflective part you are expected to do some research of your own.

Reading and References

  • C.P. Pfleeger and S.L. Pfleeger. Security in Computing. Prentice Hall, 2006. ISBN: 978-0132390774.
  • R. Anderson. Security Engineering. John Wiley & Sons, 2008. ISBN: 978-0470068526.
  • D. Gollmann. Computer Security. Wiley, 2010. IBSN: 978-0470862933.
  • G. Dhillon. Principles of Information Systems Security. Wiley, 2006. IBSN: 978-0471450566.

Feedback