| Unit name | Systems and Software Security (Teaching Unit) |
|---|---|
| Unit code | COMSM0049 |
| Credit points | 0 |
| Level of study | M/7 |
| Teaching block(s) |
Teaching Block 1 (weeks 1 - 12) |
| Unit director | Dr. Belguith |
| Open unit status | Not open |
| Units you must take before you take this one (pre-requisite units) |
COMS10016 Imperative and Functional Programming COMS10015 Computer Architecture and COMS10012 Software Tools or equivalent. COMS20008 Computer Systems A and COMS20012 Computer Systems B or equivalent. Understanding and ability to work with: C Programming Computer Architecture Software Development Tools Compiler Operating Systems Networking |
| Units you must take alongside this one (co-requisite units) |
EITHER COMSM0158 Advanced Topics in Computer Science MINOR (Examination assessment, 20 credits) OR COMSM0157 Systems and Software Security MAJOR (20 credits). Please note: This unit is the Teaching only unit for the Systems and Software Security option. Students taking this unit choose to be assessed by EITHER the MAJOR 20 credit unit (COMSM0157) OR as part of the Advanced Topics in Computer Science MINOR 20 credit examination unit. Students select the form of assessment to be taken by enrolling on the appropriate co-requisite assessment unit. |
| Units you may not take alongside this one |
None |
| School/department | School of Computer Science |
| Faculty | Faculty of Engineering |
Why is this unit important?
Modern computer systems are large and complex and built over decades of technology and innovation. Vulnerabilities emerges from a combination of those properties. In this unit, we study how to identify such vulnerabilities and how to protect computer systems & software. This unit is intended for students with a strong computer science background and build on knowledge about computer architecture, networking, operating systems design, programming and compilation.
We explore Systems & Software Security from two complementary perspective: defensive and offensive techniques. Firstly, we will study the following defensive techniques:
Understanding an attacker and methods is important to design secure software and systems.
Secondly, we will study the following topics:
How does this unit fit into your programme of study?
This is an optional unit that can be taken during TB1 in Year 4. This positioning allows students to make use of fundamental skills and knowledge developed during the first 3 years of their study. This unit is also delivered around the time that students are selecting their final year project topics, so can have an influence on the nature of projects undertaken.
An overview of content
This unit teaches hacking. We introduce students to binary exploitation techniques, starting for Stack Smashing approaches in the 1990s up to modern Return Orientated Programming techniques. As well as the offensive techniques, more general reverse engineering and bug discovery techniques are introduced as well as modern mitigation strategies.
How will students, personally, be different as a result of the unit
Students completing this unit will have a deeper understanding of how the machine works in practice and the layers of abstraction that computers are built from. Their understanding will move from knowing that certain programming practices are “dangerous” but to knowing and practicing how to do dangerous things with certain bugs and how to defend against them.
Learning Outcomes
On successful completion of this unit, ALL students (both MAJOR and MINOR) will be able to:
When the unit is taken as the MAJOR 20 credit variant, students will also be able to:
4. Apply techniques for exploiting software/systems vulnerabilities in practice.
Teaching will be delivered through a combination of synchronous and asynchronous sessions, including lectures, practical activities and labs, supported by problem sheets and self-directed exercises.
Teaching will take place over Weeks 1-8. For the MAJOR variant of this unit, weekly support sessions will be provided during weeks 9-11 to assist students with completing their coursework. For students assessed by examination, consolidation and revision sessions will take place in Weeks 12.
Tasks which help you learn and prepare you for summative tasks (formative):
Practicing techniques taught in lectures the in class labs, attending lectures, and reading the related reading presented at the end of every lecture.
Tasks which count towards your unit mark (summative):
For students taking this unit as a MINOR variant, there will be a contribution of 10 credit points (equivalent to 1 hour of exam time) of questions to the “Advanced Topics in Computer Science” exam that will be sat during the winter examination period. This closed-book exam will assess Learning Outcomes 1, 2, 3.
For students taking this unit as a MAJOR variant, there will be two elements of assessment:
The coursework will involve building tooling to exploit a class of programs automatically.
In the in-class test, students will demonstrate learning from weeks 1–4 by showing that they can identify a vulnerability and craft an exploit to break security properties of a novel program. This will be done with most modern safety mechanisms (ASLR, W^X) disabled.
This test will build into the coursework where students must automate their attack, and deal with an increased number of safety mechanisms, providing both code and a presentation demonstrating their tooling.
The use of two elements of assessment for the MAJOR variant mitigates the risk of students failing the unit, should they perform poorly in either single element of assessment.
When assessment does not go to plan
Students will retake relevant assessments in a like-for-like fashion in accordance with the University rules and regulations.
If this unit has a Resource List, you will normally find a link to it in the Blackboard area for the unit. Sometimes there will be a separate link for each weekly topic.
If you are unable to access a list through Blackboard, you can also find it via the Resource Lists homepage. Search for the list by the unit name or code (e.g. COMSM0049).
How much time the unit requires
Each credit equates to 10 hours of total student input. For example a 20 credit unit will take you 200 hours
of study to complete. Your total learning time is made up of contact time, directed learning tasks,
independent learning and assessment activity.
See the University Workload statement relating to this unit for more information.
Assessment
The Board of Examiners will consider all cases where students have failed or not completed the assessments required for credit.
The Board considers each student's outcomes across all the units which contribute to each year's programme of study. For appropriate assessments, if you have self-certificated your absence, you will normally be required to complete it the next time it runs (for assessments at the end of TB1 and TB2 this is usually in the next re-assessment period).
The Board of Examiners will take into account any exceptional circumstances and operates
within the Regulations and Code of Practice for Taught Programmes.
