Unit information: Fundamentals of System Security in 2022/23

Unit name	Fundamentals of System Security
Unit code	COMSM0122
Credit points	20
Level of study	M/7
Teaching block(s)	Teaching Block 1 (weeks 1 - 12)
Unit director	Dr. Omoronyia
Open unit status	Not open
Units you must take before you take this one (pre-requisite units)	Units in TB1 for the MSc in Cyber Security Foundations
Units you must take alongside this one (co-requisite units)	None
Units you may not take alongside this one	None
School/department	School of Computer Science
Faculty	Faculty of Engineering

Unit Information

Why is this unit important?

The unit aims at providing necessary technical background to build a solid foundation for more specialised and advanced topics related to cyber security. The more specialised nature of the programme involves infrastructure systems, which are composed on typical computing components. This will include an introduction to classical and more contemporary security issues and defences. The unit interprets the term system to refer to a combination of software and hardware. The software part includes user application and operating system. As a result, the unit covers security topics related to each of these three compartments of a system. As a side-effect, the unit will explain how computing platforms work at various levels of abstraction, including both software and hardware.

How does this unit fit into your programme of study?

The overall aim of the unit is to equip the students with the understanding and hands-on skills of security issues and solutions within computer systems when addressing the real-world (e.g., industry relevant) problems. This unit covers security aspects of typical computing components in a more generic manner, which allows student to get equipped with necessary skills and knowledge to understand more complex and specialised systems to be studied in TB2.

Your learning on this unit

An overview of content.

Topics will include:

• Software Security
• Software Defences
• Introduction to Malware
• Operating System (OS) Security
• Hardware (HW) attacks

An overview of content Topics will include:

How will students, personally, be different as a result of the unit

Upon the completion of the unit, students will develop knowledge and understanding of the topics above. They will also gain hands-on understanding of attacks and defences through lab work as well as a live exercise where they work with others in a team to attack and defend a typical system. Students will also develop their individual analytical and problem solving skills by applying their knowledge to a substantial case study as a part of their individual assignment.

Learning Outcomes

At the end of the unit, students will

1. Have knowledge about security aspects of software and hardware, including classical and contemporary security vulnerabilities and their impact (exploitation).
2. Be able to critically analyse software and systems design from a security perspective and be able to demonstrate the understanding of how systems and software can be engineered to protect against offensive techniques.
3. Learn to work in groups while also focusing on individual contributions to address real-world like problems (by means of groups and individual assignments)
4. Learn to communicate about complex technical topics in a manner that is suitable for a wider audience—a desired skill in several real-world jobs

How you will learn

The unit will be delivered through lectures, labs and office hours.

In the event of a return to fully remote teaching due to COVID-19 we will adopt the University’s recommended blend of synchronous, asynchronous and on-campus (where possible) sessions.

Asynchronous sessions are designed for students to access in their own time and are made up of a structured sequence of inputs and activities. Synchronous sessions are delivered live and will include opportunities for interaction, for example, tasks, quick polls or chat) to support and encourage student engagement. Synchronous sessions will be recorded, where possible, for those unable to attend. Peer to peer interaction and group work will remain key elements of the unit. For lab work, on-campus will be prioritised, however, where that is not feasible this will be adapted to suit available software. For specialised activity, Bristol Cyber Security Group host an isolated VPN network that sits alongside that of the main university. This VPN can be used across any units that require specific services that cannot be replicated at home.

How you will be assessed

Tasks which help you learn and prepare you for summative tasks (formative):

Weekly lab sessions and workbook; Extension exercises. This will include both group work and individual work.

Tasks which count towards your unit mark (summative):

Coursework (100%), comprising Group work (40%) & Individual work (60%)

Analysis of security (including attacks and defences) of a real-world application (group work: 40%)

• Submission will include the artefacts and results from the analysis.

Developing a technique and a working prototype of attack/defence mechanism. For example, enhancing an existing technique, or implementing a working tool based on a technical paper. (Individual work: 60%)

• The submission will involve software code developed in line with the requirements of the assessment.

For group work, each student will be required to submit a reflective log (max. 500 words) reflecting on their learning, their contributions and that of other group members. These reflective logs will be used by markers to evaluate group dynamics and contributions.

When assessment does not go to plan

If students do not pass an individual assessment, an equivalent (different) assessment will be set by the unit director.

For group work, if the reflective logs highlight an unequal contribution by the students and therefore it would be unfair to award all students within the group the same mark, the marker will hold a meeting with relevant students to assess their understanding of the topic. Where extenuating circumstances mean that a student cannot participate in this summative group work, an equivalent piece of work will be set which would require an in-depth study of two contrasting approaches from literature through their application to a suitably sized case study and a report.

As the formative assessments in each of the units involve group work the students will still be able to gain relevant group work skills and meet the programme level ILOs even if they cannot complete a summative group work assessment in group work mode due to extenuating circumstances.

Resources

If this unit has a Resource List, you will normally find a link to it in the Blackboard area for the unit. Sometimes there will be a separate link for each weekly topic.

If you are unable to access a list through Blackboard, you can also find it via the Resource Lists homepage. Search for the list by the unit name or code (e.g. COMSM0122).

How much time the unit requires
Each credit equates to 10 hours of total student input. For example a 20 credit unit will take you 200 hours of study to complete. Your total learning time is made up of contact time, directed learning tasks, independent learning and assessment activity.

See the Faculty workload statement relating to this unit for more information.

Assessment
The Board of Examiners will consider all cases where students have failed or not completed the assessments required for credit. The Board considers each student's outcomes across all the units which contribute to each year's programme of study. If you have self-certificated your absence from an assessment, you will normally be required to complete it the next time it runs (this is usually in the next assessment period).
The Board of Examiners will take into account any extenuating circumstances and operates within the Regulations and Code of Practice for Taught Programmes.