Unit information: Secure Software Engineering in 2024/25

Please note: Programme and unit information may change as the relevant academic field develops. We may also make changes to the structure of programmes and assessments to improve the student experience.

Unit name Secure Software Engineering
Unit code COMSM0164
Credit points 30
Level of study M/7
Teaching block(s) Teaching Block 2 (weeks 13 - 24)
Unit director Dr. Omoronyia
Open unit status Not open
Units you must take before you take this one (pre-requisite units)

Foundations for Cyber Secure Everywhere
Units you must take alongside this one (co-requisite units)

None
Units you may not take alongside this one

None
School/department School of Computer Science
Faculty Faculty of Engineering

Unit Information

This unit will offer practical knowledge on engineering secure systems across the software engineering life-cycle. The focus includes requirements, design, implementation, testing and maintenance of heterogeneous systems - crosscutting multiple operational, deployment and data-sharing environment, which are long-lived and required to satisfy multiple stakeholders' objectives. At the end of this unit, students will be equipped with the skills necessary to apply software security and privacy techniques in the industry, as well as carry out research in building secure systems that are future-proof for the next evolution in digital transformation.

The intended learning outcomes are:

  1. Learn how to securely build, deploy and run applications that take advantage of the distribution offered by the cloud delivery model;
  2. Understand most common secured software design and architectures, their qualities, and tradeoffs;
  3. Describe the life cycle for developing secure software systems;
  4. Understand the different mechanisms and metrics for assessing and verifying the effectiveness of a secure software solution;
  5. Evaluate alternatives software design strategies and design pattern that maximises the satisfaction of security objectives; and
  6. Apply secure software engineering principles to a range of application domains and case studies such as internet of things, mobile computing, as well as third-party API and SDK integration within heterogeneous distribution platforms.

Your learning on this unit

The unit aims to introduce fundamental concepts that are the building blocks of software analysis (testing). The unit will further explore how do we adopt these analyses to test security issues in applications. At the end, the students should have solid understanding of how to test applications for detecting security issues and what techniques to use for that purpose.

How you will learn

Teaching will be delivered through lectures, labs and office hours. Lectures will be followed by practical classes and workshops to include hands-on exercises involving code and design reviews and refactoring, as well as implementing own systems to support evaluating the effective implementation of protection mechanisms.

How you will be assessed

Coursework (100%), comprising Group work (40%) and Individual work (60%).


Group work 40% Third-party component analysis exercise on a case study . Submission will include the artefacts and results from the analysis of third-party components review and data protection risk analysis and a discussion of the analysis conducted. The discussion will be maximum 3000 words (this excludes the artefacts and any bibliography). (ILO 2, 3, 5)


Individual work: 60% Apply policy-as-Code design technique to develop a secure application using a policy-based control for cloud native environment. The submission will involve software code developed in line with the requirements of the assessment. (ILO 1, 4, 5, 6)

For group work, each student will be required to submit a reflective log (max. 500 words) reflecting on their learning, their contributions and that of other group members. These reflective logs will be used by markers to evaluate group dynamics and contributions.

Resources

If this unit has a Resource List, you will normally find a link to it in the Blackboard area for the unit. Sometimes there will be a separate link for each weekly topic.

If you are unable to access a list through Blackboard, you can also find it via the Resource Lists homepage. Search for the list by the unit name or code (e.g. COMSM0164).

How much time the unit requires
Each credit equates to 10 hours of total student input. For example a 20 credit unit will take you 200 hours of study to complete. Your total learning time is made up of contact time, directed learning tasks, independent learning and assessment activity.

See the University Workload statement relating to this unit for more information.

Assessment
The Board of Examiners will consider all cases where students have failed or not completed the assessments required for credit. The Board considers each student's outcomes across all the units which contribute to each year's programme of study. For appropriate assessments, if you have self-certificated your absence, you will normally be required to complete it the next time it runs (for assessments at the end of TB1 and TB2 this is usually in the next re-assessment period).
The Board of Examiners will take into account any exceptional circumstances and operates within the Regulations and Code of Practice for Taught Programmes.

Related links

Feedback

University of Bristol,
Senate House,
Tyndall Avenue,
Bristol, BS8 1TH, UK
Tel: +44 (0)117 928 9000

Information for

Connect with us

More social media

Study at Bristol

Research

About the University

Support the University

Jobs

A–Z of the University