Unit name | Secure Software Engineering |
---|---|
Unit code | COMSM0164 |
Credit points | 30 |
Level of study | M/7 |
Teaching block(s) |
Teaching Block 2 (weeks 13 - 24) |
Unit director | Dr. Omoronyia |
Open unit status | Not open |
Units you must take before you take this one (pre-requisite units) |
Foundations for Cyber Secure Everywhere |
Units you must take alongside this one (co-requisite units) |
None |
Units you may not take alongside this one |
None |
School/department | School of Computer Science |
Faculty | Faculty of Engineering |
This unit will offer practical knowledge on engineering secure systems across the software engineering life-cycle. The focus includes requirements, design, implementation, testing and maintenance of heterogeneous systems - crosscutting multiple operational, deployment and data-sharing environment, which are long-lived and required to satisfy multiple stakeholders' objectives. At the end of this unit, students will be equipped with the skills necessary to apply software security and privacy techniques in the industry, as well as carry out research in building secure systems that are future-proof for the next evolution in digital transformation.
The intended learning outcomes are:
The unit aims to introduce fundamental concepts that are the building blocks of software analysis (testing). The unit will further explore how do we adopt these analyses to test security issues in applications. At the end, the students should have solid understanding of how to test applications for detecting security issues and what techniques to use for that purpose.
Teaching will be delivered through lectures, labs and office hours. Lectures will be followed by practical classes and workshops to include hands-on exercises involving code and design reviews and refactoring, as well as implementing own systems to support evaluating the effective implementation of protection mechanisms.
Coursework (100%), comprising Group work (40%) and Individual work (60%).
Group work 40% Third-party component analysis exercise on a case study . Submission will include the artefacts and results from the analysis of third-party components review and data protection risk analysis and a discussion of the analysis conducted. The discussion will be maximum 3000 words (this excludes the artefacts and any bibliography). (ILO 2, 3, 5)
Individual work: 60% Apply policy-as-Code design technique to develop a secure application using a policy-based control for cloud native environment. The submission will involve software code developed in line with the requirements of the assessment. (ILO 1, 4, 5, 6)
For group work, each student will be required to submit a reflective log (max. 500 words) reflecting on their learning, their contributions and that of other group members. These reflective logs will be used by markers to evaluate group dynamics and contributions.
If this unit has a Resource List, you will normally find a link to it in the Blackboard area for the unit. Sometimes there will be a separate link for each weekly topic.
If you are unable to access a list through Blackboard, you can also find it via the Resource Lists homepage. Search for the list by the unit name or code (e.g. COMSM0164).
How much time the unit requires
Each credit equates to 10 hours of total student input. For example a 20 credit unit will take you 200 hours
of study to complete. Your total learning time is made up of contact time, directed learning tasks,
independent learning and assessment activity.
See the University Workload statement relating to this unit for more information.
Assessment
The Board of Examiners will consider all cases where students have failed or not completed the assessments required for credit.
The Board considers each student's outcomes across all the units which contribute to each year's programme of study. For appropriate assessments, if you have self-certificated your absence, you will normally be required to complete it the next time it runs (for assessments at the end of TB1 and TB2 this is usually in the next re-assessment period).
The Board of Examiners will take into account any exceptional circumstances and operates
within the Regulations and Code of Practice for Taught Programmes.