Please note: Due to alternative arrangements for teaching and
assessment in place from 18 March 2020 to mitigate against the restrictions in
place due to COVID-19, information shown for 2019/20 may not always be accurate.
Please note: you are viewing unit and programme information
for a past academic year. Please see the current academic year for up to date information.
Unit name |
Systems Security |
Unit code |
COMSM1500 |
Credit points |
10 |
Level of study |
M/7
|
Teaching block(s) |
Teaching Block 1 (weeks 1 - 12)
|
Unit director |
Dr. Paquier |
Open unit status |
Not open |
Pre-requisites |
COMS12200, COMS10005, COMS10010, COMS10008, COMS20001
|
Co-requisites |
None
|
School/department |
Department of Computer Science |
Faculty |
Faculty of Engineering |
Description including Unit Aims
Computer and information security is a huge topic that can be approached from many angles. Whereas Cryptography A/B (COMS30002/COMSM0007) deal with mathematical foundations and Applied Security (COMS30901) focuses on secure implementation, this course takes a step back and looks at security from a systems perspective:
- What does "security" really mean?
- How can we design for security rather than trying to bolt it on at the end?
- Why, in the 21st century, does, for example, a SQL injection vulnerability still occur every other week even though this should be common knowledge by now?
The gist of this course is that organisational, systemic and above all human aspects of security are at least as important as technical ones. We will look at some of the following topics in more detail and from a systemic viewpoint. This unit deliberately presents a large amount of material in more breadth than depth.
- Key definitions, systems thinking, safety vs. security
- Standards and best practice (PCI DSS, OWASP, ISO, FIPS, NIST etc.)
- Authentication and access Control (especially passwords)
- Hardware security and processor features; cryptographic hardware
- Software security / secure programming including stack/buffer overflows, injection vulnerabilities and shellcode
- Operating system security
- Malware
- Trusted Computing
- Cryptography (with no focus on the mathematical elements)
- Network security: network stack, TCP/IP, SSL/TLS, firewalls
We will also discuss some security topics or breaches that make the news during the course - losing a million customer records happens so often these days there's bound to be at least one major breach in the 12 week teaching block!
Intended Learning Outcomes
After completing this unit, you will be able to:
- Apply principles of computer/information security to formulate or assess a high-level security analysis of an application or website
- Audit code and identify and suggest mitigations for instances of the most common security vulnerabilities
- Categorise common security protocols according to their aims and suggest a (combination of) protocol(s) to achieve a particular security aim
- Critically discuss security requirements for individual components in the context of larger systems
- Avoid the most common computer security mistakes in your future career!
Teaching Information
20 hours of lectures.
Assessment Information
40% exam and 2 pieces of coursework worth 30% each. For the coursework you will work in groups of 2 or 3.
The exam focuses on concepts and their interactions whereas the courseworks each contain a technical and a reflective part. For each technical task there will be a lab, for the reflective part you are expected to do some research of your own.
Reading and References
- C.P. Pfleeger and S.L. Pfleeger. Security in Computing. Prentice Hall, 2006. ISBN: 978-0132390774.
- R. Anderson. Security Engineering. John Wiley & Sons, 2008. ISBN: 978-0470068526.
- D. Gollmann. Computer Security. Wiley, 2010. IBSN: 978-0470862933.
- G. Dhillon. Principles of Information Systems Security. Wiley, 2006. IBSN: 978-0471450566.