SECURE SYSTEMS AND APPLICATIONS - 2018/9

Module code: COMM047

Module provider

Computer Science

Module Leader

CHEN L Prof (Computer Sci)

Number of Credits

15

ECTS Credits

7.5

Framework

FHEQ Level 7

JACs code

I100

Module cap (Maximum number of students)

N/A

Module Availability

Semester 2

Overall student workload

Lecture Hours: 33

Laboratory Hours: 11

Assessment pattern

Assessment type Unit of assessment Weighting
Coursework COURSEWORK I (INDIVIDUAL) 50
Coursework COURSEWORK II (INDIVIDUAL) 30
School-timetabled exam/test IN-SEMESTER TEST (INDIVIDUAL) (2 HOURS) 20

Alternative Assessment

N/A

Prerequisites / Co-requisites

N/A

Module overview

The module covers concepts and technologies for building secure and usable systems. The different lectures of the module focus on access control mechanisms, software and operating systems security, malware, threats and countermeasures for Web applications and databases, web and user authentication protocols, security of cyber-physical systems, human-centred security aspects such as social engineering and usability, security economics, privacy protection and trusted computing technologies.

Module aims

The aim of this module is to teach students to address various aspects that may arise in the development process of secure systems and applications and to privde background knowledge and understanding of selected technologies and mechanisms that are relevant in this context. The module will focus on technical challenges and concepts while also covering a range of security-related concepts of  less technical nature such as consideration of human factors and economics of security.

Learning outcomes

Attributes Developed
1 Understand a variety of challenges in the development of secure and usable systems KC
2 Understand the functionality and goals of selected technologies and mechanisms that can aid the development process KCT
3 Experience selected technologies and mechanisms in practice KPT

Attributes Developed

C - Cognitive/analytical

K - Subject knowledge

T - Transferable skills

P - Professional/Practical skills

Module content



Access control models and techniques (e.g. ACLs, mandatory access control, discretionary access control, role-based access control, group-based access control)


Software and operating systems security (incl. buffer overflows, privilege escalation attacks, rootkits)


Malware analysis (incl. threats and detection of various malware types, static/dynamic analysis) and countermeasures (e.g. antivirus technologies)


Web applications and database security (incl. XSS attacks (stored, reflected, DOM-based) and XSRF attacks on HTTP connections, penetration testing for Web applications, SQL injection attacks, countermeasures)


Web and user authentication protocols (e.g. using passwords, tokens, biometrics), incl. threats and countermeasures (e.g. password salting, authentication with two and more factors)


Privacy threats and protection (incl. online privacy, anonymous communications, privacy-enhancing technologies, cryptographic privacy protection, applications requiring privacy (e.g. social networks, e-voting))


Trusted computing technologies (computer platform authentication, attestation and integrity, and hardware enhanced root of trust)


Social engineering attacks (incl. phishing, pharming), human factors and usable security, security economics


Security of cyber-physical systems (incl. security of wireless communication standards such as WiFi, Bluetooth, GSM, RFID, NFC, security of sensor networks and mobile devices)



 

Methods of Teaching / Learning

The learning and teaching strategy is designed to:


Help students understand a range of security aspects that may arise in the development process of secure and usable systems   
Explain selected concepts and techniques for building secure systems and applications
Explain the importance of considering human factors for security and their impact
Enable students to apply selected technologies and mechanisms in practice


The learning and teaching methods include:


Lectures (10 weeks at 2h) using detailed lecture slides to gauge the students’ understanding
Labs (10 weeks at 2h) using computing labs, exercise sheets and their solutions.


Students will be expected to distribute the remaining workload on self-study, preparation for lectures and labs, preparation and submission of coursework assignments.

 

Assessment Strategy

The assessment strategy is designed to provide students with the opportunity to demonstrate that they have achieved the module learning outcomes.

 

Thus, the summative assessment for this module consists of:



An individual coursework assignment with a set of questions (incl. practical tasks) to cover several topics of the module and to address LO1, LO2 and LO3.


An individual coursework allowing students to apply what they learned to a realistic application, a real-world attack or a scenario where both security and usability need considering. This assessment will mainly cover human factors in cyber security and applications/attacks/scenarios can come from any part of the module. It addresses LO1, LO2 and LO3 in an ad hoc setting.


An in-semester test with a set of questions on different topics (in particular, on user authentication, privacy, trusted computing and cyber-physical systems security) that students are required to answer. The in-semester test will address LO1 and LO2.



 

Formative assessment and feedback

Lecture slides are used extensively in the lectures with each lecture consisting of a number of slides explaining the topic and showing the examples. Solutions to lab exercises are explained during the lab session and provided to the students.

 

Reading list

Reading list for SECURE SYSTEMS AND APPLICATIONS : http://aspire.surrey.ac.uk/modules/comm047

Programmes this module appears in

Programme Semester Classification Qualifying conditions
Information Security MSc 2 Compulsory A weighted aggregate mark of 50% is required to pass the module

Please note that the information detailed within this record is accurate at the time of publishing and may be subject to change. This record contains information for the most up to date version of the programme / module for the 2018/9 academic year.