SECURE SYSTEMS AND APPLICATIONS - 2023/4
Module code: COMM047
Module Overview
The module covers concepts and technologies for building secure and usable systems. The different lectures of the module focus on access control mechanisms, software and operating systems security, malware, threats and countermeasures for Web applications and databases, web and user authentication protocols, security of cyber-physical systems, human-centred security aspects such as social engineering and usability, security economics, privacy protection and trusted computing technologies.
Module provider
Computer Science and Electronic Eng
Module Leader
TOREINI Ehsan (CS & EE)
Number of Credits: 15
ECTS Credits: 7.5
Framework: FHEQ Level 7
Module cap (Maximum number of students): N/A
Overall student workload
Independent Learning Hours: 90
Lecture Hours: 20
Laboratory Hours: 10
Guided Learning: 10
Captured Content: 20
Module Availability
Semester 2
Prerequisites / Co-requisites
N/A
Module content
Access control models and techniques (e.g. ACLs, mandatory access control, discretionary access control, role-based access control, group-based access control)
Software and operating systems security (incl. buffer overflows, privilege escalation attacks, rootkits)
Malware analysis (incl. threats and detection of various malware types, static/dynamic analysis) and countermeasures (e.g. antivirus technologies)
Web applications and database security (incl. XSS attacks (stored, reflected, DOM-based) and XSRF attacks on HTTP connections, penetration testing for Web applications, SQL injection attacks, countermeasures)
Web and user authentication protocols (e.g. using passwords, tokens, biometrics), incl. threats and countermeasures (e.g. password salting, authentication with two and more factors)
Privacy threats and protection (incl. online privacy, anonymous communications, privacy-enhancing technologies, cryptographic privacy protection, applications requiring privacy (e.g. social networks, e-voting))
Trusted computing technologies (computer platform authentication, attestation and integrity, and hardware enhanced root of trust)
Social engineering attacks (incl. phishing, pharming), human factors and usable security, security economics
Security of cyber-physical systems (incl. security of wireless communication standards such as WiFi, Bluetooth, GSM, RFID, NFC, security of sensor networks and mobile devices)
Assessment pattern
| Assessment type | Unit of assessment | Weighting |
|---|---|---|
| Coursework | COURSEWORK 1 | 50 |
| Coursework | COURSEWORK 2 | 50 |
Alternative Assessment
N/A
Assessment Strategy
The assessment strategy is designed to provide students with the opportunity to demonstrate that they have achieved the module learning outcomes.
Thus, the summative assessment for this module consists of:
An individual coursework assignment with a set of questions (incl. practical tasks) to cover several topics of the module and to address LO1, LO2 and LO3.
An individual coursework allowing students to apply what they learned to a realistic application, a real-world attack or a scenario where multiple features, such as security, privacy, trust and usability, need considering. It addresses LO1, LO2 and LO3 in an ad hoc setting.
Formative assessment and feedback
Lecture slides are used extensively in the lectures with each lecture consisting of a number of slides explaining the topic and showing the examples. Solutions to lab exercises are explained during the lab session and provided to the students.
Module aims
- The aim of this module is to teach students to address various aspects that may arise in the development process of secure systems and applications and to provide background knowledge and understanding of selected technologies and mechanisms that are relevant in this context.
- The module will focus on technical challenges and concepts while also covering a range of security-related concepts of less technical nature such as consideration of human factors and economics of security.
Learning outcomes
| Attributes Developed | ||
| 1 | Understand a variety of challenges in the development of secure and usable systems | KC |
| 2 | Understand the functionality and goals of selected technologies and mechanisms that can aid the development process | KCT |
| 3 | Experience selected technologies and mechanisms in practice | KPT |
Attributes Developed
C - Cognitive/analytical
K - Subject knowledge
T - Transferable skills
P - Professional/Practical skills
Methods of Teaching / Learning
The learning and teaching strategy is designed to:
- Help students understand a range of security aspects that may arise in the development process of secure and usable systems
- Explain selected concepts and techniques for building secure systems and applications
- Explain the importance of considering human factors for security and their impact
- Enable students to apply selected technologies and mechanisms in practice
The learning and teaching methods include:
- Lectures using detailed lecture slides to gauge the students’ understanding
- Labs using computing labs, exercise sheets and their solutions.
Students will be expected to distribute the remaining workload on self-study, preparation for lectures and labs, preparation and submission of coursework assignments.
Indicated Lecture Hours (which may also include seminars, tutorials, workshops and other contact time) are approximate and may include in-class tests where one or more of these are an assessment on the module. In-class tests are scheduled/organised separately to taught content and will be published on to student personal timetables, where they apply to taken modules, as soon as they are finalised by central administration. This will usually be after the initial publication of the teaching timetable for the relevant semester.
Reading list
https://readinglists.surrey.ac.uk
Upon accessing the reading list, please search for the module using the module code: COMM047
Other information
Digital Capabilities
Securing networked systems is currently one of the most in-demand industry areas with applications in many contexts such as finance, IT, science and health. This module provides a grounding in the theory and practice of building secure networked system. It introduces the area of trusted computing technologies and provides practical skills in working with these systems. They are a key component of many modern-day IT systems, and this module provides a solid technical grounding in cloud systems that are scalable and supportable for large numbers of geographically
Employability
Computer security is a requirement of all network systems and as such the skills taught on this course such as authentication protocols, security of cyber physical systems and the human-centred aspects of security are fundamental to the any workplace that develops computer systems. The mix of theory and hands on skills provide an understanding of the fundamental security principles and trusted platforms are skills that are widely sought in industry.
Global and Cultural Skills
Computer Science is a global language and the tools and languages used on this module can be used internationally. Networked systems by definition are distributed systems and this module allows students to develop skills that will allow them to reason about and develop applications with global reach and collaborate with their peers around the world.
Resourcefulness and Resilience
This module teaches both the theory and practical skills to allow students to work with networked systems in a secure manner. It provides the tools to reason about the complex hardware and software for distributed architectures and solve technical challenges by developing solutions that take advantage of the strengths of cloud systems.
Programmes this module appears in
| Programme | Semester | Classification | Qualifying conditions |
|---|---|---|---|
| Information Security MSc | 2 | Compulsory | A weighted aggregate mark of 50% is required to pass the module |
| Computer Science MEng | 2 | Optional | A weighted aggregate mark of 50% is required to pass the module |
Please note that the information detailed within this record is accurate at the time of publishing and may be subject to change. This record contains information for the most up to date version of the programme / module for the 2023/4 academic year.