University of Surrey - Guildford

Registry > Module Catalogue
View Module List by A.O.U. and Level  Alphabetical Module Code List  Alphabetical Module Title List  Alphabetical Old Short Name List  View Menu 
2010/1 Module Catalogue
 Module Code: COMM024 Module Title: COMPUTER SECURITY
Module Provider: Computing Short Name: CSM27
Level: M Module Co-ordinator: SCHAATHUN H Dr (Computing)
Number of credits: 15 Number of ECTS credits: 7.5
Module Availability
Autumn Semester
Assessment Pattern
Unit(s) of Assessment
Weighting Towards Module Mark (%)
Written, unseen examination (answer two out of three questions)
Portfolio based on a selection weekly exercises. (9-10 weekly exercise sheets are given and discussed in class. Three of these papers, 2 nominated by the convener and 1 by the individual, are included in the portfolio, together with a concluding essay.)
Qualifying Conditions(s)
An aggregate ark of at least 50%
Module Overview
Security is probably the greatest challenge for computer and information systems in the near future. Many users have lost data due to viruses, both on home and business computers. Most of us have seen a range of email messages attempting different kinds of fraud. Security holes can potentially affect all of us, from innocent home users to complex corporate systems. Internet banking and e-commerce means that money is at stake, even for common people.
This module will explain some central security models and frameworks, which will be further illustrated by case studies where we get experience with real-life security problems.
Module Aims
The aim of the module is to equip the students with knowledge and theoretical skills to assess security in large systems and to incorporate security in the design process.
Learning Outcomes
At the end of the module, the students will
understand and be able to use formal models for computer security
be aware of the many security pitfalls at the various stages of systems development
be able critically to review security at each stage of the development process
Module Content
Foundations of Computer Security
Identification and Authentication
Access Control as a Case Study
Formal Models, including
- State Machine Modles
- Bell-LaPadula Model
- Chinese Weall Model
Security Evaluation
- Evaluation methodology
- The Orange Book
Software Security
- Input checking
- Broken abstractions
- Memory management and buffer overflows
Methods of Teaching/Learning
3-hour session every week for ten weeks, including c. 1hr discussion (exercise review) and c. 1.5 hrs. lecture (new material).
Weekly exercises to be completed between sessions and peer-assessed in class.
Selected Texts/Journals
Essential reading
[1] Dieter Gollmann. Computer Security. Wiley, 2nd edition, 2006.
Recommended reading
IEEE Security and Privacy (magazine)
Pay attention to module web pages for additional reading recommendations.
Supplementary reading
[2] Matt Bishop. Computer Security. Addison-Wesley, 2003.
[3] Charles P. Plfeeger and Shari Lawrence Plfeeger. Security in Computing. Prentice Hall, 4th edition, 2007.
[4] B. Schneier. Secret and Lies: Digital Security in a Networked World. Wiley, 2000.
Last Updated
Sep 2009