|
| Module Availability |
| Autumn Semester |
|
|
| Assessment Pattern |
|
Unit(s) of Assessment
|
Weighting Towards Module Mark (%)
|
|
Written, unseen examination (answer two out of three questions)
|
60%
|
|
Portfolio based on a selection weekly exercises. (9-10 weekly exercise sheets are given and discussed in class. Three of these papers, 2 nominated by the convener and 1 by the individual, are included in the portfolio, together with a concluding essay.)
|
40%
|
|
Qualifying Conditions(s)
|
An aggregate ark of at least 50%
|
|
|
|
| Module Overview |
Security is probably the greatest challenge for computer and information systems in the near future. Many users have lost data due to viruses, both on home and business computers. Most of us have seen a range of email messages attempting different kinds of fraud. Security holes can potentially affect all of us, from innocent home users to complex corporate systems. Internet banking and e-commerce means that money is at stake, even for common people.
This module will explain some central security models and frameworks, which will be further illustrated by case studies where we get experience with real-life security problems. |
|
|
| Prerequisites/Co-requisites |
|
None
|
|
|
| Module Aims |
The aim of the module is to equip the students with knowledge and theoretical skills to assess security in large systems and to incorporate security in the design process. |
|
|
| Learning Outcomes |
At the end of the module, the students will
• understand and be able to use formal models for computer security
• be aware of the many security pitfalls at the various stages of systems development
• be able critically to review security at each stage of the development process |
|
|
| Module Content |
• Foundations of Computer Security
• Identification and Authentication
• Access Control as a Case Study
• Formal Models, including
- State Machine Modles
- Bell-LaPadula Model
- Chinese Weall Model
• Security Evaluation
- Evaluation methodology
- The Orange Book
• Software Security
- Input checking
- Broken abstractions
- Memory management and buffer overflows |
|
|
| Methods of Teaching/Learning |
• 3-hour session every week for ten weeks, including c. 1hr discussion (exercise review) and c. 1.5 hrs. lecture (new material).
• Weekly exercises to be completed between sessions and peer-assessed in class. |
|
|
| Selected Texts/Journals |
Essential reading
[1] Dieter Gollmann. Computer Security. Wiley, 2nd edition, 2006.
Recommended reading
• IEEE Security and Privacy (magazine)
Pay attention to module web pages for additional reading recommendations.
Supplementary reading
[2] Matt Bishop. Computer Security. Addison-Wesley, 2003.
[3] Charles P. Plfeeger and Shari Lawrence Plfeeger. Security in Computing. Prentice Hall, 4th edition, 2007.
[4] B. Schneier. Secret and Lies: Digital Security in a Networked World. Wiley, 2000. |
|
|
| Last Updated |
| Sep 2009 |
|
