Unit information: Applied Security in 2011/12

Please note: you are viewing unit and programme information for a past academic year. Please see the current academic year for up to date information.

Unit name Applied Security
Unit code COMS30901
Credit points 10
Level of study H/6
Teaching block(s) Teaching Block 2 (weeks 13 - 24)
Unit director Dr. Page
Open unit status Not open
Pre-requisites

COMS30124

Co-requisites

Other units within the “cryptography and security” theme.

School/department Department of Computer Science
Faculty Faculty of Engineering

Description including Unit Aims

The aim of this unit is to introduce and explore the implementation and deployment of secure systems, focussing on their cryptographic aspects in particular. It offers a different perspective on what it means for something to be “secure” (e.g., stressing the importance of secure implementation techniques), and the difficulty of deploying systems in which cryptography is used (e.g., stressing the need for secure building blocks such as random number generators). Students completing the unit should get hands-on experience with modern, industrially relevant attack techniques and associated countermeasures, and opportunity to integrate content from other units in the programme within whole secure systems rather than disjoint components.

The aim of this unit is to introduce and explore the implementation and deployment of secure systems, focussing on their cryptographic aspects in particular. It offers a different perspective on what it means for something to be “secure” (e.g., stressing the importance of secure implementation techniques), and the difficulty of deploying systems in which cryptography is used (e.g., stressing the need for secure building blocks such as random number generators). Students completing the unit should get hands-on experience with modern, industrially relevant attack techniques and associated countermeasures, and opportunity to integrate content from other units in the programme within whole secure systems rather than disjoint components.

The syllabus will include (but is not limited to):

  • Passive information leakage
  • Classic side-channel attacks (e.g., time, power-analysis, electromagnetic emanation).
  • Micro-architectural side-channels (e.g., cache attacks).
  • Attacks based on information-flow and error messages.
  • Active manipulation and fault injection
  • Hardware-oriented fault attacks (e.g., clock glitches, memory faults).
  • Software-oriented fault attacks (e.g., buffer overflows, SQL injection).
  • Data remanents (e.g., “cold boot” attacks).
  • Secure building blocks and protocols
  • issues of random number generation.
  • Modern protocols (e.g., IPSec, SSL/TLS, SSH, GSM).
  • Case-studies and example systems
  • Security critical infrastructure (e.g., trusted computing, WEP).
  • Dissecting real systems (e.g., access control, electronic voting).

Intended Learning Outcomes

On successful completion of this unit, students will be able to:

  • understand state-of-the-art attack and countermeasure techniques, and both select and apply the right one for a given task,
  • reason about the security of a system in an “end to end” manner, i.e., from the theoretical underpinnings to the concrete implementation,
  • use case-study and practical experience to avoid pitfalls in deployment and configuration of secure systems.

Teaching Information

Roughly 3/4 of teaching is in lecture and taught laboratory or problem class format; we expect that the laboratory format will include non-assessed worksheets, and worked examples which are not appropriate to a traditional lecture format.

Assessment Information

Assessment for the unit is 30% via coursework assignments (primarily technical and programming exercises rather than written essays) and 70% via a 2-hour examination.

The idea is to distinguish the level-3 and level-M units via different assessment; we envisage the coursework assessments comprising a portfolio of 2 assignments (from 4 options) for the level-3 students, and 3 assignments (from 4 options) for the level-M students. Further, we envisage a common core for the exam (say part 1) and a split between level-3 and level-M students (for part 2). This acts to balance the teaching load, while satisfying advanced assessment criteria for the level-M students.

Reading and References

  • R. Anderson. Security Engineering. John Wiley & Sons, 2008. ISBN: 9780470068526.
  • N. Ferguson, B. Schneier and T. Kohno. Cryptography Engineering. John Wiley & Sons, 2010. ISBN: 9780470474242.

Related links