| Unit name | Software Security Analysis |
|---|---|
| Unit code | COMSM0169 |
| Credit points | 30 |
| Level of study | M/7 |
| Teaching block(s) |
Teaching Block 2 (weeks 13 - 24) |
| Unit director | Dr. Omoronyia |
| Open unit status | Not open |
| Units you must take before you take this one (pre-requisite units) |
None. |
| Units you must take alongside this one (co-requisite units) |
None. |
| Units you may not take alongside this one |
None. |
| School/department | School of Computer Science |
| Faculty | Faculty of Engineering |
Why is the unit important?
Software and its supporting development ecosystem are vital drivers for todays’ technological innovations and the systems that our society depends upon. When the software is badly implemented or compromised by its development process, then vulnerabilities may be introduced that ultimately results in security failure with catastrophic impact. The challenge with modern software is that these vulnerabilities are not necessarily directly visible to the developer, emerge from different sources and may have cascading impact across a sequence of software dependencies. The analysis of software implementation to monitor, detect, prevent and mitigate vulnerabilities is therefore vital countermeasure and a necessity towards achieving a resilient and secure software. This unit will equip you with practical experience and vital skills on methods, techniques and tools for analysing software.
How does this unit fit into your programme of study
This unit form part of the new MSc in Cyber Security (Software Security). It focuses on the software implementation vulnerabilities, and techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation. This unit addresses a pertinent aspect of the programme of what it means for software to be secure from different perspective of different stakeholders - including the end user, the developer, the regulator.
The unit directly draws upon the strong cyber security research activities of the Bristol Cyber Security Group (BCSG): EPSRC/NCSC Academic Centre of Excellence in Cyber Security Research (ACE-CSR); leading EPSRC CDT in Cyber Security (focusing on cybersecure everywhere and achieving Trust, Identity, Privacy and Security in Large-scale Infrastructures) and National Cybersecurity Programme Cybersecurity Body of Knowledge (CyBOK - part of DCMS strategy on professionalisation in cybersecurity), UKRI National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online (REPHRAIN); leading multiple research projects in major national institutes and centres: Research Institute on Sociotechnical Cyber Security (RISCS), Research Institute in Trustworthy Interconnected Cyber-Physical Systems (RITICS), National Centre of Excellence on Cyber Security of IoT (PETRAS), and UK Research Hub on Digital Security by Design (Discribe). The Unit also leverages BCSG’s expertise on delivering MEng level System and Software Security unit, which is highly appreciated by the students.
An overview of content
Topics will include:
How will students, personally, be different as a result of the unit
At the end of this unit, you would gain knowledge of a wide range of categories of vulnerabilities, how they creep into code and the lifecycle of the software system they impact. You would achieve analytical skills that are necessary for vulnerability detection, prevention and mitigation. Students will also develop their individual analytical and problem-solving skills by applying their knowledge to a substantial case study as a part of their individual assignment.
Learning Outcomes
At the end of this unit, students will
The unit will be delivered through lectures, labs and office hours.
In the event of a return to fully remote teaching due to COVID-19 we will adopt the University’s recommended blend of synchronous, asynchronous and on-campus (where possible) sessions.
Asynchronous sessions are designed for students to access in their own time and are made up of a structured sequence of inputs and activities. Synchronous sessions are delivered live and will include opportunities for interaction, for example, tasks, quick polls or chat) to support and encourage student engagement. Synchronous sessions will be recorded, where possible, for those unable to attend. Peer to peer interaction and group work will remain key elements of the unit. For lab work, on-campus will be prioritised, however, where that is not feasible this will be adapted to suit available software. For specialised activity, Bristol Cyber Security Group host an isolated VPN network that sits alongside that of the main university. This VPN can be used across any units that require specific services that cannot be replicated at home.
Tasks which help you learn and prepare you for summative tasks (formative):
Weekly lab sessions and workbook; Extension exercises. This will include both group work and individual work.
Tasks which count towards your unit mark (summative):
Coursework (100%), comprising Group work (40%) & Individual work (60%)
For group work, each student will be required to submit a reflective log (max. 500 words) reflecting on their learning, their contributions and that of other group members. These reflective logs will be used by markers to evaluate group dynamics and contributions.
When assessment does not go to plan
If students do not pass an individual assessment, an equivalent (different) assessment will be set by the unit director.
For group work, if the reflective logs highlight an unequal contribution by the students and therefore it would be unfair to award all students within the group the same mark, the marker will hold a meeting with relevant students to assess their understanding of the topic. Where extenuating circumstances mean that a student cannot participate in this summative group work, an equivalent piece of work will be set which would require an in-depth study of two contrasting approaches from literature through their application to a suitably sized case study and a report.
As the formative assessments in each of the units involve group work the students will still be able to gain relevant group work skills and meet the programme level ILOs even if they cannot complete a summative group work assessment in group work mode due to extenuating circumstances.
If this unit has a Resource List, you will normally find a link to it in the Blackboard area for the unit. Sometimes there will be a separate link for each weekly topic.
If you are unable to access a list through Blackboard, you can also find it via the Resource Lists homepage. Search for the list by the unit name or code (e.g. COMSM0169).
How much time the unit requires
Each credit equates to 10 hours of total student input. For example a 20 credit unit will take you 200 hours
of study to complete. Your total learning time is made up of contact time, directed learning tasks,
independent learning and assessment activity.
See the University Workload statement relating to this unit for more information.
Assessment
The assessment methods listed in this unit specification are designed to enable students to demonstrate the named learning outcomes (LOs). Where a disability prevents a student from undertaking a specific method of assessment, schools will make reasonable adjustments to support a student to demonstrate the LO by an alternative method or with additional resources.
The Board of Examiners will consider all cases where students have failed or not completed the assessments required for credit.
The Board considers each student's outcomes across all the units which contribute to each year's programme of study. For appropriate assessments, if you have self-certificated your absence, you will normally be required to complete it the next time it runs (for assessments at the end of TB1 and TB2 this is usually in the next re-assessment period).
The Board of Examiners will take into account any exceptional circumstances and operates
within the Regulations and Code of Practice for Taught Programmes.
