CSC8102 : System Security
- Offered for Year: 2018/19
- Module Leader(s): Dr Changyu Dong
- Other Staff: Dr Charles Morisset
- Owning School: Computing
- Teaching Location: Newcastle City Campus
|Semester 1 Credit Value:||10|
- To instil an appreciation of the need for security in distributed environments
- To impart an understanding of security requirements and goals as well as threats and risks
- To introduce the elements of system security: cryptographic algorithms, protocols and primitives and system security concepts and mechanisms.
This course aims to introduce, largely with real-life case studies, how security technology has failed in the real world, and what lessons security engineers can learn from these failures to build robust secure systems. We examine not only security failures due to failure of technical mechanisms, but also those due to failure of usability and incentives.
Outline Of Syllabus
1. Review of foundations: Computer security, Shannon theory, and modern cryptography
2. Security engineering methodology: threat model, security policy and protection mechanisms
3. Real-world security failure due to lack or failure of technical mechanisms
a. Smashing the stack, worms, spywares, etc.
b. Attacks on security protocols: replay, oracle, interleave, algebraic, cryptanalytic
c. Misuse of cryptography
d. Side channel attacks
e. Attacks on physical security measures
4. Security failure due to usability
a. ATM machine case: money or card first?
b. "Why Johnny can’t encrypt": user interface in security systems
c. The Cambridge passwords experiment
d. Differences between engineering expectation and user utilisation: what engineers expect to work and what users actually make to work are two different things
e. Usable security: designing secure systems that people can use
5. Security failure due to failure of motivation
a. Distributed denial of service, tragedy of the commons, and motivation failure
b. Incentive-compatible security system design
|Guided Independent Study||Assessment preparation and completion||24||1:00||24:00||Lecture follow-up|
|Scheduled Learning And Teaching Activities||Lecture||24||1:00||24:00||Lectures|
|Guided Independent Study||Assessment preparation and completion||28||0:30||14:00||Revision for end of semester exam & exam duration|
|Scheduled Learning And Teaching Activities||Practical||6||1:00||6:00||Practicals|
|Guided Independent Study||Project work||12||1:00||12:00||Coursework|
|Guided Independent Study||Independent study||20||1:00||20:00||Background reading|
Teaching Rationale And Relationship
Lectures will be used to introduce the learning material and for demonstrating the key concepts by example. Students are expected to follow-up lectures within a few days by re-reading and annotating lecture notes to aid deep learning.
This is a very practical subject, and it is important that the learning materials are supported by hands-on opportunities provided by practical classes. Students are expected to spend time on coursework outside timetabled practical classes.
Students aiming for 1st class marks are expected to widen their knowledge beyond the content of lecture notes through background reading.
Students should set aside sufficient time to revise for the end of semester exam.
The format of resits will be determined by the Board of Examiners
|Report||1||M||34||1500 words, plus listings and formal documentation. Total 10 pages max.”|
Assessment Rationale And Relationship
The written examination is an appropriate way to assess knowledge of the theoretical underpinnings and practical skills on small-scale problems. The coursework assessment gives an opportunity to assess practical skills on a more realistic and open-ended problem.
The examination involves the correct interpretation and analysis of formal models. Its duration is set to allow time for this to be done accurately.
Study abroad students may request to take their exam before the semester 1 exam period, in which case the length of the exam may differ from that shown in the MOF.
N.B. This module has both “Exam Assessment” and “Other Assessment” (e.g. coursework). If the total mark for either assessment falls below 40%, the maximum mark returned for the module will normally be 40%.