ÐÂÏã¸ÛÁùºÏ²Ê¿ª½±½á¹û

Aims:

The module aims at giving students a foundation in computer security, cryptography and human aspects of security. After taking the module students should be able to identify risks and security sensitive aspects of systems, where a system can range from a small and simple solution for a specific task to a full organisation including IT infrastructure and users. They will be taught this from the experience of how systems have failed in the past and by analysing systems from an adversarial viewpoint.

Students should also know core defensive techniques to prevent or mitigate attacks. They should be able to formulate a threat model for a system and reason about whether it is secure or insecure, Students should be able to deliver effective security for real-world environments: how to design and manage security in organisations to effectively protect them.

Intended learning outcomes:

On successful completion of the module, a student will be able to:

1. Understand how to formulate a threat model including the assets to be protected, the capabilities of the adversary, and reason about whether the probability the adversary may succeed.
2. Know core cryptographic methods to protect communication such as message authentication codes, digital signatures, encryption, and key exchange. Understand the security guarantees cryptographic tools provide and conversely how inappropriate use lead to vulnerabilities.
3. Understand key principles and concepts related to computer and systems security. Understand the complexities of building flexile and correct access control and authentication systems, from a technical and HCI perspective. Recognize and exploit common security vulnerabilities on hosts and networks.
4. Know that security involves people, processes and technology. Understand how security needs to fit with business goals and organisational processes to work effectivelyÌýrather than disrupt, create friction, and drain resources.
5. Know the basics of how to influence and manage security behaviours of a range of organisational stakeholders, employees, managers, developers, security specialists.

Indicative content:

The following are indicative of the topics the module will typically cover:

The module gives students a foundation in computer security, cryptography and human aspects of security. Students will study attacks against system and analyse systems from an attacker’s perspective. The module will also cover core defensive techniques and develop threat models that can be used to analyse the security of a system. The module studies specific cryptographic systems, core computer security, and security for real-world environments: how to design and manage security in organisations to effectively protect them.

Requisites:

To be eligible to select this module as an optional or elective, a student must be registered on a programme and year of study for which it is a formally available.