THE UNIVERSITY of EDINBURGH

DEGREE REGULATIONS & PROGRAMMES OF STUDY 2011/2012
- ARCHIVE for reference only
THIS PAGE IS OUT OF DATE

University Homepage
DRPS Homepage
DRPS Search
DRPS Contact
DRPS : Course Catalogue : School of Informatics : Informatics

Undergraduate Course: Computer Security (INFR09025)

Course Outline
SchoolSchool of Informatics CollegeCollege of Science and Engineering
Course typeStandard AvailabilityAvailable to all students
Credit level (Normal year taken)SCQF Level 9 (Year 3 Undergraduate) Credits10
Home subject areaInformatics Other subject areaNone
Course website http://www.inf.ed.ac.uk/teaching/courses/cs Taught in Gaelic?No
Course descriptionComputer Security is concerned with the protection of computer systems and their data from threats which may compromise integrity, availability, or confidentiality; the focus is on threats of a malicious nature rather than accidental. This course aims to give a broad understanding of computer security. Topics include security risks, attacks, prevention and defence methods; techniques for writing secure programs; an overview of the foundations for cryptography, security protocols and access control models.
Entry Requirements (not applicable to Visiting Students)
Pre-requisites Students MUST have passed:
Co-requisites
Prohibited Combinations Other requirements Successful completion of Year 2 of an Informatics Single or Combined Degree, or equivalent by permission of the School. For some parts of the course, good mathematical ability and basic understanding of logic (predicate calculus) are highly desirable. An ability to program in Java may be assumed for practical exercises.
Additional Costs None
Information for Visiting Students
Pre-requisitesNone
Displayed in Visiting Students Prospectus?Yes
Course Delivery Information
Delivery period: 2011/12 Semester 2, Available to all students (SV1) WebCT enabled:  No Quota:  None
Location Activity Description Weeks Monday Tuesday Wednesday Thursday Friday
CentralLecture1-11 16:10 - 17:00
CentralLecture1-11 16:10 - 17:00
First Class Week 1, Monday, 16:10 - 17:00, Zone: Central. AT LT3
Exam Information
Exam Diet Paper Name Hours:Minutes
Main Exam Diet S2 (April/May)2:00
Resit Exam Diet (August)2:00
Summary of Intended Learning Outcomes
1 - recognise the security threats against computer systems, and have at least a high-level idea of the ways to address them;
2 - apply techniques and design principles underlying security solutions, including aspects of cryptography and security protocols;
3 - be able to analyse simple security protocols using a formal method;
4 - be able to use the World Wide Web to research the latest security alerts and information.
Assessment Information
Written Examination 100
Assessed Assignments 0
Oral Presentations 0

Coursework
Two exercises, one involving implementing application-level security features using Java's security APIs and one an essay on current topics in security.

If delivered in semester 1, this course will have an option for semester 1 only visiting undergraduate students, providing assessment prior to the end of the calendar year.
Special Arrangements
None
Additional Information
Academic description Not entered
Syllabus * Introduction and background. Risks and attacks: to privacy (theft, surveillance); integrity (fraud); availability (vandalism, denial of service). Additional security properties: authentication, accountability.
* Cryptography: basic functional foundations. Symmetric algorithms, for example: DES, Rijndael, RC4
* Public key cryptography. Algorithms including RSA, ElGamal. Hash functions, including SHA-1. Digital signatures and certificates.
* Authentication: mechanisms and attacks. Protocols for authentication and key exchange, including Needham-Schroeder, Otway-Rees, Kerberos, Diffie-Hellman.
* Formal approaches, including Burrows-Abadi-Needham logic for authentication and its application to security protocol analysis.
* Malicious code and network defences: Trojan horses, viruses and worms, attacks on faulty code. Auditing, intrusion detection, alarms and honey pots.
* Security engineering: security policy models, multi-level systems. Secure kernels and trusted computing bases. Anatomy of attacks, risk assessment, attack trees.
* Present internet technologies, for example: PGP, SSL, SSH, SMIME, DNSSEC, IPsec, firewalls and VPNs. The Java Security Model and security programming in Java.
* Copyright protection. Secure hardware and tamper resistance. Steganography and covert communication. Anonymity.
* Security futures, real-world issues. Topics chosen from: web security, e-commerce and e-cash; legalities; export control, key escrow; information warfare and cyber terrorism; human factors. Recent research areas.

Relevant QAA Computing Curriculum Sections: Security and Privacy
Transferable skills Not entered
Reading list * Ross Anderson, 'Security Engineering', 2nd Edition, John Wiley & Sons, 2008
* Dieter Gollman, 'Computer Security', John Wiley & Sons, 1999
* Nigel Smart, 'Cryptography: An Introduction', McGraw-Hill, 2003
* John Viega and Gary McGraw, 'Building Secure Software: How to Avoid Security Problems the Right Way', Addison-Wesley, 2003
Study Abroad Not entered
Study Pattern Lectures 20
Tutorials 4
Timetabled Laboratories 0
Non-timetabled assessed assignments 24
Private Study/Other 52
Total 100
KeywordsNot entered
Contacts
Course organiserDr Nigel Goddard
Tel: (0131 6)51 3091
Email: Nigel.Goddard@ed.ac.uk
Course secretaryMiss Tamise Totterdell
Tel: 0131 650 9970
Email: t.totterdell@ed.ac.uk
Navigation
Help & Information
Home
Introduction
Glossary
Search DPTs and Courses
Regulations
Regulations
Degree Programmes
Introduction
Browse DPTs
Courses
Introduction
Humanities and Social Science
Science and Engineering
Medicine and Veterinary Medicine
Other Information
Timetab
Prospectuses
Important Information
 
© Copyright 2011 The University of Edinburgh - 16 January 2012 6:16 am