Undergraduate Course: Computer Security (INFR09025)
Course Outline
| School | School of Informatics |
College | College of Science and Engineering |
| Course type | Standard |
Availability | Available to all students |
| Credit level (Normal year taken) | SCQF Level 9 (Year 3 Undergraduate) |
Credits | 10 |
| Home subject area | Informatics |
Other subject area | None |
| Course website |
http://course.inf.ed.ac.uk/cs |
Taught in Gaelic? | No |
| Course description | Computer Security is concerned with the protection of computer systems and their data from threats which may compromise integrity, availability, or confidentiality; the focus is on threats of a malicious nature rather than accidental. This course aims to give a broad understanding of computer security. Topics include security risks, attacks, prevention and defence methods; techniques for writing secure programs; an overview of the foundations for cryptography, security protocols and access control models. |
Entry Requirements (not applicable to Visiting Students)
| Pre-requisites |
|
Co-requisites | |
| Prohibited Combinations | Students MUST NOT also be taking
Informatics Research Review (INFR11034)
|
Other requirements | This course is open to all Informatics students including those on joint degrees. For external students where this course is not listed in your DPT, please seek special permission from the course organiser.
For some parts of the course, good mathematical ability and basic understanding of logic (predicate calculus) are highly desirable. An ability to program in Java may be assumed for practical exercises. |
| Additional Costs | None |
Information for Visiting Students
| Pre-requisites | None |
| Displayed in Visiting Students Prospectus? | Yes |
Course Delivery Information
|
| Delivery period: 2013/14 Semester 2, Available to all students (SV1)
|
Learn enabled: No |
Quota: None |
|
Web Timetable |
Web Timetable |
| Course Start Date |
13/01/2014 |
| Breakdown of Learning and Teaching activities (Further Info) |
Total Hours:
100
(
Lecture Hours 20,
Seminar/Tutorial Hours 4,
Summative Assessment Hours 2,
Programme Level Learning and Teaching Hours 2,
Directed Learning and Independent Learning Hours
72 )
|
| Additional Notes |
|
| Breakdown of Assessment Methods (Further Info) |
Written Exam
75 %,
Coursework
25 %,
Practical Exam
0 %
|
| Exam Information |
| Exam Diet |
Paper Name |
Hours & Minutes |
|
| Main Exam Diet S2 (April/May) | | 2:00 | | | Resit Exam Diet (August) | | 2:00 | |
Summary of Intended Learning Outcomes
1 - recognise the security threats against computer systems, and have at least a high-level idea of the ways to address them;
2 - apply techniques and design principles underlying security solutions, including aspects of cryptography and security protocols;
3 - be able to analyse simple security protocols using a formal method;
4 - be able to use the World Wide Web to research the latest security alerts and information.
|
Assessment Information
Written Examination 75
Assessed Assignments 25
Oral Presentations 0
Assessment Information
Two exercises. One involving programming such as implementing application-level security features using Java's security APIs or finding and fixing security flaws in a web application written in a scripting language such as Python. The other exercise will be written, requiring solving exercises in cryptography, protocols and network security.
If delivered in semester 1, this course will have an option for semester 1 only visiting undergraduate students, providing assessment prior to the end of the calendar year. |
Special Arrangements
| None |
Additional Information
| Academic description |
Not entered |
| Syllabus |
* Introduction and background. Risks and attacks: to privacy (theft, surveillance); integrity (fraud); availability (vandalism, denial of service). Additional security properties: authentication, accountability.
* Cryptography: basic functional foundations. Symmetric algorithms, for example: DES, Rijndael, RC4
* Public key cryptography. Algorithms including RSA, ElGamal. Hash functions, including SHA-1. Digital signatures and certificates.
* Authentication: mechanisms and attacks. Protocols for authentication and key exchange, including Needham-Schroeder, Otway-Rees, Kerberos, Diffie-Hellman.
* Formal approaches, including Burrows-Abadi-Needham logic for authentication and its application to security protocol analysis.
* Malicious code and network defences: Trojan horses, viruses and worms, attacks on faulty code. Auditing, intrusion detection, alarms and honey pots.
* Security engineering: security policy models, multi-level systems. Secure kernels and trusted computing bases. Anatomy of attacks, risk assessment, attack trees.
* Present internet technologies, for example: PGP, SSL, SSH, SMIME, DNSSEC, IPsec, firewalls and VPNs. The Java Security Model and security programming in Java.
* Copyright protection. Secure hardware and tamper resistance. Steganography and covert communication. Anonymity.
* Security futures, real-world issues. Topics chosen from: web security, e-commerce and e-cash; legalities; export control, key escrow; information warfare and cyber terrorism; human factors. Recent research areas.
Relevant QAA Computing Curriculum Sections: Security and Privacy |
| Transferable skills |
Not entered |
| Reading list |
* Ross Anderson, 'Security Engineering', 2nd Edition, John Wiley & Sons, 2008
* Dieter Gollman, 'Computer Security', John Wiley & Sons, 1999
* Nigel Smart, 'Cryptography: An Introduction', McGraw-Hill, 2003
|
| Study Abroad |
Not entered |
| Study Pattern |
Lectures 20
Tutorials 4
Timetabled Laboratories 0
Non-timetabled assessed assignments 24
Private Study/Other 52
Total 100 |
| Keywords | Not entered |
Contacts
| Course organiser | Mr Vijayanand Nagarajan
Tel: (0131 6)51 3440
Email: vijay.nagarajan@ed.ac.uk |
Course secretary | Miss Claire Edminson
Tel: (0131 6)51 7607
Email: C.Edminson@ed.ac.uk |
|
© Copyright 2013 The University of Edinburgh - 13 January 2014 4:26 am
|
University Homepage