THE UNIVERSITY of EDINBURGH

DEGREE REGULATIONS & PROGRAMMES OF STUDY 2021/2022

Information in the Degree Programme Tables may still be subject to change in response to Covid-19

University Homepage
DRPS Homepage
DRPS Search
DRPS Contact
DRPS : Course Catalogue : School of Informatics : Informatics

Undergraduate Course: Security Engineering (INFR11208)

Course Outline
SchoolSchool of Informatics CollegeCollege of Science and Engineering
Credit level (Normal year taken)SCQF Level 11 (Year 4 Undergraduate) AvailabilityAvailable to all students
SCQF Credits10 ECTS Credits5
SummaryThis course aims to give students a thorough understanding of how to engineer security in modern systems. We discuss threat actors from nation states through cybercrime gangs to abuse by family members. We dive into detailed case studies of applications such as payment networks and vehicle systems. We analyse the protection mechanisms of platforms they rely on, such as smartcards, mobile phones and cloud systems. We work through multiple perspectives: classical systems engineering, the psychology of users good and bad, and the incentives facing different actors in the system. This enables students to take a holistic view of security as an emergent property of complex systems, and of related properties such as safety, and to understand how to manage them as systems and their environments evolve.
Course description As ever more devices participate in online systems that become ever more complex, it is ever more important,and more difficult, to manage emergent properties such as security, safety and sustainability. Security engineering is not just about individual mechanisms such as cryptography and access controls but how they work together at scale in real systems. This course will illustrate how to analyse threats and hazards systematically, evolve security policies, integrate them with safety policies and accounting standards as need be, test and certify the resulting systems, and manage their evolution as vulnerabilities are discovered or as their requirements change over time.
Over the course of 15 lectures we will study how real systems are attacked by a variety of opponents and how their defences evolve to cope. We will look in detail at important applications such as payments, home automation and vehicles. We will look at the psychology of secure design: how we can minimise the risk of attacks involving deception. We will analyse the economics of security: when service providers have adequate incentives to prevent fraud, and where market failure or poor regulation get in the way.
We will take a deep dive into the protection mechanisms of the underlying platforms, from smartcards through mobile phones to containers, and at whole ecosystems such as phone apps, cloud services and network security. By the end of the course, students should be able to analyse a security problem across the entire systems stack, from the threats and protection goals down through the application and the platforms and if need be to the hardware. They should also appreciate how security interacts with related emergent properties such as safety and sustainability.
There will also be three lectures providing feed forward and feedback, a guest lecture and two structured literature-review exercises set as coursework.
Entry Requirements (not applicable to Visiting Students)
Pre-requisites It is RECOMMENDED that students have passed Research Methods in Security, Privacy, and Trust (INFR11188) OR Computer Security (INFR10067)
Co-requisites
Prohibited Combinations Other requirements We assume a basic understanding of access controls, cryptography and security protocols, as well as of usability and distributed systems. A student who has not taken courses on these topics, and in particular anyone who has not taken either Computer Security (INFR10067) or Security, Privacy and Trust (INFR11188), must become familiar with the material by reading chapters 1-7, 9 and 11 of Ross Anderson's Security Engineering (3rd Edition) before the start of this course.
Information for Visiting Students
Pre-requisitesWe assume a basic understanding of access controls, cryptography and security protocols, as well as of usability and distributed systems. A student who has not taken courses on these topics, and in particular anyone who has not taken either Computer Security (INFR10067) or Security, Privacy and Trust (INFR11188), must become familiar with the material by reading chapters 1-7, 9 and 11 of Ross Anderson's Security Engineering (3rd Edition) before the start of this course.
High Demand Course? Yes
Course Delivery Information
Academic year 2021/22, Available to all students (SV1) Quota:  None
Course Start Semester 2
Timetable Timetable
Learning and Teaching activities (Further Info) Total Hours: 100 ( Lecture Hours 16, Feedback/Feedforward Hours 3, Summative Assessment Hours 2, Programme Level Learning and Teaching Hours 2, Directed Learning and Independent Learning Hours 77 )
Assessment (Further Info) Written Exam 70 %, Coursework 30 %, Practical Exam 0 %
Additional Information (Assessment) Written Exam 70%
Coursework 30%
Feedback Feed-forward and feedback hours will be used to give students feedback on the literature reviews. For the literature review, we will also give about one sentence of feedback on each aspect of the exercise.
Exam Information
Exam Diet Paper Name Hours & Minutes
Main Exam Diet S2 (April/May)Security Engineering (INFR11208)2:00
Learning Outcomes
On completion of this course, the student will be able to:
  1. Identify ways of attacking a real-world system, leading to a threat model, a security policy, protection goals and assurance targets.
  2. Use adversarial thinking to analyse the relationships between threats, hazards, actors and defence mechanisms.
  3. Compare and synthesise the perspectives of different system stakeholders and threat actors, using economic and psychological viewpoints as well as technical ones.
  4. Demonstrate critical thinking about unsolved problems, residual risk and emerging threats as systems scale or their environment changes.
Reading List
Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley (Third Edition 2020)
Additional Information
Graduate Attributes and Skills Not entered
KeywordsSEng,computer security,systems,cybersecurity
Contacts
Course organiserDr Sam Ainsworth
Tel:
Email: sam.ainsworth@ed.ac.uk
Course secretaryMiss Clara Fraser
Tel:
Email: clara.fraser@ed.ac.uk
Navigation
Help & Information
Home
Introduction
Glossary
Search DPTs and Courses
Regulations
Regulations
Degree Programmes
Introduction
Browse DPTs
Courses
Introduction
Humanities and Social Science
Science and Engineering
Medicine and Veterinary Medicine
Other Information
Combined Course Timetable
Prospectuses
Important Information