Computer Security

INFR10067: Computer Security is a Level 10 course given in Semester 1 worth 20 credits. See the Course Catalogue entry.

Mondays	10:00-10:50am	G.03, 50 George Square
Tuesdays	11:10-12:00	LHB, David Hume Tower Lecture Theatres, George Square
Thursdays	10:00-10:50am	Lecture Theater 1, Appleton Tower

The course lecturers are Myrto Arapinis and Kami Vaniea

Lecture Slides

Slides will be added below as we go along. The slides from last year will give a good idea about what's coming up. Readings are optional. Unless otherwise noted, readings are from the recommended textbook Security In Computing.

1.	19 Sept.	Introduction to the course Slides: PDF Reading: Chapter 1.1: Fundamental Concepts
2.	20 Sept.	Cyber Essentials Scheme Slides: PDF Reading: Cyber Essentials Scheme: Requirements for basic technical protection from cyber attacks 10 Steps to Cyber Security Summary and Advice Sheets
3.	22 Sept.	Network and internet vulnerabilities Slides: PDF, PowerPoint, Handout Reading: Chapter 5: Network Security 1
4.	26 Sept.	Network protections Slides: PDF, Handout Reading: Chapter 6: Network Security 2 Alternative reading: Chapter 8.5 in Computer Networks
5.	27 Sept.	Networking and privacy Slides: PDF, Handout Reading: Original TOR Paper (optional)
6.	29 Sept.	Usable security Slides: PDF, Handout Reading: Chapter 1.4: Implementation and Usability Issues A Framework for Reasoning Ab out the Human in the Loop by Lorrie Faith Cranor
7.	3 Oct.	Usable security Slides: PDF, Handout Reading: Research paper:The True Cost of Unusable Password Policies: Password Use in the Wild by Philip Inglesant and M. Angela Sasse Hour YouTube Video on Password Usability: Passwords 2015 Keynote 2: Angela Sasse
8.	4 Oct.	Cryptography - Introduction Slides: PDF Reading: Chapter 8.1.1: Attacks Chapter 8.1.2: Substitution ciphers
9.	6 Oct.	Cryptography - Stream ciphers Slides: PDF Reading: Chapter 8.1.3: One-time pads Chapter 8.1.4: Pseudo-random number generators
10.	10 Oct.	Cryptography - Block ciphers Slides: PDF Reading: Chapter 8.1.6: The Advanced Encryption Standard (AES) Chapter 8.1.7: Modes of operation Chapter 8.5.1: Details for AES
11.	11 Oct.	Cryptography - Hashes and MACs Slides: PDF Reading: Chapter 8.3: Cryptographic hash functions
12.	13 Oct.	Cryptography - Asymmetric ciphers Slides: PDF Reading: Chapter 8.2: Public-key cryptography
13.	17 Oct.	Cryptography - Digital signatures Slides: PDF Reading: Chapter 8.4: Digital signatures
14.	18 Oct.	Public Key Infrastructure Slides: PDF Reading: from Cryptography and Network Security - Principles and Practice, by William Stallings Chapter 14.3 - Distrbution of Public Keys Chapter 14.4 - X.509 Certificates Chapter 14.5 - Public Key Infrastructure
15.	20 Oct.	Cryptographic protocols - Introduction Slides: PDF Reading: Using encryption for authentication in large networks of computers. N. Roger and M. Schroeder. Communications of the ACM (December 1978) An attack on the Needham-Schroeder public key authentication protocol. G. Lowe. Information Processing Letters (November 1995)
16.	24 Oct.	(More) cryptographic protocols Slides: PDF Reading: A Traceability Attack Against e-Passports. T. Chothia and V. Smirnov. 14th International Conference on Financial Cryptography and Data Security (2010)
17.	25 Oct.	Guest lecture, Petros Wallden (UoE) - Cryptography in a quantum world Slides: PDF
18.	27 Oct.	Cryptographic protocols - the TLS protocol Slides: PDF
19.	31 Oct.	Cryptographic protocols - anonymous communications Slides: PDF
20.	1 Nov.	Cryptographic protocols - anonymous communications Slides: PDF
21.	3 Nov.	Passwords Reading: How to store your users' passwords safely
22.	7 Nov.	Overview of how websites work Slides: PDF Reading: Chapter 7.1: The World Wide Web
23.	8 Nov.	Server-side attacks: injection attacks Slides: PDF Reading: Chapter 7.3: Attacks on Servers
24.	10 Nov.	Client-side attacks: CSRF and XSS attacks Slides: PDF Reading: Chapter 7.2: Attacks on Clients
25.	14 Nov.	Guest lecture, Kit Patterson (KAL) - Security in the ATM world
26.	15 Nov.	Client-side attacks: CSRF and XSS attacks Slides: PDF Reading: Chapter 7.2: Attacks on Clients
27.	17 Nov.	Client-side attacks: CSRF and XSS attacks Slides: PDF Reading: Chapter 7.2: Attacks on Clients
28.	21 Nov.	Buffer overflow attacks Slides: PDF Reading: Chapter 3.1: Operating Systems Concepts
29.	22 Nov.	Guest lecture, Scott F. Alexander (J. P. Morgan)
30.	24 Nov.	Buffer overflow attacks Slides: PDF Reading: Chapter 3.4: Application Program Security
31.	28 Nov.	Guest lecture, Georgios Panagiotakos (UoE): Bitcoin Slides: PDF
32.	29 Nov.	Revision lecture
33.	29 Nov.	Revision lecture

These are lecture slides, not comprehensive notes. You should supplement the slides with notes taken in lectures, and from your own reading. References and specific reading recommendations are given in slides, further guidance is given in lectures. The examinable material consists of what is covered in lectures, tutorials and practicals (unless specifically excluded) and the reading recommended in lectures.

Course resources

Recommended textbook: Introduction to Computer Security by Michael Goodrich and Robert Tamassia Pearson
Additional reading & other references.

Tutorials and Labs

Update: Tutorials now start in week 4. Tutorials and labs are interleaved. If you were at the week 3 Monday tutorial you do not need to attend tutorial in week 4 as we will be going over the same content.

There are worksheets for the tutorials and labs which will be issued beforehand. You should try each worksheet before the tutorial meeting.

Doodle poll to sign up for tutorials

The following tutorial groups exist.

Mondays 12:00-13:00 in Forest Hill 3.D01
Tuesdays 9:00-10:00 in Forest Hill 3.D01
Wednesdays 11:00-12:00 Forest Hill in 3.D01
Fridays 10:00-11:00 in Forest Hill 3.D01

Week 4 - Tutorial 1
Week 5 - Lab 1
Week 6 - Tutorial 2
Week 7 - Lab 2
Week 8 - Tutorial 3
Week 9 - Lab 3
Week 11 - Lab 4

Tutorials are based on question sheets which you should use to help guide your own study for the course. Solutions will be issued a while after the question sheets so you can measure your progress. There is not enough time to cover all topics; you should aim to cover remaining topics to a similar depth of knowledge.

Coursework Exercises

There are two assessed coursework exercises, each worth 12.5% of the final mark.

Coursework 1: Web application and system security
- Coursework document
- Frequently Asked Questions
- Due Friday 28st October at 16:00
Coursework 2: Password cracking
- Coursework document
- (unmarked) Due Friday 9th December 16:00
Coursework 3: Buffer overflow attacks
- Coursework document
- Vulnerable programs source code
- Due Monday 5th December 16:00

Exams

Past papers are on the ITO pages.
The only solutions available are those already published.
Older exams include questions on "BAN logic" which has since been removed from the syllabus.

Documents above are in PDF format. Comments, suggestions, corrections are welcomed.
To print course materials, make sure your PDF reader has the correct page size and orientation.

Copyright: except where stated, lecture notes and other course materials are Copyright (C) School of Informatics, University of Edinburgh, and respective authors. Lecture slides prepared by David Aspinall and Myrto Arapinis with additions by Mike Just and Julian Bradfield.
Please respect our rights over this material and contact us if you want to use it in another context.

Home : Teaching : Courses : Cs