The information for the course is now on Learn .

Computer Security 2017

INFR10067: Computer Security is a Level 10 course given in Semester 1 worth 20 credits. See the Course Catalogue entry.

Mondays	12:10-13:00	Lecture Theater 5, Appleton Tower
Tuesdays	11:10-12:00	H.R.B Lecture Theatre, Robson Building, Central
Thursdays	10:00-10:50am	G.07 Meadows Lecture Theatre - Doorway 4, Medical School, Teviot, Central

The course lecturers are Myrto Arapinis and Kami Vaniea

Lecture Slides

Slides will be added below as we go along. The slides from last year will give a good idea about what's coming up. Readings are optional. Unless otherwise noted, readings are from the recommended textbook Security In Computing.

1.	18 Sept.	Introduction to the course Slides: PDF Reading: Chapter 1.1: Fundamental Concepts
2.	19 Sept.	Cyber Essentials and Threat Modeling Slides: PDF Reading: Cyber Essentials Scheme: Requirements for basic technical protection from cyber attacks 10 Steps to Cyber Security Summary and Advice Sheets
3.	21 Sept.	Network and internet vulnerabilities Slides: PDF Reading: Chapter 5: Network Security 1
4.	25 Sept.	Network protections Slides: PDF Reading: Chapter 6: Network Security 2
5.	26 Sept.	Network and privacy Slides: PDF Reading: Chapter 6: Network Security 2
6.	28 Sept.	Network and privacy Slides: Finished prior lecture slides and HTTPS Explained. Reading: Original TOR paper (optional)
7.	02 Oct.	Cryptography - Stream ciphers Slides: PDF Reading: Chapter 8.1.3: One-time pads Chapter 8.1.4: Pseudo-random number generators
8.	03 Oct.	Cryptography - Block ciphers Slides: PDF Reading: Chapter 8.1.6: The Advanced Encryption Standard (AES) Chapter 8.1.7: Modes of operation Chapter 8.5.1: Details for AES
9.	05 Oct.	Cryptography - Hash functions and MACs Slides: PDF Reading: Chapter 8.3: Cryptographic hash functions
10.	09 Oct.	Cryptography - Hash functions and MACs Slides: Finished prior lecture slides Reading: Chapter 8.3: Cryptographic hash functions
11.	10 Oct.	Cryptography - Asymmetric encryption Slides: PDF Reading: Chapter 8.3: Public-key cryptography Additional reading: Chapter 8.5.2: Details for RSA
12.	12 Oct.	Cryptography - Asymmetric encryption Finished prior lecture slides Reading: Chapter 8.3: Public-key cryptography Additional reading: Chapter 8.5.2: Details for RSA
13.	16 Oct.	Cryptography - Digital signatures and PKI Slides: PDF Slides: PDF Reading: Chapter 8.4: Digital signatures From Cryptography and Network Security - Principles and Practice, by William Stallings Chapter 14.3 - Distribution of Public Keys Chapter 14.4 - X.509 Certificates Chapter 14.5 - Public Key Infrastructres
14.	17 Oct.	Cryptographic protocols - Introduction Slides: PDF Reading: Using encryption for authentication in large networks of computers. R. Needham and M. Schroeder. Communications of the ACM (December 1978) An attack on the Needham-Schroeder public key authenticatoin protocol. G. Lowe. Information Processing Letters (November 1975)
15.	19 Oct.	Cryptographic protocols - More cryptographic protocols Slides: PDF
16.	23 Oct.	Usable Security Slides: Usable Security Reading: Additional reading:
17.	24 Oct.	Usable Security 2 Slides: Usable Security Cont. Slides: Communicating With Users Reading: Additional reading:
18.	26 Oct.	Authentication Slides: Authentication Reading: Additional reading:
19.	30 Oct.	SSL/TLS Slides: PDF
20.	31 Oct.	Anonymity protocols Slides: PDF
21.	02 Nov.	Anonymity protocols Slides: PDF
22.	06 Nov.	Memory Safety Slides: PDF Reading: Chapter 3.1: Operating Systems Concepts
23.	07 Nov.	Memory Safety Slides: PDF Reading: Chapter 3.4: Application Program Security
24.	09 Nov.	Memory Safety Slides: PDF Reading: Chapter 3.4: Application Program Security
25.	13 Nov.	Web security: web basics Slides: PDF Reading: Chapter 7.1: The World Wide Web
26.	14 Nov.	Web security: server-side attacks Slides: PDF Reading: Chapter 7.3: Attacks on servers
27.	16 Nov.	Web security: server-side attacks Slides: PDF Reading: Chapter 7.3: Attacks on servers
28.	20 Nov.	Web security: client-side attacks Slides: PDF Reading: Chapter 7.2: Attacks on clients
29.	21 Nov.	Web security: client-side attacks Slides: Continued prior lecture slides Reading: Chapter 7.2: Attacks on clients
30.	23 Nov.	Web security: client-side attacks Slides: Continued prior lecture slides Reading: Chapter 7.2: Attacks on clients
31.	27 Nov.	Guest lecture, Petros Wallden (UoE): Cybersecurity in the Quantum Era Slides: PDF
32.	28 Nov.	Guest lecture, Orfeas Stefanos Thyfronitis Litos (UoE): Bitcoin Slides: PDF

These are lecture slides, not comprehensive notes. You should supplement the slides with notes taken in lectures, and from your own reading. References and specific reading recommendations are given in slides, further guidance is given in lectures. The examinable material consists of what is covered in lectures, tutorials and practicals (unless specifically excluded) and the reading recommended in lectures.

Course resources

Recommended textbook: Introduction to Computer Security by Michael Goodrich and Robert Tamassia Pearson
Additional reading & other references.

Tutorials and Labs

There are worksheets for the tutorials and labs which will be issued beforehand. You should try each worksheet before the tutorial meeting.

Tutorial 1: VM setup for CW1 and fun with firewalls
- Introduction to Unix - The University primer for how to operate a command line and common Unix commands.
Tutorial 2 - Cryptography: exercise sheet and solutions
Tutorial 3 - Cryptography: exercise sheet and solutions
Tutorial 4 - Passwords: handed out in tutorial
Tutorial 5 - Cryptographic protocols: exercise sheet and solutions
Tutorial 6 - GDB debugger how to: exercise sheet
Tutorial 7 - Web security: exercise sheet
Tutorial 8 - Web security: exercise sheet

Tutorials are based on question sheets which you should use to help guide your own study for the course. Solutions will be issued a while after the question sheets so you can measure your progress. There is not enough time to cover all topics; you should aim to cover remaining topics to a similar depth of knowledge.

Coursework Exercises

There are two assessed coursework exercises, each worth 12.5% of the final mark.

Coursework 1: Networking
- Coursework document
- Frequently Asked Questions
- Due Monday 16th October at 16:00
Coursework 2: Cryptography
- Coursework document
- Due Thursday 2nd November at 17:00
Coursework 3: Software security and binary attacks
- Coursework document
- Due ~~Monday 27th November at 16:00~~ Wednesday 29th November at 10:00

Exams

Past papers are on the ITO pages.
The only solutions available are those already published.
Older exams include questions on "BAN logic" which has since been removed from the syllabus.

Documents above are in PDF format. Comments, suggestions, corrections are welcomed.
To print course materials, make sure your PDF reader has the correct page size and orientation.

Copyright: except where stated, lecture notes and other course materials are Copyright (C) School of Informatics, University of Edinburgh, and respective authors. Lecture slides prepared by David Aspinall, Myrto Arapinis, and Kami Vaniea with additions by Mike Just and Julian Bradfield.
Please respect our rights over this material and contact us if you want to use it in another context.

Home : Teaching : Courses : Cs