Next: CS/SE Individual Practical
Up: Descriptions of Courses and
Previous: Computer Design
Contents
Subsections
Here are links to the
course home page
and
the formal TQA
description.
In the current session 04-05, Computer Security is listed as a level 10
course so that it may be taken as a CS4 course. However, it is primarily
a CS3 course - no special permissions are required to
take it, as would normally be needed for level 10 courses. Note that (i)
in the next session 05-06 Computer Security will be a level 9 course,
so will not be available to next year's CS4; and (ii) since it
is a level 10 course this year, the coursework may be slightly more
challenging than other CS3 courses.
Computer Security is concerned with the protection of computer systems and their data from threats which may compromise integrity, availability, or confidentiality; the focus is on threats of a malicious nature rather than accidental. This course aims to give a broad understanding of computer security. Topics range from security risks, attacks, prevention and defence, through some current technology solutions, and down to formal approaches to validating security protocols and the mathematical principles underlying cryptography and cryptographic algorithms.
- Introduction and background. Risks and attacks: to privacy (theft, surveillance); integrity (fraud); availability (vandalism, denial of service). Additional security properties: authentication, accountability.
- Cryptography: basic functional foundations. Symmetric algorithms, for example: DES, Rijndael, RC4
- Public key cryptography. Algorithms including RSA, ElGamal. Hash functions, including SHA-1. Digital signatures and certificates.
- Authentication: mechanisms and attacks. Protocols for authentication and key exchange, including Needham-Schroeder, Otway-Rees, Kerberos, Diffie-Hellman.
- Formal approaches, including Burrows-Abadi-Needham logic for authentication and its application to security protocol analysis.
- Malicious code and network defences: Trojan horses, viruses and worms, attacks on faulty code. Auditing, intrusion detection, alarms and honey pots.
- Security engineering: security policy models, multi-level systems. Secure kernels and trusted computing bases. Anatomy of attacks, risk assessment, attack trees.
- Present internet technologies, for example: PGP, SSL, SSH, SMIME, DNSSEC, IPsec, firewalls and VPNs. The Java Security Model and security programming in Java.
- Copyright protection. Secure hardware and tamper resistance. Steganography and covert communication. Anonymity.
- Security futures, real-world issues. Topics chosen from: web security, e-commerce and e-cash; legalities; export control, key escrow; information warfare and cyber terrorism; human factors. Recent research areas.
Two exercises, one involving security protocol analysis, and the other involving implementing a simple application-level security feature using Java's security APIs.
References:
* Ross Anderson, Security Engineering, John Wiley & Sons, 2001
* Dieter Gollman, Computer Security, John Wiley & Sons, 1999
* Nigel Smart, Cryptography: An Introduction, McGraw-Hill, 2003
* John Viega and Gary McGraw, Building Secure Software: How to Avoid Security Problems the Right Way, Addison-Wesley, 2003
Next: CS/SE Individual Practical
Up: Descriptions of Courses and
Previous: Computer Design
Contents
Colin Stirling
2006-01-05