1. CRITICALLY DISCUSS THE PRINCIPLES AND CONCEPTS INVOLVED IN THE SECURING OF COMPUTER SYSTEMS BOTH STAND-ALONE AND NETWORKS BASED.

Communication, Knowledge & Understanding

2. SPECIFY, DESIGN AND JUSTIFY THE DESIGN DECISIONS OF AN EXEMPLAR COMPONENT OF A SECURITY SYSTEM.

Application, Problem Solving

3. CRITICALLY EVALUATE VARIOUS TECHNIQUES USED IN EXEMPLAR SECURITY SYSTEMS.

Analysis, Learning

4. CRITICALLY DISCUSS THE PRINCIPLES AND CONCEPTS THAT UNDERPIN MALICIOUS SOFTWARE AND SOFTWARE BASED ATTACKS.

Communication, Knowledge & Understanding

5. CRITICALLY EVALUATE VARIOUS TECHNIQUES USED IN THE DEFENCE OF COMPUTER SYSTEMS AGAINST MALICIOUS SOFTWARE AND SOFTWARE BASED ATTACKS.

Analysis, Learning

6. CRITICALLY DISCUSS THE ETHICAL AND LEGAL ISSUES INVOLVED IN SECURITY OF COMPUTER SYSTEMS AND THE SOCIAL AND COMMERCIAL IMPACT OF MALICIOUS SOFTWARE AND SOFTWARE BASED ATTACKS.

Analysis, Communication

Assignment 1, weighted at 50% (learning outcomes 1, 2, 3 and 6)
A report of 3000 words detailing underpinning research, evaluation and design of a component of a given security system

Assignment 2, weighted at 50% (Learning Outcomes 4, 5 and 6)
A report of 3000 words detailing research into exemplar malicious software and defensive measures against such software

- Principles of computer and information security. Cryptography mechanisms and encryption standards, Security Protocols, Access Control, Authentication and Authorisation, Operating System protection mechanisms. Database security. Network configuration and security. Securing e-business. Security models. Human factors in security. Security policies and planning. Legal and ethical issues. Globalisation of threats and security issues and responses.

- Self-replicating and infecting software - structure/operation and techniques for attack detection, prevention and damage limitation. Defences and tools - e.g. security scanners, file integrity checkers, application of cryptography, antivirus tools and techniques.
- Attack patterns and strategies for breaking code. Reconnaissance, scanning, unauthorised access through application software, operating system and network attacks and exploits, denial of service attacks, Backdoors and RootKits. Reverse engineering.
- Software security testing Secure initialisation, validation, limit and error handling.
- Social and commercial impact of attacks and infection by malicious software.

Computer systems store, process and communicate a wide variety of data. Much of this data is private. Illegal access to this data can be very expensive to the legitimate owner of the data. Securing computer systems against malicious attack or even against inadvertent damage is vital to any computer system. This module will cover the fundamental ideas behind computer system security, both at the technical level, but also at the level of general policy/strategy. It will look at computer system security both in stand-alone computer systems and very importantly over networks. It will examine software that is explicitly designed to attack computer systems and the methods employed to exploit weaknesses in

software in order to access and/or damage a computer system without the right to do so. It examines ways in which software construction and testing can be made more secure against such attacks and how computer systems can be organised to prevent and reduce the risk from such attacks. However, this module will NOT teach you how to write viruses as such and will NOT give you information about specific attacks against specific targets except as examples and where these are now in the public

domain and the relevant security weakness has been fixed.

Directed reading and research. The tutorial/practical session will be scheduled in an appropriate virtual environment. 39 lecture hours and 13 tutorial/practical hours

Essential:

Analyzing Computer Security, Pfleeger, C.P., S. L. Pfleeger, 2011, Pearson, 1st edition, ISBN: 978-0132839402

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, Ligh, M., S. Adair, B. Hartstein, M. Richard, 2010, Wiley, ISBN: 978-0470613030

Grey Hat Hacking, Harper, A, S. Harris, J. Ness, C. Eagle, G. Lenkey, T. Williams, 2011, McGraw-Hill, ISBN: 978-0071742559

The Art of Computer Virus Research and Defence, Szor, P., 2005, Addison Wesley, ISBN:0321304543

OECD, Computer Viruses and other Malicious Software, OECD, 2009, ISBN: 978-9264056503

Background:
Computer Security, Gollmann, D., 2010, Wiley, 3rd edition, ISBN: 978-0470741153

Modern Malicious Software: Taxonomy and Advanced Detection Methods, Volynkin, A., 2009, VDM Verlag, ISBN: 978-3639122954

Prior study of a level 4 introductory programming module and a level 4 introductory hardware and system software module and a level 4 mathematics module.