Computer security module questionnaire

Computer Security
Questionnaire - Results
March 2004

Please rate each of the topics presented by MDR, according to its appropriateness for inclusion in the module.
0 = very inappropriate, I already knew the content, or I thought the content boring or irrelevant
4 = very appropriate; I did not previously know the content, and I think it is fundamental to a course in computer security.

Number of votes	n/a	2	3	4
Introduction/overview: threats, risk, vulnerabilities and impact	0	5	7	10
Symmetric key encryption	0	3	9	10
Secure one-way hash functions	0	5	14	3
Public key encryption	0	2	8	12
Secure protocols	0	4	8	10
Key certificates and PGP	1	7	7	7
Trusted Computing and NGSCB	0	12	4	6

Percentages	-	2	3	4
Introduction/overview: threats, risk, vulnerabilities and impact	-	23	32	45
Symmetric key encryption	-	14	41	45
Secure one-way hash functions	-	23	64	13
Public key encryption	-	9	36	55
Secure protocols	-	18	36	46
Key certificates and PGP	-	33	33	33
Trusted Computing and NGSCB	-	55	18	27

Please rate the guest lectures according to this scale:
0 = I did not like/enjoy/understand/appreciate the lecture, and would not recommend repeating it in future
4 = I did like/enjoy/understand/appreciate the lecture, and would recommend repeating it in future

Number of votes	n/a	1	2	3	4
Effective Security (Harj Singh)	2	1	5	6	8
Fair exchange protocols (Steve Kremer)	1	4	6	8	3

Percentages	n/a	1	2	3	4
Effective Security (Harj Singh)	-	5	25	30	40
Fair exchange protocols (Steve Kremer)	-	19	29	38	14

Please rate the topics chosen by students. You are not asked to evaluate the student's presentation or handout. This question is about the appropriateness of the topic.
0 = Inappropriate topic
2 = Good topic; keep on the list of "optional" topics, possibly presented by students
4 = Fundamental topic; should become part of the core module

Number of votes	n/a	0	1	2	3	4
Spyware and Trojan horses	0	0	4	6	8	4
Zero knowledge protocols	0	1	2	9	7	4
Biometric authentication	1	0	0	10	9	2
Digital cash	0	0	5	9	7	1
Steganography and digital watermarking	0	0	0	5	12	5
Language security and buffer overflows	0	0	1	8	10	3
Wifi and bluetooth security	0	0	1	11	8	2
SSL and attacks	0	0	2	12	7	1
Denial of service attacks	0	0	0	12	7	3

Percentages	-	0	1	2	3	4
Spyware and Trojan horses	-	0	18	27	37	18
Zero knowledge protocols	-	5	14	41	32	18
Biometric authentication	-	0	0	48	43	9
Digital cash	-	0	23	41	32	4
Steganography and digital watermarking	-	0	0	23	54	23
Language security and buffer overflows	-	0	5	36	45	14
Wifi and bluetooth security	-	0	5	50	36	9
SSL and attacks	-	0	9	55	31	5
Denial of service attacks	-	0	0	55	31	14

Now rate some topics which were some of the suggestions which were not taken up by students. Circle those you think should be considered as core for future runs of the module.

Viruses and worms	12
Firewalls	12
Security of Open-Source Software	6
P2P security	6
Differential cryptanalysis	5
Vulnerabilities on routers, switches, other hardware	5
Holes in popular software	5
Random number generation	4
IPSec	4
Intrusion detection systems	4
Government control of crypto; the Clipper Chip	4
Electronic voting	3
Microsoft passport and other single-signon systems	3
Human factors	2
Kerberos	2
CSS and DeCSS	1
NESSUS	1

Are there any topics in computer security which have not yet been mentioned, which you think are important and should be included in the module?

Cryptanalysis

More classical (symmetric) cryptography

Unbreakable crypto (one-time pads)

Secure subnet topologies

Domain separation

Programming secure distributed systems (Java)

RMI

Did you feel you had enough mathematical background to follow the lectures presented, and to prepare your own chosen topic?

Number of votes	n/a	I have enough	I would have liked more mathematics to help me understand the lectures	I would have liked the module to have less mathematics
Mathematical background	1	17	4	0

Percentages	-	I have enough	I would have liked more mathematics to help me understand the lectures	I would have liked the module to have less mathematics
Mathematical background	-	81	19	0

Do you think the module had too little technical content (meaning: mathematics, details of algorithms, details of attacks and defenses), or too much?
0 = too little
2 = just right
4 = too much

Number of votes	n/a	1	2	3	4
Lectures given by Mark Ryan	0	3	17	2	0
Seminars given by students	0	8	11	3	0

Percentages	-	1	2	3	4
Lectures given by Mark Ryan	-	14	77	9	0
Seminars given by students	-	36	50	14	0

Do you think the module had too little technology content (meaning: real implementations, case studies, available products), or too much?
0 = too little
2 = just right
4 = too much

Number of votes	n/a	1	2	3	4
Lectures given by Mark Ryan	0	11	11	0	0
Seminars given by students	0	5	14	3	0

Percentages	-	1	2	3	4
Lectures given by Mark Ryan	-	50	50	0	0
Seminars given by students	-	23	64	13	0

Did you like having to give seminars, and attending other people's seminars?
0 = I hated it
4 = I loved it

Number of votes	n/a	1	2	3	4
Liked giving seminars	0	4	3	9	6
Liked attending other students' seminars	0	2	9	8	3

Percentages	-	1	2	3	4
Liked giving seminars	-	18	14	41	27
Liked attending other students' seminars	-	9	41	36	14

Last updated on by Stefano Cattani.