School of Computer Science

Module 06-26265 (2013)

Introduction to Computer Security

Level 2/I

Tom Chothia Semester 2 10 credits
Co-ordinator: Tom Chothia
Reviewer: Hayo Thielecke

The Module Description is a strict subset of this Syllabus Page.


The module will introduce a range of topics in computer security, including attacks, vulnerabilities and defences. Both theory and practice are covered.


The aims of this module are to:

• Introduce the basic terminology, concepts, and standards of computer security.

• Familiarise students with the main approaches, algorithms, and protocols used to secure computer systems.

• Introduce the basic concepts of website and network security.

• Provide a basic knowledge of information security laws and regulations.

Learning Outcomes

On successful completion of this module, the student should be able to:

  1. Describe the basic concepts of computer security.

  2. Demonstrate an understanding of the threats to data stored on a computer, or being sent between computers, and apply techniques to secure that data.

  3. Identify security risks, and suggest appropriate solutions.

Teaching methods

Two one-hour lectures per week for eleven weeks. Plus eleven two-hour weekly lab sessions.


• Sessional: 1.5 hr examination (80%), continuous assessment (20%).

• Supplementary (where allowed): By 1.5 hr examination only (100%).

Detailed Syllabus


•Symmetric Ciphers, Asymmetric Ciphers, Block cipher modes •Encryption in Java •Hash functions and password security


•The Diffie-Hellman protocol •Key establishment protocols, and their aims

Web security

•Common web attacks, SQL injection, XXS, CSRF •Protecting websites from attack

Application security

•Memory exploits and buffer overflows •Software security

Common Threats and Defences

•Malware, Botnets •Firewall, and security tools

Information Security Policy

•Standards e.g. PCI-DSS, ISO 27001 •Laws: e.g. The Computer Misuse Act, The Data Protection Act

Programmes containing this module