School of Computer Science

Module 06-26265 (2018)

Introduction to Computer Security

Level 2/I

Eike Ritter Semester 2 10 credits
Co-ordinator: Eike Ritter
Reviewer: Hayo Thielecke

The Module Description is a strict subset of this Syllabus Page.

Outline

The module will introduce a range of topics in computer security, including attacks, vulnerabilities and defences. Both theory and practice are covered.


Aims

The aims of this module are to:

  • Introduce the basic terminology, concepts, and standards of computer security.
  • Familiarise students with the main approaches, algorithms, and protocols used to secure computer systems.
  • Introduce the basic concepts of website and network security.
  • Provide a basic knowledge of information security laws and regulations.

Learning Outcomes

On successful completion of this module, the student should be able to:

  1. Describe the basic concepts of computer security.
  2. Demonstrate an understanding of the threats to data stored on a computer, or being sent between computers, and apply techniques to secure that data.
  3. Identify security risks, and suggest appropriate solutions.

Restrictions

None


Teaching methods

Two one-hour lectures per week for eleven weeks. Plus eleven two-hour weekly lab sessions.

Contact Hours:

44


Assessment

Sessional: 1.5 hr examination (80%), continuous assessment (20%).

Supplementary (where allowed): By 1.5 hr examination only (100%).


Detailed Syllabus

  1. Cryptography
    • Symmetric Ciphers, Asymmetric Ciphers, Block cipher modes
    • Encryption in Java
    • Hash functions and password security
  2. Protocols
    • The Diffie-Hellman protocol
    • Key establishment protocols, and their aims
  3. Web security
    • Common web attacks, SQL injection, XXS, CSRF
    • Protecting websites from attack
  4. Application security
    • Memory exploits and buffer overflows
    • Software security
  5. Common Threats and Defences
    • Malware, Botnets
    • Firewall, and security tools
  6. Information Security Policy
    • Standards e.g. PCI-DSS, ISO 27001
    • Laws: e.g. The Computer Misuse Act, The Data Protection Act

Programmes containing this module