Module Details

CE708-7-AU-CO: Computer Security

Year: 2016/17
Department: Computer Science and Electronic Engineering
Essex credit: 15
ECTS credit: 7.5
Available to Study Abroad / Exchange Students: No
Full Year Module Available to Study Abroad / Exchange Students for a Single Term: No
Outside Option: No

Staff
Supervisor: Dr Jianyong Sun
Teaching Staff: Dr Jianyong Sun
Contact details: School Office, email: csee-schooloffice (non-Essex users should add @essex.ac.uk to create full e-mail address), Telephone 01206 872770

Module is taught during the following terms
Autumn Spring Summer

Module Description

Learning Outcomes

This course gives an introduction to computer security and cryptography, and then goes on to consider security as it relates to a single, network connected, computer. Introductory material is independent of any operating system but the consideration of tools will focus on those available for Linux, partly because its open-source nature facilitates this and partly because it is widely used on server systems. The introduction to cryptography will be used to consider its use in encryption and authentication.

On completion of the course, students should be able to:

1. Identify and describe common security vulnerabilities
2. Identify and describe different types of attack on computers
3. Recommend security tools and procedures to protect against specific types of attack
4. Describe the nature of malware, how it may be identified and the attack mitigated
5. Explain the distinction between different types of cryptography and identify common algorithms that are weak and strong
6. Describe the use of cryptography in certification and authentication


Outline Syllabus

Introduction:
-Principles of security and privacy, introduction to the different types of computer attack

-Common security policies, techniques and tools:
-Good administrative procedures for computer systems. Data security (e.g. good backup policy).
-Combating social engineering. Tools for identifying system vulnerabilities. Monitoring for break-ins. Recovering from a break-in.

Overview of Encryption:
-Applications of encryption to computer security. Types of encryption algorithms.
-Examples of encryption algorithms commonly used.

User Authentication:
-Methods of user authentication. One way functions and MD5., Biometric access control (e.g. fingerprint, iris etc.). Other techniques (e.g. smartcard).

Protecting passwords from attack:
-Good and bad passwords. Methods to crack passwords and policies/techniques to reduce the problem.

Malicious software:
-History. Classification. How viruses spread. Identifying malware.
-Antivirus software.

Risk analysis
-Analysis of risk. Steps in risk analysis. Using risk analysis to select new controls.

Learning and Teaching Methods

Assessment

30 per cent Coursework Mark, 70 per cent Exam Mark

Coursework

Assignment 1 with a weighting of 10% submitted via FASER in week 7. Assignment 2 with a weighting of 10% submitted via FASER in week 10. Progress test with a weighting of 10% to be taken in week 10.

Other information

STUDENTS SHOULD NOTE THAT THIS MODULE INFORMATION IS SUBJECT TO REVIEW AND CHANGE

Bibliography

  • PFLEEGER, C., and PFLEEGER, S., Security in computing, Prentice Hall 2002
  • A detailed book that the course uses to describe the general principles and risk analysis.
  • BISHOP, M., Computer Secuirty Art and Science, Pearson Education, 2003
  • GOLLMAN, D., Computer Security, Wiley 2006, 2nd ed.
  • A good book that gives an excellent overview of most of the course material.
  • TOXEN, B., Real World Linux Security, Prentice Hall PTR; ISBN: 0130281875
  • An excellent practical guide to making Linux/Unix systems more secure