In order to build secure systems, appropriate methodologies must be used throughout the lifecycle, not least in the detailed implementation stage. This course takes a case study approach to topics such as buffer overflows, cryptographic libraries, sandboxing, code signing, network security, and code correctness, to build towards a toolkit of sound principles.

Course dates

Objectives

At the end of the course, students will

• understand the ways in which computer platforms can fail and
• be able to specify ways in which these platforms can be hardened to protect them against attack

Contents

Abstraction & its Limitations

Evaluate how attacking the assumptions that systems are built on can be used to circumvent and break the security of the whole system. Also reviewed will be the extent to which good coding practice can mitigate this problem.

Virtualisation & Sandboxing

Describe common features of popular virtual machines and their effectiveness in overcoming the problems of abstraction.

Security Infrastructures

Enabling trust in hardware, operating systems and services.

Databases and Data Mining

Present and describe database security, focussing on practical access control measures, and going into detail about inferential and statistical attacks aimed at identifying confidential information.

Network Security Architectures

Evaluate common practices in network security designs.

Embedded & Mobile Systems

Present the needs and difficulties associated with securing embedded and mobile systems.

Requirements

The course assumes a level of familiarity with basic security concepts and mechanisms. Security Principles would be an ideal preparation.