University of Oxford Logo University of OxfordSoftware Engineering - Home
Platforms for Security

In order to build secure systems, appropriate methodologies must be used throughout the lifecycle, not least in the detailed implementation stage. This course takes a case study approach to topics such as buffer overflows, cryptographic libraries, sandboxing, code signing, network security, and code correctness, to build towards a toolkit of sound principles.

Course dates

No future courses planned.

Objectives

At the end of the course, students will

  • understand the ways in which computer platforms can fail and
  • be able to specify ways in which these platforms can be hardened to protect them against attack

Contents

Abstraction & its Limitations
Evaluate how attacking the assumptions that systems are built on can be used to circumvent and break the security of the whole system. Also reviewed will be the extent to which good coding practice can mitigate this problem.
Virtualisation & Sandboxing
Describe common features of popular virtual machines and their effectiveness in overcoming the problems of abstraction.
Security Infrastructures
Enabling trust in hardware, operating systems and services.
Databases and Data Mining
Present and describe database security, focussing on practical access control measures, and going into detail about inferential and statistical attacks aimed at identifying confidential information.
Network Security Architectures
Evaluate common practices in network security designs.
Embedded & Mobile Systems
Present the needs and difficulties associated with securing embedded and mobile systems.

Requirements

The course assumes a level of familiarity with basic security concepts and mechanisms. Security Principles would be an ideal preparation.