University of Oxford Logo University of OxfordSoftware Engineering - Home

Security Principles

Developing secure software requires a great deal more than a knowledge of programming. In security, the ability to understand threats and risks in general, as well as specific security technologies (for example cryptography or security protocols) is paramount. This course discusses these and other issues relating to software and systems security, including banking security and security evaluation.

Course dates

19th May 2014Oxford University Department of Computer Science 
7th July 2014Oxford University Department of Computer Science 
27th October 2014Oxford University Department of Computer Science 
12th January 2015Oxford University Department of Computer Science 
27th April 2015Oxford University Department of Computer Science 
6th July 2015Oxford University Department of Computer Science 

Please contact the programme office for availability.

Objectives

At the end of the course, students will

  • understand the main issues in computer and information security;
  • have practical experience in the analysis of secure communication protocols;
  • have an overview of the scope of the current leading technologies and standards;
  • be able to evaluate security solutions.

Contents

Introduction
The need for security; types of security (confidentiality, authentication; non-repudiation; service integrity); big picture (network security; host OS security; physical security); multi-level security; trusted systems.
Contexts
Data protection/privacy, electronic payment, secret communications, government security. Risk assessment and social factors.
Cryptography
Number theory: inverses, primes. Basic encryption and decryption: terminology, substitution, stream, and block ciphers; characteristics of good ciphers. Symmetric and asymmetric encryption. Encryption algorithms: DES, RSA, AES, etc. Hashing.
Security Protocols
Goals of protocols: key distribution, authentication, key confirmation. Protocols and attacks: use of public-key and symmetric-key cryptography; Needham-Schroeder Protocols; Kerberos; Diffie-Helmann key exchange; dangers of key compromise. Key management. Advanced protocols: Encrypted Key Exchange; secret sharing.
Applications
Public-key cryptography and ISO authentication framework: design of X.509 certificates, and their uses. Secure sockets layer: SSL and encryption, key exchange protocols, use of X.509 certificates; secure web pages. Electronic signatures: role of hashing and cryptography; MD5 etc.; potential attacks, such as the `birthday book'.
Case Studies
Banking security, ATM, SWIFT, SET standards. Common criteria. Internet security; SSL/TLS, IPsec.

Requirements

There are no particular requirements for this course.