Secure Systems Engineering

Delivering and operating a system with an adequate degree of security requires a wide range of tools, techniques, and processes.   This course focusses on the central part of the systems life-cycle: the art and science of building and planning the operation of a system to deliver a particular design.   These tools and techniques of course  inform the systems designer; they are in turn informed by the more detailed issues of cryptography, communications security, secure programming, trusted infrastructure, mobile, cloud, and so on.  Here we consider the 'big picture' of how those ideas fit together.

Course dates

Objectives

• understand the core considerations of security relevant to software or systems engineering
• explain and evaluate security properties of platforms and systems;
• understand some commonly-used security components, including identity and access control in large-scale systems
• place secure software engineering in a context of use: regulation, bug bounties, “critical” systems, safety, etc.

Contents

Platforms and Systems:

Security of systems concepts; systems of systems; NIST SP- 800-160 vol-1. Systems Security Engineering Framework: Problem context; solution context; trustworthiness context. The abstraction problem in security; non-compositionality. NIST Security Principles

Engineering Processes:

Observed characteristics of SDLC and DevSecOps; their successes and failures. Vulnerability life-cycle; zero-day; reporting and triage; patching; bug bounties; vulnerability equities; impact for security economics and regulation. Software supply chain management; SBOM.

Assurance Schemes:

Testing; fuzzing; penetration testing. Formal proof; model-checking. Independent verification and validation. Certification and its limitations. 

Platform Security:

security goals of platform-based controls; interaction of hardware and operating systems; process and privilege separation; virtualization; trusted execution environments; trusted paths; storage encryption; special cases (e.g. databases); high-assurance platforms. Threat models; unchecked inputs; physical subversion; device theft; evil maid; etc. 

Distributed Systems Security:

classical challenges of unknown remote parties; consensus; majority voting; backup and redundancy; service-oriented approaches to security; bootstrapping trust; service enrolment; trust boundaries; zero trust architectures. Data in transit, data at rest, data in use. 

Identity and Access Management:

Population-scale identity management issues; people and systems. Evolution of identity management. Identity of platforms and software/services. AAA at-scale. Formal models vs practical realities. Access control architecture concepts: reference monitor, policy enforcement point; policy control point. 

Requirements

There are no prerequisites for this course.  It should be accessible to students from any of the programme's degrees.