University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Follow us on twitter
Linked in
Linked in
Google plus
Google plus
Stumble Upon
Stumble Upon

Security Principles

Developing secure software requires a great deal more than a knowledge of programming. In security, the ability to understand threats and risks in general, as well as specific security technologies (for example cryptography or security protocols) is paramount. This course discusses these and other issues relating to software and systems security, including banking security and security evaluation.


This course normally runs three times a year.

Course dates

Future courses are expected, but yet to be scheduled.


At the end of the course, students will

  • understand the main issues in computer and information security;
  • have practical experience in the analysis of secure communication protocols;
  • have an overview of the scope of the current leading technologies and standards;
  • be able to evaluate security solutions.


The need for security; types of security (confidentiality, authentication; non-repudiation; service integrity); big picture (network security; host OS security; physical security); multi-level security; trusted systems.
Data protection/privacy, electronic payment, secret communications, government security. Risk assessment and social factors.
Number theory: inverses, primes. Basic encryption and decryption: terminology, substitution, stream, and block ciphers; characteristics of good ciphers. Symmetric and asymmetric encryption. Encryption algorithms: DES, RSA, AES, etc. Hashing.
Security Protocols
Goals of protocols: key distribution, authentication, key confirmation. Protocols and attacks: use of public-key and symmetric-key cryptography; Needham-Schroeder Protocols; Kerberos; Diffie-Helmann key exchange; dangers of key compromise. Key management. Advanced protocols: Encrypted Key Exchange; secret sharing.
Public-key cryptography and ISO authentication framework: design of X.509 certificates, and their uses. Secure sockets layer: SSL and encryption, key exchange protocols, use of X.509 certificates; secure web pages. Electronic signatures: role of hashing and cryptography; MD5 etc.; potential attacks, such as the `birthday book'.
Case Studies
Banking security, ATM, SWIFT, SET standards. Common criteria. Internet security; SSL/TLS, IPsec.


There are no particular requirements for this course.