The University of Sheffield
Department of Computer Science

COM2008 Systems Design and Security

Summary This module provides a grounding in software systems design, highlighting security issues. Topics include: choice of software lifecycle, customer-developer interaction, requirements capture, information management, database design, functional design, design patterns, software architectures, user interfaces, data validation, software verification and testing. Security topics include: threats, countermeasures, policies and technologies. The lectures are complemented by an integrating team-project. This 20-credit unit prepares students to participate in the Software Hut (COM3420) in the Spring.
Session Autumn 2021/22
Credits 20
  • Coursework (team project and individual test report) and formal examination
Lecturer(s) Dr Anthony Simons & Mr Andrew Stratton

This unit aims to:

  • Develop customer-oriented interaction, and software analysis and design skills to create robust software systems for target customers;
  • Promote an awareness of common cyber threats and the security policies and design strategies that reduce risk;
  • Develop group-working skills and technical software development skills in building a software system with a layered architecture.

By the end of the unit, a candidate will be able to:

  • Apply non-directive interviewing principles with customers and apply risk-mitigation principles when selecting a development strategy (aims 1, 3);
  • Collate and validate unstructured information and convert this into UML designs capturing the process, data and time views of a system (aims 1, 3);
  • Identify and mitigate threats to the security of the system, with emphasis on privilege escalation, data validation and SQL injection attacks (aims 1, 2);
  • Construct a SQL relational database in normal form and couple this to a software system developed in a different programming language (aims 1, 3);
  • Work cooperatively in a team to deliver a software system that meets realistic requirements of a target customer (aims 1,2,3);
  • Design, build and test a secure information system with a three-layer architecture, integrating a user interface, business logic and a SQL database (aims 2, 3).
  • Software Engineering – problems, solutions, lifecycles; how to pick an approach
  • Information Security – vulnerabilities, threats, countermeasures, policies, legal obligations
  • Project Management – people, product, process; developer-client psychology, conceptual bias
  • Requirements Modelling – UML Use Case Diagram; requirements gathering techniques
  • Requirements Case Study – interactive role-playing adventure-game exercise for customer/developer pairs
  • Information Modelling – building a data dictionary, UML Class Diagram; atomicity/dependency, semantic relation
  • Database Design – entity relationship modelling, data normalisation to 3NF/4NF, traditional vs ERM approach
  • Query Processing – from Relational Algebra to SQL; query optimisation
  • Java and Databases – Java Database Connectivity API, MySQL server, SQL injection, data validation
  • Security and Robustness – authentication, authorisation, confidentiality, integrity, non-repudiation; distribution, penetration, concurrency
  • Encryption – digital fingerprints and certificates, symmetric key, public/private key, Java security API
  • Control/Data Flow Modelling – UML Activity Diagram; sequence, selection, iteration, composition; swim lanes, object flow
  • State-Based Modelling – UML State Machine Diagram; reactive systems, behaviour vs protocol models
  • Design Patterns – Command, State, Mediator, Template Method, Chain of Responsibility, Composite, Abstract Factory, Bridge
  • User Interface Design – State machines applied to screen modes and transitions, Java Swing composite design patterns
  • Architectural Design – UML deployment and package diagrams; layered, pipelined and transform-centre architectures
  • Formal Systems Design – UML Object Constraint Language, adding first-order logic to UML diagrams
  • Verification and Testing – formal and informal methods to ensure correctness, test coverage
  • Agile Methods – DSDM, Scrum, eXtreme Programming; putting agile principles to work
Restriction This module cannot be taken with COM3008.
Teaching Method
  • Lecture classes convey basic concepts (Objectives 1-4).
  • Interactive sessions develop interviewing, analysis and design skills (Objectives 1-4).
  • Team project develops group working and systems development skills (Objectives 5-6)
Feedback Formative test on Blackboard to prepare for the exam. Projects marked using published criteria, feedback sheets returned within 3 weeks.
Recommended Reading
  • Ian Sommerville, Software Engineering, 10th ed., Pearson, 2016.
  • Roger S Pressman and Bruce R Maxim, Software Engineering: A Practitioner's Approach, 8th ed., McGraw-Hill, 2014.
  • Martin Fowler, UML Distilled: A Brief Guide to the Standard Object Modelling Language, Addison-Wesley, 3rd ed., 2003.
  • Simon Bennett, Steve McRobb and Ray Farmer, Object-Oriented Systems Analysis and Design using UML, 4th ed., McGraw-Hill, 2010.
  • Ross Anderson. Security Engineering, 2nd ed., John Wiley, 2008. Also online:
  • Michael Goodrich, Roberto Tamassia. Introduction to Computer Security, Pearson, 2010.
  • Thomas Connolly and Carolyn Begg, Database Systems – a Practical Approach to Design, Implementation and Management, 6th ed., Pearson, 2014.
  • Christopher J Date, An Introduction to Database Systems, 8th ed., Pearson, 2003.