COM3008 Systems Design and Security
Summary |
This module provides a grounding in software systems design, highlighting security issues. Topics include: choice of software lifecycle, customer-developer interaction, requirements capture, information management, database design, functional design, design patterns, software architectures, user interfaces, data validation, software verification and testing. Security topics include: threats, countermeasures, policies and technologies. The lectures are complemented by an integrating team-project. This 20-credit unit prepares
students to participate in the Software Hut (COM3420) in the Spring. |
Session |
Autumn 2023/24 |
Credits |
20 |
Assessment |
- Coursework (team project and individual test report) and formal examination
|
Lecturer(s) |
Dr Anthony Simons & Dr Andrew Lewis-Smith |
Resources |
|
Aims |
This unit aims to:
- Develop customer-oriented interaction, and software analysis and design skills to create robust software systems for target customers;
- Promote an awareness of common cyber threats and the security policies and design strategies that reduce risk;
- Develop group-working skills and technical software development skills in building a software system with a layered architecture.
|
Learning Outcomes |
By the end of the unit, a candidate will be able to:
- Choose an appropriate software lifecycle and project management strategy for different kinds of software project;
- Analyse the different mind-sets of the developer and customer and mitigate the effect of bias in requirements analysis and design;
- Use appropriate software analysis and design models to capture the essentials of a design succinctly and accurately;
- Collate and structure business information appropriately for the design of a robust database;
- Create an uncluttered, intuitive user interface that supports the business process of the customer;
- Apply principles of design patterns and architectural style to achieve separation of concerns;
- Identify and mitigate threats to the security of the system, by taking appropriate countermeasures;
- Work cooperatively in a developer team to deliver a software system that meets the requirements of a target customer;
- Know how to test a software system to ensure robust and correct behaviour.
|
Content |
- Software Engineering – problems, solutions, lifecycles; how to pick an approach
- Information Security – vulnerabilities, threats, countermeasures, policies, legal obligations
- Project Management – people, product, process; developer-client psychology, conceptual bias
- Requirements Modelling – UML Use Case Diagram; requirements gathering techniques
- Requirements Case Study – interactive role-playing adventure-game exercise for customer/developer pairs
- Information Modelling – building a data dictionary, UML Class Diagram; atomicity/dependency, semantic relation
- Database Design – entity relationship modelling, data normalisation to 3NF/4NF, traditional vs ERM approach
- Query Processing – from Relational Algebra to SQL; query optimisation
- Java and Databases – Java Database Connectivity API, MySQL server, SQL injection, data validation
- Security and Robustness – authentication, authorisation, confidentiality, integrity, non-repudiation; distribution, penetration, concurrency
- Encryption – digital fingerprints and certificates, symmetric key, public/private key, Java security API
- Control/Data Flow Modelling – UML Activity Diagram; sequence, selection, iteration, composition; swim lanes, object flow
- State-Based Modelling – UML State Machine Diagram; reactive systems, behaviour vs protocol models
- Design Patterns – Command, State, Mediator, Template Method, Chain of Responsibility, Composite, Abstract Factory, Bridge
- User Interface Design – State machines applied to screen modes and transitions, Java Swing composite design patterns
- Architectural Design – UML deployment and package diagrams; layered, pipelined and transform-centre architectures
- Formal Systems Design – UML Object Constraint Language, adding first-order logic to UML diagrams
- Verification and Testing – formal and informal methods to ensure correctness, test coverage
- Agile Methods – DSDM, Scrum, eXtreme Programming; putting agile principles to work
|
Restriction |
This module cannot be taken with COM2008. |
Teaching Method |
- Lecture classes convey basic concepts (Objectives 1-4).
- Interactive sessions develop interviewing, analysis and design skills (Objectives 1-4).
- Team project develops group working and systems development skills (Objectives 5-6)
|
Feedback |
Formative test on Blackboard to prepare for the exam.
Projects marked using published criteria, feedback sheets returned within 3 weeks. |
|