COM3501 Computer Security and Forensics
Summary 
This module provides, in general, an introduction into computer security and forensics. In particular, this module focuses on approaches and techniques for building secure systems and for the secure operation of systems.
The module complements the mathematics module MAS345 and requires a solid understanding of mathematical concepts (e.g., moduloarithmetic, complex numbers, group theory) and logic (set theory, predicate logic, natural deduction) as, e.g., taught in the modules COM365, COM1001, and COM2003). Moreover, the module requires a solid understanding of a programming language (e.g., Java, Ruby or C), basic software engineering knowledge and an understanding of database and Web systems, as, e.g., taught in the modules COM1003, COM1008, COM1009, COM2001, COM6471, and COM6102). Students should be aware that there are limited places available on this course

Session 
Spring 2021/22 
Credits 
10 
Assessment 
 Formal Examination, Blackboard Quizzes

Lecturer(s) 
Dr Nesrine Kaaniche & Dr Benjamin Dowling 
Resources 

Aims 
 To raise students’ awareness of the different types of
computer attacks and their effect on data privacy and
business function
 To give students a grounding in the fundamental
principles of information security
 To give students some practical knowledge of how these
principles and implementing technologies can be used to ensure better data and
system security

Objectives 
By the end of the module, a student will be able to:
 Demonstrate an understanding of core security concepts and principles, their vulnerabilities and risks to computer systems.
 Explain basic digital forensics strategies to recover digital evidence from storage devices.
 Demonstrate an understanding of secure software development practices and security testing in a complex networking environment.
 Explain industrially relevant issues relating to computer security and forensics.

Content 
Lectures will cover:
 Security Fundamentals
 Access Control
 Cryptographic Foundations
 Signatures and PKIs
 Crypto Attacks
 Security Protocols
 Application/Software Security
 Threat Modelling
 Secure Programming
 Security Testing
 Static Code Analysis
 Secure Operations & Forensics

Restrictions

The module assumes a solid knowledge of mathematical concepts and core computer science concepts (see summary for detail). Students from departments other than Computer Science will need to demonstrate that they have the necessary knowledge (in particular, a knowledge of predicate logic, natural deduction, algebra as well as at least a solid understanding of one programming language, common algorithms and data structures and technologies for building web applications). 
Teaching Method 
Lectures and some practical work. 
Feedback 
Students will receive feedback in the tutorial sessions in which solutions for the problem sheets are discussed. 
Recommended Reading 
Online resources will be provided on Blackboard and more specific readings will be recommended as part of the exercise sheets.
 MJ. Gersting, Mathematical Structures for Computer Science.
 M. Piff, Discrete Mathematics, (Cambridge University Press) 1991.
 M. Huth and M. Ryan. Logic in Computer Science: Modelling and Reasoning About Systems. Cambridge University Press, New York, NY, USA, 2004. ISBN 052154310X.
 R. J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York, NY, USA, 1st edition, 2001. ISBN 0471389226. The complete book is available at: http://www.cl.cam.ac.uk/~rja14/book.html.
 A. J. Menezes, S. A. Vanstone, and P. C. V. Oorschot. Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton, FL, USA, 5th edition, 2001. ISBN 0849385237. The complete book is available at: http://cacr.uwaterloo.ca/hac/.
 Neil Daswani, Christoph Kern, and Anita Kesavan. Foundations of Security: What Every Programmer Needs to Know. Apress, Berkely, CA, USA, 2007.
 Michael Howard, David LeBlanc, and John Viega. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. McGrawHill, Inc., New York, NY, USA, 1st edition, 2010.
 Brian Chess and Jacob West. Secure Programming with Static Analysis. AddisonWesley Professional, first edition, 2007.
 Michael Felderer, Matthias Büchler, Martin Johns, Achim D. Brucker, Ruth Breu, and Alexander Pretschner. Security Testing: A Survey. Advances in Computers, 101:1–51, March 2016.
 Dafydd Stuttard and Macrus Pinto. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. O'Reilly. 2011.

