The University of Sheffield
Department of Computer Science

COM6501 - Computer Security and Forensics

Summary

This module provides, in general, an introduction into computer security and forensics. In particular, this module focuses on approaches and techniques for building secure systems and for the secure operation of systems.

The module complements the mathematics module MAS345 and requires a solid understanding of mathematical concepts (e.g., modulo-arithmetic, complex numbers, group theory) and logic (set theory, predicate logic, natural deduction) as, e.g., taught in the modules COM365, COM1001, and COM2003). Moreover, the module requires a solid understanding of a programming language (e.g., Java or C), basic software engineering knowledge and an understanding of database and Web systems, as, e.g., taught in the modules COM1003, COM1008, COM1009, COM2001, COM6471, and COM6102). The lab sessions require a basic command of Linux in general and the command line (shell) in particular.

Session Spring 2017/18
Credits 15
Assessment Formal Examination [70%]; Coursework/MOLE Quizzes[30%]
Lecturer(s) Dr. Achim Brucker
Resources
Aims
  • To raise students’ awareness of the different types of computer attacks and their effect on data privacy and business function
  • To give students a grounding in the fundamental principles of data encoding/decoding and encryption/decryption;
  • To give students a practical knowledge of how these technologies can be used to ensure better data security
Objectives By the end of the unit, a candidate will understand:
  • The complexity of the security landscape;
  • The potential vulnerabilities associated with authentication;
  • The advantages and disadvantages of encryption and decryption techniques;
  • The vulnerabilities of wired and wireless networks.
They will have demonstrated:
  • A detailed understanding of industrially relevant issues relating to computer security and forensics.
  • The ability to present material in a concise yet comprehensive manner, and to target that material appropriately to the audience in question
Content Lectures will cover:
  • Security Fundamentals
  • Access Control
  • Cryptographic Foundations
  • Signatures and PKIs
  • Crypto Attacks
  • Security Protocols
  • Formal Analysis of Security Protocols using Model Checking
  • Application/Software Security
  • Threat Modelling
  • Secure Programming
  • Security Testing
  • Static code analysis
  • Secure Operations & Forensics

The lecture includes lab sessions that require an understanding of Linux systems and programming skills.

Restrictions The module assumes a solid knowledge of mathematical concepts and core computer science concepts (see summary for detail). Students from departments other than Computer Science will need to demonstrate that they have the necessary knowledge (in particular, a knowledge of predicate logic, natural deduction, algebra as well as at least a solid understanding of one programming language, common algorithms and data structures and technologies for building web applications.
Teaching Method Lectures and some practical work.
Feedback Students will receive feedback in the tutorial sessions in which solutions for the problem sheets are discussed as well as in the lab sessions.
Recommended Reading
  • MJ. Gersting, Mathematical Structures for Computer Science.
  • M. Piff, Discrete Mathematics, (Cambridge University Press) 1991.
  • M. Huth and M. Ryan. Logic in Computer Science: Modelling and Reasoning About Systems. Cambridge University Press, New York, NY, USA, 2004. ISBN 052154310X.
  • R. J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York, NY, USA, 1st edition, 2001. ISBN 0471389226. The complete book is available at: http://www.cl.cam.ac.uk/~rja14/book.html.
  • A. J. Menezes, S. A. Vanstone, and P. C. V. Oorschot. Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton, FL, USA, 5th edition, 2001. ISBN 0849385237. The complete book is available at: http://cacr.uwaterloo.ca/hac/.
  • Neil Daswani, Christoph Kern, and Anita Kesavan. Foundations of Security: What Every Programmer Needs to Know. Apress, Berkely, CA, USA, 2007.
  • Michael Howard, David LeBlanc, and John Viega. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. McGraw-Hill, Inc., New York, NY, USA, 1 edition, 2010.
  • Brian Chess and Jacob West. Secure programming with static analysis. Addison-Wesley Professional, first edition, 2007.
  • Michael Felderer, Matthias Büchler, Martin Johns, Achim D. Brucker, Ruth Breu, and Alexander Pretschner. Security testing: A survey. Advances in Computers, 101:1–51, March 2016.
  • Dafydd Stuttard and Macrus Pinto. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. O'Reilly. 2011.