COMPSCI 725 : System Security

Science

2020 Semester Two (1205) (15 POINTS)

Course Prescription

Data security: confidentiality, integrity, availability. System security: prohibitions, permissions, obligations, exemptions. The gold standard of dynamic security: authentication, audit, authorisation. Governance: specification, implementation, assurance. Three-layer defence: prevention, detection, response. Control modalities: architectural, economic, legal, normative. System-centric analyses: attacks, threats, vulnerabilities, information flows. Owner-centric analyses: functionality, security, trust, distrust. Data-centric analyses. Security techniques: encryption, obfuscation, tamper resistance. System designs. Recommended preparation: 30 points from COMPSCI 313, 314, 320, 335, 340, 351, 702, 734, 742.

Course Overview

Computer security is increasingly important, now that e-commerce has become commonplace, most workplaces are heavily computerised, and many e-government services are available to residents and citizens. Computer systems are susceptible to a wide range of attacks including denial of service, unauthorised modifications, and unauthorised use. In this course, we briefly survey the field of computer security from a real-world perspective -- where we never expect "perfect security", but instead aspire to have systems that are affordable, usable, and trustworthy. We then study some technical articles from the recent literature, on specific topics in computer security. Topics in recent offerings of this course have included forensic computing, tradeoffs in secure systems design, mis-identification threats and defences, ethical security, human factors in security, software security techniques and vulnerabilities, and hardware security techniques and vulnerabilities.

Course Requirements

Prerequisite: Approval of the Academic Head or nominee

Capabilities Developed in this Course

Capability 1: Disciplinary Knowledge and Practice
Capability 2: Critical Thinking
Capability 3: Solution Seeking
Capability 4: Communication and Engagement
Capability 5: Independence and Integrity
Capability 6: Social and Environmental Responsibilities

Learning Outcomes

By the end of this course, students will be able to:
  1. Give basic advice on system security by using standard terminology (Capability 1, 2, 3, 4, 5 and 6)
  2. Read and demonstrate critical and appreciative comprehension of technical literature on system security (Capability 1, 2, 3, 4 and 5)
  3. Give an informative oral presentation on, and write knowledgeably about, an advanced topic in system security (Capability 1, 2 and 4)

Assessments

Assessment Type Percentage Classification
Presentation 10% Individual Coursework
Quizzes 5% Individual Coursework
Reports 25% Individual Coursework
Final Exam 60% Individual Examination
Assessment Type Learning Outcome Addressed
1 2 3
Presentation
Quizzes
Reports
Final Exam

Key Topics

The topical focus of each offering of this course is variable -- depending on the expertise and current interests of the current instructor(s); but the first four weeks of lectures always provide a general introduction to computer system security.   In 2019, the focus was on digital forensics.  In 2018,  the focus was on multimedia forensics and IoT forensics.

Learning Resources

In the first week of lectures, students are provided with a list of articles that had been selected by the instructor(s) as being representative of the current practice and theory in the focus area(s) of system security to be covered in this offering.   Students provide a rank-ordered list of their preferred articles; and the instructors  develop the required reading list from these preferences -- with up to three students individually developing an oral presentation on some important aspect of each article on the required reading list. 

Special Requirements

Students are awarded a mark for delivering a "practice oral presentation" during a tutorial session in the week before they are scheduled to make their oral presentation during a lecture period.

Workload Expectations

This course is a standard 15 point course and students are expected to spend 10 hours per week involved in each 15 point course that they are enrolled in.

For this course, you can expect 3 hours of lectures per week, a 1 hour tutorial in the week prior to your scheduled oral presentation (i.e. approx 0.1 hours per week, on average), 2 hours per week of reading and thinking about the content and 3.9 hours of work per week on assignments and/or test preparation.

Digital Resources

Course materials are made available in a learning and collaboration tool called Canvas which also includes reading lists and lecture recordings (where available).

Please remember that the recording of any class on a personal device requires the permission of the instructor.

Copyright

The content and delivery of content in this course are protected by copyright. Material belonging to others may have been used in this course and copied by and solely for the educational purposes of the University under license.

You may copy the course content for the purposes of private study or research, but you may not upload onto any third party site, make a further copy or sell, alter or further reproduce or distribute any part of the course content to another person.

Academic Integrity

The University of Auckland will not tolerate cheating, or assisting others to cheat, and views cheating in coursework as a serious academic offence. The work that a student submits for grading must be the student's own work, reflecting their learning. Where work from other sources is used, it must be properly acknowledged and referenced. This requirement also applies to sources on the internet. A student's assessed work may be reviewed against online source material using computerised detection mechanisms.

Inclusive Learning

All students are asked to discuss any impairment related requirements privately, face to face and/or in written form with the course coordinator, lecturer or tutor.

Student Disability Services also provides support for students with a wide range of impairments, both visible and invisible, to succeed and excel at the University. For more information and contact details, please visit the Student Disability Services’ website at http://disability.auckland.ac.nz

Special Circumstances

If your ability to complete assessed coursework is affected by illness or other personal circumstances outside of your control, contact a member of teaching staff as soon as possible before the assessment is due.

If your personal circumstances significantly affect your performance, or preparation, for an exam or eligible written test, refer to the University’s aegrotat or compassionate consideration page: https://www.auckland.ac.nz/en/students/academic-information/exams-and-final-results/during-exams/aegrotat-and-compassionate-consideration.html.

This should be done as soon as possible and no later than seven days after the affected test or exam date.

Student Feedback

During the course Class Representatives in each class can take feedback to the staff responsible for the course and staff-student consultative committees.

At the end of the course students will be invited to give feedback on the course and teaching through a tool called SET or Qualtrics. The lecturers and course co-ordinators will consider all feedback.

Your feedback helps to improve the course and its delivery for all students.

Student Charter and Responsibilities

The Student Charter assumes and acknowledges that students are active participants in the learning process and that they have responsibilities to the institution and the international community of scholars. The University expects that students will act at all times in a way that demonstrates respect for the rights of other students and staff so that the learning environment is both safe and productive. For further information visit Student Charter (https://www.auckland.ac.nz/en/students/forms-policies-and-guidelines/student-policies-and-guidelines/student-charter.html).

In this course, we will discuss vulnerabilities in widely-deployed computer systems. This is not an invitation for you to exploit these vulnerabilities!  You are expected to behave responsibly; and you are subject to disciplinary action if you violate the laws of New Zealand or the regulations of our University.  We will discuss professional codes of ethics, and legal codes, in classroom lectures.

Disclaimer

Elements of this outline may be subject to change. The latest information about the course will be available for enrolled students in Canvas.

In this course you may be asked to submit your coursework assessments digitally. The University reserves the right to conduct scheduled tests and examinations for this course online or through the use of computers or other electronic devices. Where tests or examinations are conducted online remote invigilation arrangements may be used. The final decision on the completion mode for a test or examination, and remote invigilation arrangements where applicable, will be advised to students at least 10 days prior to the scheduled date of the assessment, or in the case of an examination when the examination timetable is published.

Published on 11/01/2020 02:55 p.m.