COMP3657 - Security Engineering Module

Location

The physical classes for this module are going to be as follows:

Structure

For each lecture session, you should read a paper (as listed below). I will use this paper as the basis of the discussions in the session. I know reading a paper can be boring and tedious sometime but here is an instruction (I guess it is rather trivial) on how to read a paper.

The overall summary and learning objectives of the module is available in here.

Date Topic Reading Item More resources
1 What is Security Engineering On trusting Trust (1984)
2 Computer Security Architectures Google Infrastructure Security (2017)
3 Security Protocols Your pa$$word doesn't matter
4 Threat Modelling Uncover Security Design Flaws Using The STRIDE Approach (2015)
5 Threat Modelling (cont.)
6 Cryptography New Directions in Cryptography (1976)
7 Cryptography (cont.) Why cryptosystems fail? (1993)
Coursework release
8 Privilege Separation + Linux Containers OKWS (2004) but skip section 7 + Linux Containers
9 Software Fault Isolation + Enclaves Native Client (2009) and Komodo (2017)
10 Client Device Security iOS Security (2019) (pages 1 - 28)
11 Android Security Android Platform Security Model (2019)
12 Web Security Model The Tangled Web (2012), Chapters 9-11 and optionally modern web security
13 Network Security Security Problems in TCP/IP (2004)
14 Secure Channels Analysis of SSL 3.0 (1996)
15 Certificates SSL and HTTPS (2013)
16 Message Security + Anonymous Communications Secure messaging (2015) + Tor (2004)
17 Symbolic Execution + Penetration Testing EXE: Automatically generating inputs of death (2006)
18 Secure Storage SUNDR (2004)
19 Side Channel Attacks Spectre (2018)
20 Guest Lecturer

Book Recommendations

There are lots of books you can read on the topic. There are different lenses which you could look at security; however, I would always recommend Ross Anderson's "Security Engineering" as a go-to reference. I have my reasons for such a suggestion: first and foremost, it is a good read, and it is FREE ! You can find lots of interesting stories of failures (and sometime successes) of various security architectures and platforms. Second, by reading this book, you will be at the position to "choose" what will be your next station for reading a security-related book. I will give more suggestions of different books, articles and pieces while we are in the class.

Time Management

TBC

Coursework

The coursework will be available on Blackboard Ultra, in a folder named as "coursework". It is a combination of a written and implementation task. In summary, you will be responsible to implement some attacks, and eventually develop solutions for them. Remember, you can avoid deadline stress if you start working on the coursework early on!

© Ehsan Toreini