IY5512 - Computer Security
IY5512 is
one of the four modules making up Core A of the Information
Security MSc. The aims of the module are to introduce the
security issues that computer systems must address and to
describe some of the techniques for implementing security in
operating systems.
Lectures took place in Bourne Lecture Theatre 1 (BLT1) on
Monday afternoons (14:00 – 17:00) during the autumn term; the first
of the eleven lectures was on 28/9/15 and the last was on
7/12/15.
The
course leader is Chris
Mitchell.
Teaching material
Copies of the lecture presentations for the 2015/16 academic
year are provided via this web page. Please note that the handouts
will be subject to minor modifications during and after
delivery of the course to correct any discovered errors,
remove redundancy, and/or add additional clarifications.
- Part 0: Preliminaries and introduction to computer
systems (available in the following formats for easy
printing: 1-up
colour, 2-up
colour, 1-up
monochrome, 2-up
monochrome);
- Part 1: Introduction to computer security (available in the following formats for easy
printing: 1-up
colour, 2-up
colour, 1-up
monochrome, 2-up
monochrome);
- Part 2: Design and evaluation (available in the following formats for easy
printing: 1-up
colour, 2-up
colour, 1-up
monochrome, 2-up
monochrome);
- Part 3: Hardware security (available in the following formats for easy
printing: 1-up
colour, 2-up
colour, 1-up
monochrome, 2-up
monochrome);
- Part 4: Software security (available in the following formats for easy
printing: 1-up
colour, 2-up
colour, 1-up
monochrome, 2-up
monochrome);
- Part 5: Identification and authentication (available in the following formats for easy
printing: 1-up
colour, 2-up
colour, 1-up
monochrome, 2-up
monochrome);
- Part 6: Authorisation (available in the following formats for easy
printing: 1-up
colour, 2-up
colour, 1-up
monochrome, 2-up
monochrome);
- Part 7a: Unix security - which was presented by Antony Stone on
26th October 2015 (available in the following format only: 1-up
colour);
- Part 7b: Windows security (available in the following formats for easy
printing: 1-up
colour, 2-up
colour, 1-up
monochrome, 2-up
monochrome).
This course has the following associated (optional, non-assessed)
coursework. Each piece of coursework is associated with one
part of the course (as indicated by the number). If feedback is
required on your coursework solutions, please submit them via the
course page on Moodle
before the deadline specified below. Worked solutions will be provided as
the course progresses.
- Coursework 0.
The deadline for submissions requiring feedback was 23:59 UK time
on Friday 9/10/15.
- Coursework 1.
The deadline for submissions requiring feedback was 23:59 UK time
on Friday 16/10/15.
- Coursework 2.
The deadline for submissions requiring feedback was 23:59 UK time
on Friday 23/10/15.
- Coursework 3.
The deadline for submissions requiring feedback was 23:59 UK time
on Friday 30/10/15.
- Coursework 4.
The deadline for submissions requiring feedback was 23:59 UK time
on Friday 20/11/15.
- Coursework 5.
The deadline for submissions requiring feedback was 23:59 UK time
on Friday 27/11/15.
- Coursework 6.
The deadline for submissions requiring feedback was 23:59 UK time
on Friday 4/12/15.
- Coursework 7a.
The deadline for submissions requiring feedback was 23:59 UK time
on Friday 6/11/15.
- Coursework 7b.
The deadline for submissions requiring feedback was 23:59 UK time
on Friday 11/12/15.
Background material
Links of
potential use for this course are as follows
- Computing background: The
following books are recommended:
- J. L. Hennessy and D. A. Patterson, Computer
Architecture: A Quantitative Approach.
- A. S. Tanenbaum, Modern Operating Systems.
Prentice-Hall.
- Security principles:
- Security standards links:
- The Internet (IETF) documents, including current
drafts, are all available at the IETF home
page.
- For information
regarding published ISO standards, see the ISO web
site. Note that those ISO standards that are publicly
available (only a small number I'm afraid) are
available here.
- Identity verification:
- Secure software development:
- The Microsoft Security Development Lifecycle
(SDL) web
page is highly recommended. As stated on the page
'The SDL is ... [a] software security assurance
process. A Microsoft-wide initiative and a
mandatory policy since 2004, the SDL introduces
security and privacy throughout the development
process'. Of particular interest to all
developers are the wide range of development tools
provided for free download.
- The SDL
Progress Report describes the evolution of the
SDL and how it has been used in Microsoft.
- Vulnerabilities:
- The Microsoft
Security Intelligence Report (SIR) provides
analyses of the changing threat landscape, including
software vulnerability disclosures and exploits, malicious
software (malware), and potentially unwanted
software.
- McAfee provides a nice range of free
tools to test
your understanding of penetration testing and
finding vulnerabilities.
- This
site
provides a fascinating insight into how Microsoft
manages software vulnerabilities.
- A nice example of an attack using DMA is described
here
[thanks to Daan Stakenburg for the link].
- There is a really neat animated
explanation of buffer overflow attacks here
[thanks to Daan Stakenburg for this
one].
- SOPHOS provide a very nice analysis of threats and vulnerabilities, amongst many other useful resources on their web pages.
- Hardware
security:
- A helpful description of some of the features of
Intel VT-d is provided here.
- Information about the historic CIH BIOS-destroying
virus is available on this Wikipedia
page, and a very nice video of the virus in
action is available on YouTube
[thanks to Dimitra Anastasopoulou for these
links].
- Windows
security:
- A detailed and very helpful description of 'How
Security Descriptors and Access Control Lists
work' is available here
[thanks to Matthew Hodgson for this link].
- General:
Further
security links (including a range of links to security
standards pages) are available from Chris Mitchell's
home
page.
This page was created by Chris Mitchell. Please
email all comments and corrections to me@chrismitchell.net.
This page was most recently updated on 10/6/16.
Back to the ISG home
page, Back to Royal
Holloway Home Page