Note: This unit version has not been officially published yet and is subject to change!

INFO3616: Principles of Security and Security Engineering (2018 - Semester 2)

Download UoS Outline

Unit: INFO3616: Principles of Security and Security Engineering (6 CP)
Mode: Normal-Day
On Offer: Yes
Level: Senior
Faculty/School: School of Information Technologies
Unit Coordinator/s: Dr Holz, Ralph
Session options: Semester 2
Versions for this Unit:
Campus: Camperdown/Darlington
Pre-Requisites: None.
Prohibitions: ELEC5616 OR INFO2315.
Brief Handbook Description: *Please note: due to a typo, some websites (including the handbook) show this unit in S1 (exclusively, or in addition). CUSP is correct: the unit runs every S2!*

This unit provides an introduction to the many facets of security in the digital and networked world, the challenges that IT systems face, and the design principles that have been developed to build secure systems and counter attacks. The unit puts the focus squarely on providing a thorough understanding of security principles and engineering for security. At the same time, we stress a hands-on approach to teach the state-of-the-art incarnations of security principles and technology, and we practice programming for security. We pay particular attention to the fact that security is much more than just technology as we discuss the fields of usability in security, operational security, and cyber-physical systems. At the end of this unit, graduates are prepared for practical demands in their later careers and know how to tackle new, yet unforeseen challenges.

This unit also serves as the initial step for a specialisation in computer and communications security.
Assumed Knowledge: INFO1110 AND INFO1112 AND INFO1113 AND MATH1064. Knowledge equivalent to the above units is assumed. This means good programming skills in Python or a C-related language, basic networking knowledge, and skills from discrete mathematics. A technical orientation is absolutely required, especially capacity to become familiar with new technology without explicit supervision.
Lecturer/s: Dr Holz, Ralph
Timetable: INFO3616 Timetable
Time Commitment:
# Activity Name Hours per Week Sessions per Week Weeks per Semester
1 Lecture 2.00 1 13
2 Tutorial 2.00 1 12
3 Project Work - own time 4.00 1 8
4 Research 2.00 1 2
5 Independent Study 5.00 1 12

Attributes listed here represent the key course goals (see Course Map tab) designated for this unit. The list below describes how these attributes are developed through practice in the unit. See Learning Outcomes and Assessment tabs for details of how these attributes are assessed.

Attribute Development Method Attribute Developed
Introduction to principles underlying the design of secure systems, including usability aspects. Design (Level 3)
Overview of common technology used to implement secure systems and secure communications, selecting key representatives from each category. Engineering/IT Specialisation (Level 3)
Awareness and some experience with some tools to study the security of an environment. Maths/Science Methods and Tools (Level 3)
Independent retrieval and study of published literature. Information Seeking (Level 3)
Ability to carry out a basic security analysis and present results. Communication (Level 3)
Awareness of ethical, legal & social issues associated with security. Professional Conduct (Level 3)

For explanation of attributes and levels see Engineering & IT Graduate Outcomes Table.

Learning outcomes are the key abilities and knowledge that will be assessed in this unit. They are listed according to the course goal supported by each. See Assessment Tab for details how each outcome is assessed.

Engineering/IT Specialisation (Level 3)
1. Knowledge how security principles are matched to certain technologies and the security goals they achieve.
2. Familiarity with the key representatives of security technologies today.
3. Practical experience in programming for security (software/communications/network)
Design (Level 3)
4. Ability to recognise flaws in IT systems at the design stage.
5. Knowledge of security principles to follow in designing a system, including implications for usability and performance
6. Practical experience in applying security principles in design phase
Information Seeking (Level 3)
7. - Ability to search, retrieve, relevant literature and put it into context of a security setup
Communication (Level 3)
8. - Ability to communicate the results of a security study to a non-security audience
Professional Conduct (Level 3)
9. - Awareness of ethical, legal, and professional issues in security
Maths/Science Methods and Tools (Level 3)
10. - Familiarity with some common tools to explore a security setup and analyse it
Assessment Methods:
# Name Group Weight Due Week Outcomes
1 Assignment 1 No 10.00 Week 4 7, 8, 9,
2 Assignment 2 Yes 20.00 Week 8 1, 4,
3 Assignment 3 Yes 20.00 Week 13 1, 4, 10,
4 Final examination No 50.00 Exam Period 1, 4, 9,
Assessment Description: Assignment 1: independent research of a security issue related to usability and write-up for non-technical audience

Assignment 2: programming exercise (mini-projects) for one or more of software security, web security, communication security

Assignment 3: series of tasks relating to network security

Final exam (50%).
Policies & Procedures: IMPORTANT: School policy relating to Academic Dishonesty and Plagiarism.

In assessing a piece of submitted work, the School of IT may reproduce it entirely, may provide a copy to another member of faculty, and/or to an external plagiarism checking service or in-house computer program and may also maintain a copy of the assignment for future checking purposes and/or allow an external service to do so.

Other policies

See the policies page of the faculty website at http://sydney.edu.au/engineering/student-policies/ for information regarding university policies and local provisions and procedures within the Faculty of Engineering and Information Technologies.
Recommended Reference/s: Note: References are provided for guidance purposes only. Students are advised to consult these books in the university library. Purchase is not required.

Note that the "Weeks" referred to in this Schedule are those of the official university semester calendar https://web.timetable.usyd.edu.au/calendar.jsp

Week Description
Week 1 Lecture: Introduction

- Unit organisation

- Examples of security problems

- Examples of defences
Week 2 Lecture: Usability and Security

- Human psychology and interplay with security

- Design principles for usable security
Tutorial: Usability and Security
Week 3 Lecture: Principles of symmetric cryptography:

- Symmetric-key cryptography

- Randomness

- Secure hashing
Tutorial: Practice and programming with libraries: symmetric-key cryptography and hashing
Week 4 Lecture: Principles of asymmetric cryptography:

- Public-key cryptography

- Public Key Infrastructures
Tutorial: Practice and programming with libraries: asymmetric-key cryptography and signatures
Assessment Due: Assignment 1
Week 5 Lecture: Security goals and security protocols

- Common security goals

- Common designs to achieve security goals

- Abstract protocols for authentication and key establishment
Tutorial: Security goals and security protocols
Week 6 Lecture: Principles and violations of access control

- Multilevel-security

- Access control and privileges in modern operating systems

- Malware and defences
Tutorial: Using OS access control and bypassing it; failures of multilevel security.
Week 7 Lecture: Software security and API security

- Memory-safe and memory-unsafe languages

- Common attack vectors against software

- Writing secure code

- Writing secure APIs
Tutorial: Practice and programming: software security
Week 8 Lecture: Web Security

- Application Layer Security and attacks against Web applications

- Common defences against web attacks
Tutorial: Practice and programming:

- Use of Internet security protocols

- Person-in-the-middle-attacks
Assessment Due: Assignment 2
Week 9 Lecture: Communication Security

- Designs for secure communication over networks

- State-of-the-art protocols for communication security over the Internet and their use
Week 10 Lecture: Network Security

- The network as the attack vector

- Attacks against networks and defences

- Intrusion detection and anomaly detection
Tutorial: Practice: intrusion detection
Week 11 Lecture: Security and the physical world

- Cyber-physical systems

- Operational security

- Regulation: successes and faults
Week 12 Lecture: Privacy

- Data privacy

- Location privacy
Tutorial: Breaking privacy.
Week 13 Lecture: Unit review and buffer time.
Tutorial: Open Q&A.
Assessment Due: Assignment 3
Exam Period Assessment Due: Final examination

Course Relations

The following is a list of courses which have added this Unit to their structure.

Course Year(s) Offered
Software Mid-Year 2018
Software 2017, 2018, 2016
Software / Arts 2017, 2018, 2016
Software / Commerce 2017, 2018, 2016
Software / Medical Science 2017, 2016
Software / Music Studies 2017, 2016
Software / Project Management 2017, 2018, 2016
Software / Science 2017, 2018, 2016
Software/Science (Health) 2018
Software / Law 2018, 2016, 2017
Software/Science (Medical Science Stream) 2018
Bachelor of Advanced Computing/Bachelor of Commerce 2018
Bachelor of Advanced Computing/Bachelor of Science 2018
Bachelor of Advanced Computing/Bachelor of Science (Health) 2018
Bachelor of Advanced Computing/Bachelor of Science (Medical Science) 2018
Bachelor of Advanced Computing (Computational Data Science) 2018
Bachelor of Advanced Computing (Computer Science Major) 2018
Bachelor of Advanced Computing (Information Systems Major) 2018
Bachelor of Advanced Computing (Software Development) 2018
Biomedical Mid-Year 2016, 2017, 2018
Biomedical 2016, 2017, 2018

Course Goals

This unit contributes to the achievement of the following course goals:

Attribute Practiced Assessed
Engineering/IT Specialisation (Level 3) Yes 43%
Design (Level 3) Yes 36%
Information Seeking (Level 3) Yes 4%
Communication (Level 3) Yes 4%
Professional Conduct (Level 3) Yes 7%
Maths/Science Methods and Tools (Level 3) Yes 6%

These goals are selected from Engineering & IT Graduate Outcomes Table which defines overall goals for courses where this unit is primarily offered. See Engineering & IT Graduate Outcomes Table for details of the attributes and levels to be developed in the course as a whole. Percentage figures alongside each course goal provide a rough indication of their relative weighting in assessment for this unit. Note that not all goals are necessarily part of assessment. Some may be more about practice activity. See Learning outcomes for details of what is assessed in relation to each goal and Assessment for details of how the outcome is assessed. See Attributes for details of practice provided for each goal.