Note: This unit version is currently being edited and is subject to change!

INFO3616: Principles of Security and Security Engineering (2019 - Semester 2)

Download UoS Outline

Unit: INFO3616: Principles of Security and Security Engineering (6 CP)
Mode: Normal-Day
On Offer: Yes
Level: Senior
Faculty/School: School of Computer Science
Unit Coordinator/s: Dr Holz, Ralph
Session options: Semester 2
Versions for this Unit:
Campus: Camperdown/Darlington
Pre-Requisites: None.
Prohibitions: ELEC5616 OR INFO2315.
Brief Handbook Description: This unit provides an introduction to the many facets of security in the digital and networked world, the challenges that computer systems face, and the design principles that have been developed to build secure systems and counter attacks. The unit puts the focus squarely on providing a thorough understanding of security principles and engineering for security. At the same time, we stress a hands-on approach to teach the state-of-the-art incarnations of security principles and technology, and we practice programming for security. We pay particular attention to the fact that security is much more than just technology as we discuss the fields of usability in security, operational security, and cyber-physical systems. At the end of this unit, graduates are prepared for practical demands in their later careers and know how to tackle new, yet unforeseen challenges.

This unit also serves as the initial step for a specialisation in computer and communications security.
Assumed Knowledge: (INFO1110 OR INFO1910) AND INFO1112 AND INFO1113 AND MATH1064.
Additional Notes: Knowledge equivalent to the above units is assumed. This means good programming skills in Python or a C-related language, basic networking knowledge, and skills from discrete mathematics. A technical orientation is absolutely required, especially capacity to become familiar with new technology without explicit supervision.
Lecturer/s: Dr Holz, Ralph
Timetable: INFO3616 Timetable
Time Commitment:
# Activity Name Hours per Week Sessions per Week Weeks per Semester
1 Lecture 2.00 1 13
2 Tutorial 2.00 1 12
3 Project Work - own time 4.00 1 8
4 Research 2.00 1 2
5 Independent Study 5.00 1 12

Learning outcomes are the key abilities and knowledge that will be assessed in this unit. They are listed according to the course goal supported by each. See Assessment Tab for details how each outcome is assessed.

(6) Communication and Inquiry/ Research (Level 3)
1. Search, retrieve, relevant literature and put it into context of a security setup
2. Communicate the results of a security study to a non-security audience
(8) Professional Effectiveness and Ethical Conduct (Level 3)
3. Awareness of ethical, legal, and professional issues in security
(4) Design (Level 3)
4. Recognise flaws in IT systems at the design stage.
5. Knowledge of security principles to follow in designing a system, including implications for usability and performance
6. Apply security principles in design phase
(2) Engineering/ IT Specialisation (Level 3)
7. Knowledge how security principles are matched to certain technologies and the security goals they achieve.
8. Familiarity with the key representatives of security technologies today.
9. Practical experience in programming for security (software/communications/network)
(1) Maths/ Science Methods and Tools (Level 3)
10. Familiarity with some common tools to explore a security setup and analyse it
Assessment Methods:
# Name Group Weight Due Week Outcomes
1 Final examination No 60.00 Exam Period 3, 4, 7,
2 Weekly assignments (12 weeks) Yes 15.00 Multiple Weeks (Friday, 11 pm) 1, 2, 3, 4, 7, 10,
3 Quizzes No 25.00 Multiple Weeks 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
Assessment Description: Assignments: 15%. We run weekly assignments, which take at most 2-3 hours to complete. There are two submissions. The first submission must be an honest attempt to solve the question; this is sufficient for full credit. The answers do not have to be correct. Solutions will be discussed in the tutorials, where feedback will also be provided. Solutions are then released, and students have a second attempt. Here, they are asked to identify the mistake they made in their first submission and state how that prevented them from reaching the correct solution. Self-corrections double the previously achieved credit. Across all marks achievable in these assignments, students must achieve at least 75% to pass. (Note that the first submission alone will easily cover the first 50%)

2 quizzes (one at 10%, one at 15%).

Final exam (60%).
Assessment Feedback: In tutorials. We also use a chat channel to discuss.
Policies & Procedures: IMPORTANT: School policy relating to Academic Dishonesty and Plagiarism.

In assessing a piece of submitted work, the School of Computer Science may reproduce it entirely, may provide a copy to another member of faculty, and/or to an external plagiarism checking service or in-house computer program and may also maintain a copy of the assignment for future checking purposes and/or allow an external service to do so.

Other policies

See the policies page of the faculty website at http://sydney.edu.au/engineering/student-policies/ for information regarding university policies and local provisions and procedures within the Faculty of Engineering and Information Technologies.
Recommended Reference/s: Note: References are provided for guidance purposes only. Students are advised to consult these books in the university library. Purchase is not required.

Note that the "Weeks" referred to in this Schedule are those of the official university semester calendar https://web.timetable.usyd.edu.au/calendar.jsp

Week Description
Week 1 Lecture: Introduction

- Unit organisation

- Examples of security problems

- Examples of defences
Week 2 Lecture: Usability and Security

- Human psychology and interplay with security

- Design principles for usable security
Tutorial: Usability and Security
Week 3 Lecture: Principles of symmetric cryptography:

- Symmetric-key cryptography

- Randomness

- Secure hashing
Tutorial: Practice and programming with libraries: symmetric-key cryptography and hashing
Week 4 Lecture: Principles of asymmetric cryptography:

- Public-key cryptography

- Public Key Infrastructures
Tutorial: Practice and programming with libraries: asymmetric-key cryptography and signatures
Week 5 Lecture: Security goals and security protocols

- Common security goals

- Common designs to achieve security goals

- Abstract protocols for authentication and key establishment
Tutorial: Security goals and security protocols
Week 6 Lecture: Principles and violations of access control

- Multilevel-security

- Access control and privileges in modern operating systems

- Malware and defences
Tutorial: Using OS access control and bypassing it; failures of multilevel security.
Week 7 Lecture: Software security and API security

- Memory-safe and memory-unsafe languages

- Common attack vectors against software

- Writing secure code

- Writing secure APIs
Tutorial: Practice and programming: software security
Week 8 Lecture: Web Security

- Application Layer Security and attacks against Web applications

- Common defences against web attacks
Tutorial: Practice and programming:

- Use of Internet security protocols

- Person-in-the-middle-attacks
Week 9 Lecture: Communication Security

- Designs for secure communication over networks

- State-of-the-art protocols for communication security over the Internet and their use
Week 10 Lecture: Network Security

- The network as the attack vector

- Attacks against networks and defences

- Intrusion detection and anomaly detection
Tutorial: Practice: intrusion detection
Week 11 Lecture: Security and the physical world

- Cyber-physical systems

- Operational security

- Regulation: successes and faults
Week 12 Lecture: Privacy

- Data privacy

- Location privacy
Tutorial: Breaking privacy.
Week 13 Lecture: Unit review and buffer time.
Tutorial: Open Q&A.
Exam Period Assessment Due: Final examination

Course Relations

The following is a list of courses which have added this Unit to their structure.

Course Year(s) Offered
Software Mid-Year 2018, 2019
Software/ Project Management 2019
Software 2017, 2018, 2019, 2016
Software / Arts 2017, 2018, 2019, 2016
Software / Commerce 2017, 2018, 2019, 2016
Software / Medical Science 2017, 2016
Software / Music Studies 2017, 2016
Software / Project Management 2017, 2018, 2016
Software / Science 2017, 2018, 2019, 2016
Software/Science (Health) 2018, 2019
Software / Law 2018, 2019, 2016, 2017
Software/Science (Medical Science Stream) 2018, 2019
Bachelor of Advanced Computing/Bachelor of Commerce 2018, 2019
Bachelor of Advanced Computing/Bachelor of Science 2018, 2019
Bachelor of Advanced Computing/Bachelor of Science (Health) 2018, 2019
Bachelor of Advanced Computing/Bachelor of Science (Medical Science) 2018, 2019
Bachelor of Advanced Computing (Computational Data Science) 2018, 2019
Bachelor of Advanced Computing (Computer Science Major) 2018, 2019
Bachelor of Advanced Computing (Information Systems Major) 2018, 2019
Bachelor of Advanced Computing (Software Development) 2018, 2019
Biomedical Mid-Year 2016, 2017, 2018, 2019
Biomedical 2016, 2017, 2018, 2019

Course Goals

This unit contributes to the achievement of the following course goals:

Attribute Practiced Assessed
(6) Communication and Inquiry/ Research (Level 3) No 11%
(8) Professional Effectiveness and Ethical Conduct (Level 3) No 10%
(5) Interdisciplinary, Inclusiveness, Influence (Level 3) No 0%
(4) Design (Level 3) No 34.5%
(2) Engineering/ IT Specialisation (Level 3) No 40.5%
(3) Problem Solving and Inventiveness (Level 3) No 0%
(1) Maths/ Science Methods and Tools (Level 3) No 4%

These goals are selected from Engineering & IT Graduate Outcomes Table 2018 which defines overall goals for courses where this unit is primarily offered. See Engineering & IT Graduate Outcomes Table 2018 for details of the attributes and levels to be developed in the course as a whole. Percentage figures alongside each course goal provide a rough indication of their relative weighting in assessment for this unit. Note that not all goals are necessarily part of assessment. Some may be more about practice activity. See Learning outcomes for details of what is assessed in relation to each goal and Assessment for details of how the outcome is assessed. See Attributes for details of practice provided for each goal.