Note: This unit version is currently being edited and is subject to change!

INFO3616: Principles of Security and Security Engineering (2018 - Semester 2)

Download UoS Outline

Unit: INFO3616: Principles of Security and Security Engineering (6 CP)
Mode: Normal-Day
On Offer: Yes
Level: Senior
Faculty/School: School of Computer Science
Unit Coordinator/s: Dr Holz, Ralph
Session options: Semester 2
Versions for this Unit:
Campus: Camperdown/Darlington
Pre-Requisites: None.
Prohibitions: ELEC5616 OR INFO2315.
Brief Handbook Description: *Please note: due to a typo, some websites (including the handbook) show this unit in S1 (exclusively, or in addition). CUSP is correct: the unit runs every S2!*

This unit provides an introduction to the many facets of security in the digital and networked world, the challenges that IT systems face, and the design principles that have been developed to build secure systems and counter attacks. The unit puts the focus squarely on providing a thorough understanding of security principles and engineering for security. At the same time, we stress a hands-on approach to teach the state-of-the-art incarnations of security principles and technology, and we practice programming for security. We pay particular attention to the fact that security is much more than just technology as we discuss the fields of usability in security, operational security, and cyber-physical systems. At the end of this unit, graduates are prepared for practical demands in their later careers and know how to tackle new, yet unforeseen challenges.

This unit also serves as the initial step for a specialisation in computer and communications security.
Assumed Knowledge: INFO1110 AND INFO1112 AND INFO1113 AND (MATH1064 OR MATH2069 OR MATH2969 OR MATH2068 OR MATH2988). Knowledge equivalent to the above units is assumed. This means good programming skills in Python or a C-related language, basic networking knowledge, and skills from discrete mathematics. A technical orientation is absolutely required, especially capacity to become familiar with new technology without explicit supervision.
Lecturer/s: Dr Holz, Ralph
Timetable: INFO3616 Timetable
Time Commitment:
# Activity Name Hours per Week Sessions per Week Weeks per Semester
1 Lecture 2.00 1 13
2 Tutorial 2.00 1 12
3 Project Work - own time 4.00 1 8
4 Research 2.00 1 2
5 Independent Study 5.00 1 12

Attributes listed here represent the key course goals (see Course Map tab) designated for this unit. The list below describes how these attributes are developed through practice in the unit. See Learning Outcomes and Assessment tabs for details of how these attributes are assessed.

Attribute Development Method Attribute Developed
Introduction to principles underlying the design of secure systems, including usability aspects. Design (Level 3)
Overview of common technology used to implement secure systems and secure communications, selecting key representatives from each category. Engineering/IT Specialisation (Level 3)
Awareness and some experience with some tools to study the security of an environment. Maths/Science Methods and Tools (Level 3)
Independent retrieval and study of published literature. Information Seeking (Level 3)
Ability to carry out a basic security analysis and present results. Communication (Level 3)
Awareness of ethical, legal & social issues associated with security. Professional Conduct (Level 3)

For explanation of attributes and levels see Engineering & IT Graduate Outcomes Table 2018.

Learning outcomes are the key abilities and knowledge that will be assessed in this unit. They are listed according to the course goal supported by each. See Assessment Tab for details how each outcome is assessed.

Engineering/IT Specialisation (Level 3)
1. Knowledge how security principles are matched to certain technologies and the security goals they achieve.
2. Familiarity with the key representatives of security technologies today.
3. Practical experience in programming for security (software/communications/network)
Design (Level 3)
4. Ability to recognise flaws in IT systems at the design stage.
5. Knowledge of security principles to follow in designing a system, including implications for usability and performance
6. Practical experience in applying security principles in design phase
Information Seeking (Level 3)
7. - Ability to search, retrieve, relevant literature and put it into context of a security setup
Communication (Level 3)
8. - Ability to communicate the results of a security study to a non-security audience
Professional Conduct (Level 3)
9. - Awareness of ethical, legal, and professional issues in security
Maths/Science Methods and Tools (Level 3)
10. - Familiarity with some common tools to explore a security setup and analyse it
Assessment Methods:
# Name Group Weight Due Week Outcomes
1 Final examination No 50.00 Exam Period 1, 4, 9,
2 Weekly assignments No 30.00 Multiple Weeks (Sunday, 11 pm) 1, 4, 7, 8, 9, 10,
3 Quizzes No 20.00 Multiple Weeks (During your timetabled class) 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
Assessment Description: This unit will trial a new form of assessment: weekly assignments that are self-graded using a novel incentive scheme. The following rules apply:

- Students submit their solution BEFORE the tutorial hours. One credit point is awarded per task if an honest attempt at solving it is discernible (and no plagiarism is detected). Note that the solution does NOT have to be correct - just an honest, discernible attempt.

- IN the tutorial, we present and discuss correct solutions. Students are asked to submit corrections explaining what they did wrong and what the correct solution would have been. Note that the sample solutions are available at this stage!

- AFTER the tutorial, 1 credit point per submitted, corrected task is awarded. If a submission for a task was correct from the start, 1cr is also awarded.

Student MUST achieve 80% of these credits to pass the unit. The total achieved credits is then summed up and counted with a weight of 50% towards the final grade.

The final exam is worth 50%.
Assessment Feedback: Assessment are self-graded; feedback will be given in tutorials/labs.
Policies & Procedures: IMPORTANT: School policy relating to Academic Dishonesty and Plagiarism.

In assessing a piece of submitted work, the School of IT may reproduce it entirely, may provide a copy to another member of faculty, and/or to an external plagiarism checking service or in-house computer program and may also maintain a copy of the assignment for future checking purposes and/or allow an external service to do so.

Other policies

See the policies page of the faculty website at http://sydney.edu.au/engineering/student-policies/ for information regarding university policies and local provisions and procedures within the Faculty of Engineering and Information Technologies.
Recommended Reference/s: Note: References are provided for guidance purposes only. Students are advised to consult these books in the university library. Purchase is not required.

Note that the "Weeks" referred to in this Schedule are those of the official university semester calendar https://web.timetable.usyd.edu.au/calendar.jsp

Week Description
Week 1 Lecture: Introduction

- Unit organisation

- Examples of security problems

- Examples of defences
Week 2 Tutorial: Usability and Security
Lecture: Usability and Security

- Human psychology and interplay with security

- Design principles for usable security
Week 3 Tutorial: Practice and programming with libraries: symmetric-key cryptography and hashing
Lecture: Principles of symmetric cryptography:

- Symmetric-key cryptography

- Randomness

- Secure hashing
Week 4 Lecture: Principles of asymmetric cryptography:

- Public-key cryptography

- Public Key Infrastructures
Tutorial: Practice and programming with libraries: asymmetric-key cryptography and signatures
Week 5 Lecture: Security goals and security protocols

- Common security goals

- Common designs to achieve security goals

- Abstract protocols for authentication and key establishment
Tutorial: Security goals and security protocols
Week 6 Lecture: Principles and violations of access control

- Multilevel-security

- Access control and privileges in modern operating systems

- Malware and defences
Tutorial: Using OS access control and bypassing it; failures of multilevel security.
Week 7 Lecture: Software security and API security

- Memory-safe and memory-unsafe languages

- Common attack vectors against software

- Writing secure code

- Writing secure APIs
Tutorial: Practice and programming: software security
Week 8 Lecture: Web Security

- Application Layer Security and attacks against Web applications

- Common defences against web attacks
Tutorial: Practice and programming:

- Use of Internet security protocols

- Person-in-the-middle-attacks
Week 9 Lecture: Communication Security

- Designs for secure communication over networks

- State-of-the-art protocols for communication security over the Internet and their use
Week 10 Lecture: Network Security

- The network as the attack vector

- Attacks against networks and defences

- Intrusion detection and anomaly detection
Tutorial: Practice: intrusion detection
Week 11 Lecture: Security and the physical world

- Cyber-physical systems

- Operational security

- Regulation: successes and faults
Week 12 Lecture: Privacy

- Data privacy

- Location privacy
Tutorial: Breaking privacy.
Week 13 Lecture: Unit review and buffer time.
Tutorial: Open Q&A.
Exam Period Assessment Due: Final examination

Course Relations

The following is a list of courses which have added this Unit to their structure.

Course Year(s) Offered
Software Mid-Year 2018, 2019
Software/ Project Management 2019
Software 2017, 2018, 2019, 2016
Software / Arts 2017, 2018, 2019, 2016
Software / Commerce 2017, 2018, 2019, 2016
Software / Medical Science 2017, 2016
Software / Music Studies 2017, 2016
Software / Project Management 2017, 2018, 2016
Software / Science 2017, 2018, 2019, 2016
Software/Science (Health) 2018, 2019
Software / Law 2018, 2019, 2016, 2017
Software/Science (Medical Science Stream) 2018, 2019
Bachelor of Advanced Computing/Bachelor of Commerce 2018, 2019
Bachelor of Advanced Computing/Bachelor of Science 2018, 2019
Bachelor of Advanced Computing/Bachelor of Science (Health) 2018, 2019
Bachelor of Advanced Computing/Bachelor of Science (Medical Science) 2018, 2019
Bachelor of Advanced Computing (Computational Data Science) 2018, 2019
Bachelor of Advanced Computing (Computer Science Major) 2018, 2019
Bachelor of Advanced Computing (Information Systems Major) 2018, 2019
Bachelor of Advanced Computing (Software Development) 2018, 2019
Biomedical Mid-Year 2016, 2017, 2018, 2019
Biomedical 2016, 2017, 2018, 2019

Course Goals

This unit contributes to the achievement of the following course goals:

Attribute Practiced Assessed
Engineering/IT Specialisation (Level 3) Yes 37%
Design (Level 3) Yes 32%
Information Seeking (Level 3) Yes 8%
Communication (Level 3) Yes 8%
Professional Conduct (Level 3) Yes 10%
Maths/Science Methods and Tools (Level 3) Yes 5%

These goals are selected from Engineering & IT Graduate Outcomes Table 2018 which defines overall goals for courses where this unit is primarily offered. See Engineering & IT Graduate Outcomes Table 2018 for details of the attributes and levels to be developed in the course as a whole. Percentage figures alongside each course goal provide a rough indication of their relative weighting in assessment for this unit. Note that not all goals are necessarily part of assessment. Some may be more about practice activity. See Learning outcomes for details of what is assessed in relation to each goal and Assessment for details of how the outcome is assessed. See Attributes for details of practice provided for each goal.