Note: This unit version is currently being edited and is subject to change!

INFO3616: Principles of Security and Security Engineering (2020 - Semester 2)

Download UoS Outline

Unit: INFO3616: Principles of Security and Security Engineering (6 CP)
Mode: Normal-Day
On Offer: Yes
Level: Senior
Faculty/School: School of Computer Science
Unit Coordinator/s: Dr Holz, Ralph
Session options: Semester 2
Versions for this Unit:
Campus: Camperdown/Darlington
Pre-Requisites: None.
Prohibitions: ELEC5616 OR INFO2315.
Brief Handbook Description: This unit provides an introduction to the many facets of security in the digital and networked world, the challenges that computer systems face, and the design principles that have been developed to build secure systems and counter attacks. The unit puts the focus squarely on providing a thorough understanding of security principles and engineering for security. At the same time, we stress a hands-on approach to teach the state-of-the-art incarnations of security principles and technology, and we practice programming for security. We pay particular attention to the fact that security is much more than just technology as we discuss the fields of usability in security, operational security, and cyber-physical systems. At the end of this unit, graduates are prepared for practical demands in their later careers and know how to tackle new, yet unforeseen challenges.

This unit also serves as the initial step for a specialisation in computer and communications security.
Assumed Knowledge: (INFO1110 OR INFO1910) AND INFO1112 AND INFO1113 AND MATH1064.
Additional Notes: Knowledge equivalent to the above named units is assumed. This means good programming skills in Python or a C-related language, basic networking knowledge, and skills from discrete mathematics. A technical orientation is absolutely required, especially capacity to become familiar with new technology without explicit supervision.
Lecturer/s: Dr Holz, Ralph
Timetable: INFO3616 Timetable
Time Commitment:
# Activity Name Hours per Week Sessions per Week Weeks per Semester
1 Lecture 2.00 1 13
2 Tutorial 2.00 1 12
3 Revision 2.00 1 12
4 Assessment work 2.00 2 12

Attributes listed here represent the key course goals (see Course Map tab) designated for this unit. The list below describes how these attributes are developed through practice in the unit. See Learning Outcomes and Assessment tabs for details of how these attributes are assessed.

Attribute Development Method Attribute Developed
Applying discrete maths to cryptography. (1) Maths/ Science Methods and Tools (Level 3)
Engineering practices for security; theory and practice (2) Engineering/ IT Specialisation (Level 3)
Solving security challenges (3) Problem Solving and Inventiveness (Level 3)
Ethics in security (8) Professional Effectiveness and Ethical Conduct (Level 3)

For explanation of attributes and levels see Engineering & IT Graduate Outcomes Table 2018.

Learning outcomes are the key abilities and knowledge that will be assessed in this unit. They are listed according to the course goal supported by each. See Assessment Tab for details how each outcome is assessed.

(6) Communication and Inquiry/ Research (Level 3)
1. Search, retrieve, relevant literature and put it into context of a security setup
2. Communicate the results of a security study to a non-security audience
(8) Professional Effectiveness and Ethical Conduct (Level 3)
3. Awareness of ethical, legal, and professional issues in security
(4) Design (Level 3)
4. Recognise flaws in IT systems at the design stage.
5. Knowledge of security principles to follow in designing a system, including implications for usability and performance
6. Apply security principles in design phase
(2) Engineering/ IT Specialisation (Level 3)
7. Knowledge how security principles are matched to certain technologies and the security goals they achieve.
8. Familiarity with the key representatives of security technologies today.
9. Practical experience in programming for security (software/communications/network)
(1) Maths/ Science Methods and Tools (Level 3)
10. Familiarity with some common tools to explore a security setup and analyse it
Assessment Methods:
# Name Group Weight Due Week Outcomes
1 Final examination No 60.00 Exam Period 3, 4, 7,
2 Weekly assignments (10-12 weeks) Yes 15.00 Multiple Weeks 1, 2, 3, 4, 7, 10,
3 Quizzes No 25.00 Multiple Weeks 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
Assessment Description: Weekly assignments: 15%. We run weekly assignments, which take at most 2-3 hours to complete. There are two submissions. The first submission must be an honest attempt to solve the question; this is sufficient for full credit. The answers do not need to be correct. Solutions will be discussed in the tutorials, where feedback will also be provided. Solutions are then released, and students have a second attempt. Here, they are asked to identify the mistake they made in their first submission and state how that prevented them from reaching the correct solution. Self-corrections double the previously achieved credit. Across all marks achievable in these assignments, students must achieve at least 75% to pass. (Note that the first submission alone can cover the first 50%).

2 quizzes (one at 10%, one at 15%).

Final exam (60%).
Assessment Feedback: In tutorials. We also use a chat channel to discuss.
Policies & Procedures: IMPORTANT: School policy relating to Academic Dishonesty and Plagiarism.

In assessing a piece of submitted work, the School of Computer Science may reproduce it entirely, may provide a copy to another member of faculty, and/or to an external plagiarism checking service or in-house computer program and may also maintain a copy of the assignment for future checking purposes and/or allow an external service to do so.

Other policies

See the policies page of the faculty website at for information regarding university policies and local provisions and procedures within the Faculty of Engineering and Information Technologies.
Recommended Reference/s: Note: References are provided for guidance purposes only. Students are advised to consult these books in the university library. Purchase is not required.

Note that the "Weeks" referred to in this Schedule are those of the official university semester calendar

Week Description
Week 1 Lecture: Introduction

- Unit organisation

- Examples of security problems

- Security goals
Week 2 Lecture: Usability and Security

- Human psychology and interplay with security

- Design principles for usable security
Week 3 Lecture/Tutorial: Access Control 1

- Reference framework

- Models
Week 4 Lecture/Tutorial: Access Control 2

- AC in Operating Systems

- Virtualisation
Week 5 Lecture/Tutorial: Symmetric cryptography

- Principles

- Common building blocks

- Examples
Week 6 Lecture/Tutorial: Public key cryptography

- Principles

- Maths

- Examples and applications
Week 7 Lecture/Tutorial: Hashes, MACs, and Signatures. Protocols for Authentication and Key Establishment.

- One-way hash functions

- Message Authentication Codes and digital signatures

- Building blocks of protocols

- Protocol examples
Week 8 Lecture/Tutorial: Key Distribution. Intro to Network Security.

- Needham-Schroeder protocol and Kerberos


- Recap Internet protocol stack

- Attacks on the Internet
Week 9 Lecture/Tutorial: Security at Layers 4 and 3. VPNs.


- IPSec and IKEv2

- VPNs
Week 10 Lecture: Web Security

- Contemporary Web technologies and attack vectors

- Classic attacks (SQLi, XSS, CSRF)

- Defences
Week 11 Lecture/Tutorial: Software security

- Problems in software security

- Memory safety

- Stack overflow and other classic attacks

- Defences
Week 12 Lecture/Tutorial: Threat Modelling

- Principles

- The Microsoft method

- Limitations
Week 13 Lecture/Tutorial: Data privacy

- Anonymity

- Pseudonymisation with k-anonymity, l-diversity, t-closeness

- Differential privacy
Exam Period Assessment Due: Final examination

Course Relations

The following is a list of courses which have added this Unit to their structure.

Course Year(s) Offered
Software Mid-Year 2018, 2019, 2020, 2021
Software/ Project Management 2019, 2020
Software 2017, 2018, 2019, 2020, 2021, 2016
Software / Arts 2017, 2018, 2019, 2020, 2016
Software / Commerce 2017, 2018, 2019, 2020, 2016
Software / Medical Science 2017, 2016
Software / Music Studies 2017, 2016
Software / Project Management 2017, 2018, 2016
Software / Science 2017, 2018, 2019, 2020, 2016
Software/Science (Health) 2018, 2019, 2020
Software / Law 2018, 2019, 2020, 2016, 2017
Software/Science (Medical Science Stream) 2018, 2019, 2020
Bachelor of Advanced Computing/Bachelor of Commerce 2018, 2019, 2020
Bachelor of Advanced Computing/Bachelor of Science 2018, 2019, 2020
Bachelor of Advanced Computing/Bachelor of Science (Health) 2018, 2019, 2020
Bachelor of Advanced Computing/Bachelor of Science (Medical Science) 2018, 2019, 2020
Bachelor of Advanced Computing (Computational Data Science) 2018, 2019, 2020
Bachelor of Advanced Computing (Computer Science Major) 2018, 2019, 2020
Bachelor of Advanced Computing (Information Systems Major) 2018, 2019, 2020
Bachelor of Advanced Computing (Software Development) 2018, 2019, 2020
Biomedical Mid-Year 2016, 2017, 2018, 2019, 2020
Biomedical 2016, 2017, 2018, 2019, 2020

Course Goals

This unit contributes to the achievement of the following course goals:

Attribute Practiced Assessed
(6) Communication and Inquiry/ Research (Level 3) No 11%
(8) Professional Effectiveness and Ethical Conduct (Level 3) Yes 10%
(5) Interdisciplinary, Inclusiveness, Influence (Level 3) No 0%
(4) Design (Level 3) No 34.5%
(2) Engineering/ IT Specialisation (Level 3) Yes 40.5%
(3) Problem Solving and Inventiveness (Level 3) Yes 0%
(1) Maths/ Science Methods and Tools (Level 3) Yes 4%

These goals are selected from Engineering & IT Graduate Outcomes Table 2018 which defines overall goals for courses where this unit is primarily offered. See Engineering & IT Graduate Outcomes Table 2018 for details of the attributes and levels to be developed in the course as a whole. Percentage figures alongside each course goal provide a rough indication of their relative weighting in assessment for this unit. Note that not all goals are necessarily part of assessment. Some may be more about practice activity. See Learning outcomes for details of what is assessed in relation to each goal and Assessment for details of how the outcome is assessed. See Attributes for details of practice provided for each goal.