Computer Laboratory

Course pages 2014–15

Computer Security: Current Applications and Research

Principal lecturer: Prof Ross Anderson
Additional lecturers: Dr Robert Watson, Dr Frank Stajano, Dr Alastair Beresford
Taken by: MPhil ACS, Part III
Code: R210
Hours: 16 (8 × two-hour seminar sessions)
Prerequisites: It is recommended that students undertaking this course also take the Michaelmas term course R209 Computer Security: Principles and Foundations.

Aims

In the second security course in the ACS, we turn our attention to active research topics in computer security at the Computer Laboratory. One unifying theme is how to build secure systems at scale that contain more secure and less secure components. Building on the lessons from multilevel secure systems and security protocols discussed in the first course, we will explore infrastructure versus applications; services versus clients; the use of smartcards and other cryptographic processors; API security; and failure modes from covert channels to concurrency vulnerabilities.

Syllabus

There will be eight two-hour seminars on the following topics. Students are expected to read the required set papers before each class. All students are expected to submit a brief written summary of the readings in advance of each class, and students will be nominated to give brief presentations of each paper, or of cross-cutting aspects of all the papers, to lead discussion.

  • Security of the Internet infrastructure
  • Covert and anonymous communications
  • Bootstrapping security relationships
  • Research topics: API security
  • Research topics: Tampering with hardware
  • Research topics: Contemporary capability systems
  • Research topics: Malware reverse engineering
  • Research topics: Payment systems

Objectives

On completion of this module, students should:

  • understand some of the problems of protecting large-scale systems where only some of the components can be defended against capable motivated opponents
  • appreciate a number of current areas of security research at Cambridge

Coursework

Participants will be expected to undertake six hours of preparatory work before each meeting. This will involve:

  • Reading a set number of papers
  • Following up references and other related work
  • Writing a weekly essay summarising assigned papers or, as assigned by the course instructor, preparing and delivering a 20-minute presentation on a specific paper
  • Essay text or presentation slides must be submitted both on paper to the graduate education office, and by e-mail, by the specified deadline
  • Participating in class discussion on both the assigned papers and broader issues raised by the week's readings

Each week, three class participants will be assigned to introduce an assigned papers via 20-minute presentations as if reporting the work at a conference. This will be followed by five minutes of questions and ten minutes of discussion. The final fifteen minutes of the class will be spent discussuing the broader issues raised by the week's papers.

Students will give at least one presentation each term, but are not required to submit a paper on weeks where they are also presenting. Slides must be used, and it is strongly recommended that speakers make use of illustrations in conveying the material of the paper. For logistical reasons, an instructor-provided computer will be used for all presentations; no last-minute substitution of slides is permitted.

Weekly essays will be up to 1,500 words summarising the complete set of assigned papers, identifying common themes, discussing the broader context, and enumerating possible class discussion topics. While essays need not be 1,500 words in length, participants are advised that essays under 800 words are unlikely to contain sufficient detail or discussion to achieve full marks.

All participants are expected to attend and participate in every class; the instructor must be notified of any absences in advance.

Practical work

None

Assessment

Each week, course participants are awarded a maximum of 10 marks reflecting the quality of the submitted essay or presentation. The lowest essay or presentation mark of the term will be dropped. Remaining marks will be scaled to a maximum final score out of 100.

For essays, a total of ten marks can be awarded. Up to two marks are assigned for adequate coverage of each of five sections/areas: summary of papers; discussion of key themes spanning the papers; consideration of current context; literature review; and class discussion questions.

For presentations, a total of ten marks can be awarded. Criteria include: effective teaching of the key ideas; a critical evaluation of the work; tracing related research; considering current implications vs historical context of the work; and successful answering of Q&A as well as triggering a useful and interesting class discussion.

All submitted essays should provide a word count.

Recommended reading

Anderson, R. J. (2008). Security Engineering, Wiley (second edition)
Gollmann, D. (2010). Computer Security, Wiley