Computer Laboratory

Course pages 2015–16

Computer Security: Principles and Foundations


Essays are limited to 1,500 words, excluding title, headings, and bibliography; essays must indicate the word count. The goal is for this to be a short and pithy essay; the word limit is intended to ensure they don't become longer works (3000-word), which would be a natural temptation. Gratuitous word-count excess will be penalised by no less than 0.25 marks.

The summary section of the paper will, by virtue of its breadth, be the longest, followed by key themes. Current context and related work will generally be roughly equal in length. Discussion questions will be the shortest section, and consist of a bullet list.

These essays are a work of synthesis rather than creativity: you are reporting on and analysing original work by others, rather than proposing or validating new ideas. The format described here should be adhered to as we will look for (and mark) each of the described sessions, with each evaluated in terms of the goals laid out below. Although formulaic, this essay structure is intended to both prepare you for classroom discussion, and train you in specific research and writing skills (such as bibliographic research and presentation of related work) that will be valuable in the future.


This section will present brief summaries of each assigned reading (1-3 paragraphs each), focusing on the key intellectual contributions of each. Given the space you will only be able to draw out a few key ideas, vocabulary, and contributions. Most readings will be making quite a constrained set of points, albeit drawing those points out and evaluating them in great detail. For surveys, you may find you have to selectively highlight the observations of the paper for reasons of space. Through most of the year we will have 3 readings/week; some sessions have heavier reading loads, requiring more abbreviated summaries.

Be careful to avoid replicating the abstract/introduction/conclusion of the readings; if, for example, we look at a security model, be sure to draw out some of the mechanism of the model, rather than just observing its existence as might be done in a paper abstract. Space permitting, it would also be useful to draw out the critical assumptions, constraints, or limitations of the approach.

Key themes

Bring to our attention three key themes spanning the papers. There should be a bit of subtlety here: we are aware that all the economics papers are on economics. Instead, focus on key insights across the papers, problems, or preoccupations presenting in each; for example, where they take differing views on an important idea, leading to differing conclusions.

Ideas in current context

The purpose of this section is for you to ponder how some of the ideas from past research ideas might apply to current-day problems. For example, how might a set of ideas apply to medical information systems, cloud computing, etc., that were not present at the time the paper was written. Are the ideas in the paper still applicable? Have they been forgotten or are they used today? What limitations might they encounter in a new context? What new niches might they be well suited for -- and how might they have to be adapted for it? What further research questions would we need to answer to understand how the ideas would be recast in a current context?

You do not need to cover all aspects of all papers: pick three interesting ideas and talk briefly about their implications for a scenario, avoiding excess detail. Citations to later research may be appropriate.

Literature review

We would like you to identify a few key relevant publications linked to the assigned readings; for older papers, you might just seek out later work that sees the assigned work as a critical source. When we assign more recent work, identifying common prior influences will be important (e.g., co-citations, but also common intellectual inheritance).

Of particular note, be sure to track down retrospective pieces by the same authors, and mention, if any, what their longer-term insights proved to be. Such retrospective pieces are common for critical pieces of work, and might be found as invited pieces in the same venue (e.g., conference), Communications of the ACM, etc. These will exist especially for older and more influential works, often at gaps of 10-25 years from the original publication. For some kinds of security work, a contribution is later "broken"; finding that paper is important, as it allows us to understand the limitations of the work (e.g., what assumptions were too strong, or how the results of the work were used in inappropriate contexts, excessively simplified in the academic exploration or presentation, etc.)

Given the limited time you have available, we aren't expecting a comprehensive bibliographic review -- rather, some insightful spotting of 6-8 interesting related citations and an indication of why they are relevant. Note that while we have selected sets of papers that are related to one another, the function of this section is to identify other, non-assigned research.

Discussion questions

This section will simply consist of a bullet list of 3-4 insightful discussion questions relating to the readings. There is scope for creativity here, but you might consider questions about the relationships between the publications, how they might apply in the current world, future directions, etc. These should not be quiz-style questions ("what is ..."), but instead, questions intended to trigger longer discussions ("how might ..."). Be prepared to ask (and help answer) these questions in class.

For example, in our first week, we consider Saltzer and Schroder's PICS paper, which makes relatively little comment on the topic of computer networking, but focuses instead on local-system protection models. We also discussed shared-secret and public-private key cryptography and its role in cryptographic protocols. These two worlds do not live in isolation, so a number of interesting questions might be raised about how the types of security integrate with one another.


Each registered student (and most visitors) will give at least one, and likely multiple, presentation on a reading during the term. As swapping presentations is allowed, you may find that you wish to talk to exchange with another student to give a presentation on a topic you find of particular interest, as this is an opportunity to engage in greater depth with a set of ideas, as well as lead discussion on the topic. Be sure to confirm presentation swaps with us as early as possible, to avoid the potential for misunderstandings.

For the avoidance of doubt: all presenters are expected to use slides, which must be submitted in PDF form (and on paper) prior to class; the module organisers will provide the computer to present from in order. This will limit the use of fancy animations, but save a substantial amount of time that might otherwise be lost to problems with notebooks and projectors. In order to allow you to focus on a high-quality and practiced presentation, no essay is assigned for the week in which the presentation will be given. You may wish to borrow illustrations or tables from the original paper.

Unlike essays on readings, there is no recommended outline for the presentation: a suitable structure should be selected based on the style of the reading assigned. Presentations should be given in a teaching or research style, conveying the key ideas and contributions of the work -- as well as critiquing it. Topics to cover, depending on the nature of the reading, may include:

  • What motivated the work?
  • What are the key ideas and contributions?
  • How were the scientific ideas evaluated?
  • How can we critique its approach/argument/evaluation?
  • How does this work relate to other works we have read -- and other works in the research literature?
  • How do these ideas apply to the current world?

Presenters should be prepared for an engaged question-and-answer session, and to help lead discussion of the paper. Presenters may find that exactly following the original paper outline leads to a less compelling presentation style, and should consider alternative narratives likely to better engage the audience. Illustrations, rather than simply slide upon slide of bullets, will also improve the quality of the presentation. For survey papers especially, it may not be possible to cover all ideas from the paper: you must select a useful subset that will best educate and engage the audience. In some cases, videos of the original research presentations may be available online; these are worth watching, but will likely not provide an ideal model for our classroom presentations. Do ensure that you have investigated related work, and presented on a suitable subset of it -- questions from us, and the audience, may relate to this.

Each reading is allotted roughly half an hour of classroom time: 15-20 minutes of presentation (aim for 15 but slipping a bit is OK) followed by 10-15 minutes of discussion. Running substantially over (or under) will be negatively reflected in marking; running substantially over will also result in your being cut off so as to ensure adequate time for discussion and other presentations.

Presentations will be evaluated based on their successfully conveying the key content of the paper. Up to ten marks will be awarded for effective teaching of the key ideas of the reading; a critical evaluation of the work; tracing related research; considering current implications vs. historical context of the work; and successful answering of Q&A as well as triggering and contributing to an interesting classroom discussion.

It is important that you do one or more timed practice runs of the presentation before giving it in class. You may wish to have one of those runs be with one or more of your peers, who can offer feedback on omitted ideas, time overruns, presentation style, etc.