Computer Laboratory

Course pages 2017–18

Software and Security Engineering

Examples Sheet

Here's the examples sheet for supervisions and here's the file ecommerce.zip to which example 3.5 refers.

Study Guide

Here are the slides for the main lectures of the course. The slides for Dr Rice's talk on design for testability are here.

As software and communications become embedded invisibly everywhere, safety and security are becoming increasingly intertwined. The disciplines of software engineering and security engineering are converging. This course attempts a unified introduction. Its antecedents include previous courses on software engineering (see here) plus materials brought forward from previous courses on security (here and here). It was first taught as a unified course last year.

For further and background reading please see the following.

  1. The lecture on security policies and safety cases explains the context in which we try to assure ourselves of emergent system properties such as safety and security. It sets out defintions, and starts to illustrate what we mean by a safety case or security policy using examples. We start off with multilevel security, which is the approach used by governments to deal with the threat of disloyal insiders; the slides summarise material from chapter 8 of my textbook on Security Engineering. We then look at safety cases, giving examples of fault tree analysis and failure modes and effects analysis (for which see chapter 25) and finally banking, where a dishonest insider will most likely be trying to steal money rather than leak secrets, so the mechanisms used are rather different (see chapter 10). All these book chapters are available free online.
  2. The video of a crash test between a 1959 Chevrolet and a 2009 model is here, and illustrates the enormous effort put into mitigating the consequences of user error. It is a memorable reproach to system designers who build systems that are hard to use and then blame the users when things go wrong. By comparison here's a video by Harold Thimbleby on the poor safety usability of syringe pumps, while his paper on safety usability failures in medical devices is here. The rest of the lecture on predicting human behaviour is based on chapter 2; there's also an article on passwords as well as much more research material here. For fun, there are some entertaining programs by The Real Hustle that illustrate real fraud techniques, online starting here.
  3. We then discuss passwords and protocols. Our experiments on password memorability are desrcibed here and illustrate the problem as it was twenty years ago, when we were worried only about password guessing on a single system. Matt Honan's story of how his passwords got hacked is here and illustrates the more complex world of today when everyone has too many passwords, typically used on multiple accounts, with recovery mechanisms that create further dependencies between accounts. The lecture on protocols is based on chapter 3. For the No-PIN attack on stolen chip and pin cards, see this video.
  4. For the lecture on software security the most appropriate chapter is 21, but I'll discuss more recent high-profile attacks such as heartbleed. The Whopper Burger ad is here and the background's here. Recent hacks of possible interest are here, here, here, here and here. Useful resources for following the fight against the bad guys are the comp.risks forum and the blogs by Bruce Schneier and Brian Krebs.
  5. Here's the report of the inquiry into the London Ambulance System disaster; while the case study of the NHS National Programme for IT is here and there are links to papers on the smart meter project here.
  6. For the lecture on methodology and managing complexity, here's Fred Brooks' article No Silver Bullet and the paper by Curtis, Krasner and Iscoe. There is quite a lot of relevant material in Chapter 25 of my book; there's also a piece I recorded with Stephen Fry on Y2K.
  7. Nancy Leveson's book is here and an article from the New York Times documents the continuing fatalities caused by poor radiology systems and software. The report of the inquiry into the King's Cross fire is here. Finally, here is the report of the Quantas flight where the plane's three onboard computers started arguing with each other.
  8. My book chapter on evaluation and assurance is chapter 26, and here is a recent piece on software sustainability.
  9. The notes for the guest lecture on design for testability by Andy Rice will be added later.
  10. Eric Raymond's essay The Cathedral and the Bazaar is here; the later book is here.
  11. Here is the handout for Dr Jeunese Payne's Lent term lecture on essay writing, and here are her slides.

Past exam questions from the software engineering component of the course are here and here. For supervisions in the security component of the course, you might try previous exam questions in car locks, phone scratchcards, exam security, prospect theory, secret key protocols, public key protocols and banking authentication. For fun (although we didn't teach it) you might have a go at the two-time pad.