Computer Laboratory

Course pages 2014–15

Computer Security: Principles and Foundations

Principal lecturer: Dr Robert Watson
Additional lecturers: Prof Ross Anderson, Dr Frank Stajano, Dr Alastair Beresford
Taken by: MPhil ACS, Part III
Code: R209
Hours: 16 (8 × two-hour seminar sessions)
Prerequisites: Undergraduate operating systems course; an undergraduate networking course would be useful. It is recommended that students undertaking the Lent term course also take this Michaelmas term course.


This course aims to provide students with an introduction to the history and central themes of computer security, from its 1970s foundations to some current research topics, with a theme of how to defend cloud-based systems against capable motivated opponents. The course considers first local computer systems and then distributed systems; however, we will rapidly discover that this is an artificial distinction that only becomes more awkward as we enter the current period. Throughout the course, we will consider proposed systems along with the adversarial research intended to identify gaps and vulnerabilities.


There will be eight two-hour seminars on the following topics. Students are expected to read the required set papers before each class. All students are expected to submit a brief written summary of the readings in advance of each class, and students will be nominated to give brief presentations of each paper, or of cross-cutting aspects of all the papers, to lead discussion.

  • Origins and foundations of computer security
  • Access control
  • Capability systems
  • Passwords
  • Cryptographic protocols
  • Programming languages and information flow control
  • Correctness vs. mitigation
  • Security economics


On completion of this module, students should:

  • understand the principles of computer security
  • be familiar with long-term and recent research themes
  • appreciate the challenges of defending high-value systems


Participants will be expected to undertake six hours of preparatory work before each meeting. This will involve:

  • Reading a set number of papers
  • Following up references and other related work
  • Writing a weekly essay summarising assigned papers or, as assigned by the course instructor, preparing and delivering a 20-minute presentation on a specific paper
  • Essay text or presentation slides must be submitted both on paper to the Graduate Education Office, and by e-mail, by the specified deadline
  • Participating in class discussion on both the assigned papers and broader issues raised by the week's readings

Each week, three class participants will be assigned to introduce assigned papers via 20-minute presentations as if reporting the work at a conference. This will be followed by five minutes of questions and ten minutes of discussion. The final fifteen minutes of the class will be spent discussing the broader issues raised by the week's papers.

Students will give at least one presentation each term, but are not required to submit a paper on weeks where they are also presenting. Slides must be used, and it is strongly recommended that speakers make use of illustrations in conveying the material of the paper. For logistical reasons, an instructor-provided computer will be used for all presentations; no last-minute substitution of slides is permitted.

Weekly essays will be up to 1,500 words summarising the complete set of assigned papers, identifying common themes, discussing the broader context, and enumerating possible class discussion topics. While essays need not be 1,500 words in length, participants are advised that essays under 800 words are unlikely to contain sufficient detail or discussion to achieve full marks.

All participants are expected to attend and participate in every class; the instructor must be notified of any absences in advance.

Practical work



From the second week onwards, course participants are awarded a maximum of 10 marks each week reflecting the quality of the submitted essay or presentation. The lowest essay or presentation mark of the term will be dropped. Remaining marks will be scaled to a maximum final score out of 100.

For essays, a total of ten marks can be awarded. Up to two marks are assigned for adequate coverage of each of five sections/areas: summary of papers; discussion of key themes spanning the papers; consideration of current context; literature review; and class discussion questions.

For presentations, a total of ten marks can be awarded. Criteria include: effective teaching of the key ideas; a critical evaluation of the work; tracing related research; considering current implications vs historical context of the work; and successful answering of Q&A as well as triggering a useful and interesting class discussion.

Neither essays nor presentations are due in the first week. All submitted essays should provide a word count.

Recommended reading

Anderson, R. J. (2008). Security Engineering, Wiley (second edition)
Gollmann, D. (2010). Computer Security, Wiley
Marshall Kirk McKusick, George V. Neville-Neil, and Robert N. M. Watson. "Chapter 5 - Security", The Design and Implementation of the FreeBSD Operating System, 2nd Edition, Pearson Education, Boston, MA, USA, September 2014