Course pages 2016–17
Paper 2: Software and Security Engineering
Lecturer: Professor R.J. Anderson
No. of lectures: 11
Suggested hours of supervisions: 3
This course is a prerequisite for the Group Project.
Aims
This course aims to introduce students to software and security engineering, and in particular to the problems of building large systems, safety-critical systems and systems that must withstand attack by capable opponents. Case histories of failure are used to illustrate what can go wrong, and current software and security engineering practice is studied as a guide to how failures can be avoided.
Lectures
- The software crisis. Examples of large-scale project failure,
such as the London Ambulance Service system and the NHS National
Programme for IT. Intrinsic difficulties with software.
- The software life cycle. The software life cycle. Getting the
specification right; requirements analysis methods; modular design; the role of
prototyping; the waterfall and spiral models.
- Guest lecture. A guest lecture from an industry speaker about the
realities of managing software development in a commercial environment.
- Modern integrated development environments. Tools to support code
management, code review and test case generation; git and Jenkins.
Continuous integration, refactoring, release engineering, patch
strategies.
- Critical systems: where real-time performance, safety or security
is critical. Examples of catastrophic failure; problems with
usability and human error for safety engineering and security
engineering.
- Predicting user behaviour: expected utility, prospect theory,
framing, status quo bias, gender. Measuring human behaviour. The
characteristics of human memory; forgetting passwords versus guessing
them.
- What is a security policy or a safety case? How to enforce policy
by structured design; one-way flows, redundancy. Protection profiles;
maintaining a security rating (or a safety case).
- Security protocols; how to enforce policy using cryptography and
structured human interaction. The role of verification and validation.
- Bugs of different types: design errors such as protocol exploits,
and implementation errors affecting arithmetic, logic, syntax, and
concurrency. Defensive programming (secure coding, exception
handling, contracts).
- Quality assurance. The contribution of reviews and testing;
reliability growth models; software maintenance life-cycle costs. The
need for code indexing, code ownership, library management and
up-to-date design documentation.
- Real-world challenges in combining safety and security. Project
planning tools; PERT and GANTT charts. Open source: advantages and
drawbacks.
Objectives
At the end of the course students should know how writing programs with tough assurance targets, in large teams, or both, differs from the programming exercises they have engaged in so far. They should appreciate the waterfall, spiral and evolutionary models of software development as well as the value of various development and management tools. They should understand the development life cycle and its basic economics. They should understand the various types of bugs, vulnerabilities and hazards, how to find them, and how to avoid introducing them. Finally, they should be prepared for the organizational aspects of their Part IB group project.
Recommended reading
Howard, M. & LeBlanc, D. (2003). Writing secure code. Microsoft Press.
Anderson, R. (2008). Security engineering (Part 1 and Chapters 25-26). Wiley. Available at:
http://www.cl.cam.ac.uk/users/rja14/book.html
Leveson, N. (1994). Safeware. Addison-Wesley.
Further reading:
Brooks, F.P. (1975). The mythical man month. Addison-Wesley.
Reason, J. (2008). The human contribution. Ashgate Publishing.
Leveson, N. (2008). System safety engineering: back to the future. Available at
http://sunnyday.mit.edu/book2.pdf
Maguire, S. (1993). Writing solid code. Microsoft Press.
Report of the inquiry into the London Ambulance Service (SW Thames RHA, 40 Eastbourne Terrace, London W2 3QR, February 1993).
http://www.cs.ucl.ac.uk/staff/A.Finkelstein/las.html