Course pages 2018–19
Software and Security Engineering
Principal lecturer: Dr Alastair Beresford
Taken by: Part IA CST 50%, Part IA CST 75%
Past exam questions
No. of lectures: 11
Suggested hours of supervisions: 3
This course is a prerequisite for the Group Project.
Aims
This course aims to introduce students to software and security engineering, and in particular to the problems of building large systems, safety-critical systems and systems that must withstand attack by capable opponents. Case histories of failure are used to illustrate what can go wrong, and current software and security engineering practice is studied as a guide to how failures can be avoided.
Lectures
- What is a security policy or a safety case? Definitions and
examples; one-way flows for both confidentiality and safety properties;
separation of duties. Top-down and bottom-up analysis methods. What
architecture can do, versus benefits of decoupling policy from mechanism.
- Predicting user behaviour. Predicting and mitigating user
errors. The hierarchy of harms. Attitudes to risk: expected utility,
prospect theory, framing, status quo bias, gender. The characteristics
of human memory; forgetting passwords versus guessing them.
- Security protocols; how to enforce policy using cryptography
and structured human interaction. Man-in-the-middle attacks. The role of
verification and its limitations.
- Bugs of different types: design errors, implementation errors
affecting arithmetic, logic, syntax, and concurrency. Code injection
attacks. Defensive programming: secure coding, contracts. Fuzzing.
- The software crisis. Examples of large-scale project failure,
such as the London Ambulance Service system and the NHS National
Programme for IT. Intrinsic difficulties with complex software.
- The software life cycle. The software life cycle. Getting the
specification right; requirements analysis methods; modular design; the role of
prototyping; the waterfall and spiral models.
- Designing for Testability. Identifying different types of tests and
how to use them effectively. Writing a good unit test; understanding
techniques for measuring test quality.
- Modern development practice and quality assurance. Tools to support
code management, code review and test case generation. Continuous integration,
refactoring, release engineering, patch strategies. The need for code indexing, code
ownership, library management, design documentation and the maintenance of
safety and security ratings.
- Software-as-a-Service. The Software-as-a-Service architecture, including
a/b testing, phased release of client and server components and rearchitecting
systems while in operation.
- Critical systems: where real-time performance, safety or security
is essential. Examples of catastrophic failure; problems with usability and
human error for both safety engineering and security engineering.
- Real-world challenges in combining safety and security. Project
planning tools; PERT and GANTT charts. Open source: advantages and
drawbacks. Evaluation and assurance; maintaining a security rating or a
safety case.
Objectives
At the end of the course students should know how writing programs with tough assurance targets, in large teams, or both, differs from the programming exercises they have engaged in so far. They should understand the different models of software development described in the course as well as the value of various development and management tools. They should understand the development life cycle and its basic economics. They should understand the various types of bugs, vulnerabilities and hazards, how to find them, and how to avoid introducing them. Finally, they should be prepared for the organizational aspects of their Part IB group project.
Recommended reading
Howard, M. & LeBlanc, D. (2003). Writing secure code. Microsoft Press.
Anderson, R. (2008). Security engineering (Part 1 and Chapters 25-26). Wiley. Available at: http://www.cl.cam.ac.uk/users/rja14/book.html
Leveson, N. (1994). Safeware. Addison-Wesley.
Further reading:
Brooks, F.P. (1975). The mythical man month. Addison-Wesley.
Reason, J. (2008). The human contribution. Ashgate Publishing.
Maguire, S. (1993). Writing solid code. Microsoft Press.
Report of the inquiry into the London Ambulance Service (SW Thames RHA, 40 Eastbourne Terrace, London W2 3QR, February 1993).
http://www.cs.ucl.ac.uk/staff/A.Finkelstein/las.html