Department of Computer Science and Technology

Course pages 2019–20

Software and Security Engineering

Here is a set of slides for the main lectures of the course, which I will update over Easter with some new examples, most notably a case study of the Boeing 737 Max. The slides for Dr Richard Sharp's guest lecture will appear later.

As software and communications become embedded invisibly everywhere, safety and security are becoming increasingly intertwined. The disciplines of software engineering and security engineering are converging. This course attempts a unified introduction. Its antecedents include previous courses on software engineering (see here) plus materials brought forward from previous courses on security (here and here). It was first taught as a unified course in 2016-17.

For further and background reading please see the following.

  1. The lecture on security policies and safety cases explains the context in which we try to assure ourselves of emergent system properties such as safety and security. It sets out defintions, and starts to illustrate what we mean by a safety case or security policy using examples. We start off with multilevel security, which is the approach used by governments to deal with the threat of disloyal insiders; the slides summarise material from chapter 8 of my textbook on Security Engineering. We then look at safety cases, giving examples of fault tree analysis and failure modes and effects analysis (for which see chapter 25) and finally banking, where a dishonest insider will most likely be trying to steal money rather than leak secrets, so the mechanisms used are rather different (see chapter 10). All these book chapters are available free online.
  2. The video of a crash test between a 1959 Chevrolet and a 2009 model is here, and illustrates the enormous effort put into mitigating the consequences of user error. It is a memorable reproach to system designers who build systems that are hard to use and then blame the users when things go wrong. By comparison here's a video by Harold Thimbleby on the poor safety usability of syringe pumps, while his paper on safety usability failures in medical devices is here. The rest of the lecture on predicting human behaviour is based on chapter 3. For fun, there are some entertaining programs by The Real Hustle that illustrate real fraud techniques, online starting here.
  3. We then discuss passwords and protocols. Our experiments on password memorability are desrcibed here and illustrate the problem as it was twenty years ago, when we were worried only about password guessing on a single system. Matt Honan's story of how his passwords got hacked is here and illustrates the more complex world of today when everyone has too many passwords, typically used on multiple accounts, with recovery mechanisms that create further dependencies between accounts, and everybody passing the buck. The lecture on protocols is based on my book's chapter 4. For the No-PIN attack on stolen chip and pin cards, see this video.
  4. For the lecture on software security the most appropriate chapter is 21, but I'll discuss more recent high-profile attacks such as heartbleed. The Whopper Burger ad is here and the background's here. Some hacks of possible interest are here, here, here and here. If you want to follow the fight against the bad guys, see the blogs by Bruce Schneier and Brian Krebs.
  5. Here's the report of the inquiry into the London Ambulance System disaster; while the case study of the NHS National Programme for IT is here and there are links to papers on the smart meter project here.
  6. For the lecture on methodology and managing complexity, here's Fred Brooks' article No Silver Bullet and the paper by Curtis, Krasner and Iscoe. There is quite a lot of relevant material in Chapter 25 of my book; there's also a piece I recorded with Stephen Fry on Y2K.
  7. Nancy Leveson's book is here and an article from the New York Times documents the continuing fatalities caused by poor radiology systems and software. The report of the inquiry into the King's Cross fire is here. Finally, here is the report of the Quantas flight where the plane's three onboard computers started arguing with each other.
  8. My book chapter on evaluation and assurance is chapter 26, and here is a recent piece on software sustainability.
  9. The notes for the guest lecture by Richard Sharpe will be added later.
  10. Eric Raymond's essay The Cathedral and the Bazaar is here; the later book is here.

Past exam questions for 2017-19 are here. Before that, questions from the software engineering component of the course are here and here, while for supervisions in the security component of the course, you might try previous exam questions on car locks, phone scratchcards, exam security, prospect theory, secret key protocols, public key protocols and banking authentication.