Computer Security: Principles and Foundations
Principal lecturers: Prof Robert Watson, Prof Alice Hutchings, Prof Alastair Beresford, Dr Martin Kleppmann
Taken by: MPhil ACS, Part III
Code: R209
Term: Michaelmas
Hours: 16 (8 × two-hour seminar sessions)
Format: In-person and video lectures and online Q&A sessions
Class limit: max. 12 students
Prerequisites: An undergraduate course in computer security is required. Undergraduate-level background in operating systems, computer architecture, and cryptography is also valuable; students lacking this background will require significant additional study to catch up. Students taking the Cybercrime R254 course may also wish to take this Lent term course.
timetable
Aims
This course aims to provide students with a research-level introduction to the history and central themes of computer security, from its 1970s foundations to a selection of current topics. Throughout the course, we will consider diverse research methodologies used in the discipline, proposed approaches and systems intended to address security problems discovered with increasingly ubiquitous use of computer systems, along with the adversarial research intended to identify gaps and vulnerabilities. The module will address both social-science and technical aspects of computer security, including topics such as human factors, economics, operating-system design, cryptographic protocol design, computer architecture, and specific adversarial techniques.
While no practical work is assigned in the module, students are encouraged to engage with practical aspects of these ideas.
Syllabus
The course will consist of eight two-hour sessions covering:
- Threat modelling
- Usable security
- Fifty years of access control
- Leveraging hardware vulnerabilities
- Security economics
- Correctness vs. mitigation
- Cryptographic identity
- Metadata-private communications
All participants are expected to attend and participate in every class and to have read the specified papers beforehand.
Objectives
On completion of this module, students should:
- Engage with and critically discuss key principles of computer security
- Reflect on the historical basis of recent research themes
- Appreciate the challenges of defending high-value systems
Coursework
Participants will be expected to undertake six hours of preparatory work before each meeting. This will involve:
- Reading three assigned papers or reports per week
- Following up references and other related work
- Writing four essays (across the term) summarising assigned papers
- Preparing and delivering one 20-minute presentation on a specific paper that they have been assigned
- Essay text or presentation slides must be submitted via Moodle, by the specified deadline
- Participating in class discussion on both the assigned papers and broader issues raised by the week's readings
Each week, the lecturers will lead an interactive session to discuss the assigned reading material, drawing on the presentations and essays submitted by the students before the start of the class.
Participants will each submit four 1,250-word essays summarising the complete set of papers for the assigned week, identifying common themes, discussing the broader context, and enumerating possible class discussion topics. In accordance with the department’s department’s AI Policy, under no circumstances should output generated by AI tools be presented within assessed work as your own, either taken directly or paraphrased. All participants are expected to attend and participate in every class and read the assigned papers in advance; the instructor must be notified of any absences in advance.
Practical work
None
Assessment
Four assessed essays and one assessed presentation worth 20% each.
Recommended reading
Anderson, R. J. (2020). Security Engineering, Wiley
(third edition)
Gollmann, D. (2010). Computer Security, Wiley