SENG: Security Engineering

As ever more devices participate in online systems that become ever more complex, it is ever more important, and more difficult, to manage emergent properties such as security, safety and sustainability.

Security engineering is not just about individual mechanisms such as cryptography and access controls but how they work together at scale in real systems. This course will illustrate how to analyse threats and hazards systematically, evolve security policies, integrate them with safety policies and accounting standards as need be, test and certify the resulting systems, and manage their evolution as vulnerabilities are discovered or as their requirements change over time.

Over the course of 15 lectures we will study how real systems are attacked by a variety of opponents and how their defences evolve to cope. We will look in detail at important applications such as payments, home automation and vehicles. We will look at the psychology of secure design: how we can minimise the risk of attacks involving deception. We will analyse the economics of security: when service providers have adequate incentives to prevent fraud, and where market failure or poor regulation get in the way.

We will take a deep dive into the protection mechanisms of the underlying platforms, from smartcards through mobile phones to containers, and at whole ecosystems such as phone apps, cloud services and network security. By the end of the course, students should be able to analyse a security problem across the entire systems stack, from the threats and protection goals down through the application and the platforms and if need be to the hardware. They should also appreciate how security interacts with related emergent properties such as safety and sustainability.

There will also be tutorials providing both feed forward and feedback as well as discussing the latest major hacks, a guest lecture and two structured literature-review exercises set as coursework.