SENG: Course Materials

Lecture List

  1. Who is the opponent? -- State actors, corporate competitors, crooks, geeks and the swamp. The kill chain. Attack tools and the vulnerability life cycle; zero-days; botnets such as Mirai.
  2. What attacks are we trying to prevent, and how? Threat models and security policies.
  3. Banking security 1 – EMV and other protocols, ATMs, 2FA, and sim swapping. 
  4. Banking security 2 – hardware security modules, API security, smartcards and PIN entry devices.
  5. Socio-technical systems 1 – security economics. Market failures: network effects, asymmetric information.
  6. Socio-technical systems 2 – psychology and behavioural economics. Attitudes to risk and privacy; prospect theory; social psychology; implications for scams and system design. 
  7. Network security - integrating threat hunting, firewalls, intrusion detection, network logging and supporting services. The role of architecture: perimeters or zero-trust networks?
  8. Hardware security 1 - Locks, alarms and seals. Hardware tamper resistance, differential fault analysis, differential power analysis.
  9. Hardware security 2 - More on side channels and enclaves. Spectre, Rowhammer, Plundervolt.  Codesign for security e.g. CHERI, MTE.
  10. Modern operating systems security 1 - Trusted code base. Use of MAC in SELinux and phones. Android and iOS security mechanisms, both in theory and practice.
  11. Modern operating systems security 2 - Cloud security, virtualization and containers.
  12. Ecosystems security - App stores, incentives, markets. Windows and Azure; supply-chain attacks. Accessory control.
  13. The interaction of safety and security - medical devices and vehicles. Intimate partner abuse.
  14. Assurance and sustainability - The patch cycle: responsible vs coordinated disclosure. DevSecOps.
  15. Governance and regulation - standards and certification, monopolies, privacy and censorship.
  16. Guest lecture by an industry practitioner.

Note: Please remember that the lectures are available as youtube videos. The link to the videos is linked on the schedule page.  

Tutorial Recordings

All tutorial recordings should be accessed via Learn; you will need to log in using your EASE account. (Learn provides you with access to any lecture recordings available for this course. You will need to select the "lecture recording" link once, before you can access any direct links to a tutorial recording.)

License
All rights reserved The University of Edinburgh