Study information

Building Secure and Trustworthy Systems - 2020 entry

MODULE TITLEBuilding Secure and Trustworthy Systems CREDIT VALUE15
MODULE CODEECMM463 MODULE CONVENERProf Achim D. Brucker (Coordinator)
DURATION: TERM 1 2 3
DURATION: WEEKS 11
Number of Students Taking Module (anticipated) 15
DESCRIPTION - summary of the module content

Building secure and trustworthy systems, I.e. systems that are hard to attack and protect the privacy of their users, are very hard to build. In this module, you will learn the foundations of building secure (software) systems ‘right from the beginning’. You will learn how to assess the threats of a system that need to be mitigated while building it, the risk assessment of vulnerabilities, as well as various approaches (e.g. defensive programming) and techniques for building secure systems. The module focuses on defensive security techniques that might be used by “blue teams.” 

Pre-requisites: none 

Co-requisites: ECM4xxx-a (Fundamentals of Security)

 

AIMS - intentions of the module

This module aims to give you a broad understanding of techniques for assessing the risks a modern IT system is exposed. Driven by these risks, we will discuss several defensive security techniques for building security and trustworthy (software) systems.

In more detail, the aims of the module are to enable you to  

  • assess the security of software architectures  
  • understand the principles of secure software architectures 
  • understand software vulnerabilities, their causes, and impact 
  • to develop secure software using defensive programming techniques  
  • understand the principles of security testing and verification techniques

 

INTENDED LEARNING OUTCOMES (ILOs) (see assessment section below for how ILOs will be assessed)

Module Specific Skills and Knowledge: 

1 

Develop secure and trustworthy systems 

2 

Select the appropriate security controls for a given system 

Discipline Specific Skills and Knowledge: 

3 

Understand the importance of building systems that are “secure by design” 

4 

Understand the concept of defensive security 

Personal and Key Transferable/ Employment Skills and Knowledge: 

5 

Being able to balance potentially contradicting goals such as security and costs 

6 

Assess and manage the (security) risk of a specific system 

 

SYLLABUS PLAN - summary of the structure and academic content of the module

The module will cover: 

  • Security Development Life Cycle (SDLC) 
  • Threat modelling 
  • Software vulnerabilities 
  • Defensive programming 
  • Security testing and verification

 

LEARNING AND TEACHING
LEARNING ACTIVITIES AND TEACHING METHODS (given in hours of study time)
Scheduled Learning & Teaching Activities 33 Guided Independent Study 117 Placement / Study Abroad
DETAILS OF LEARNING ACTIVITIES AND TEACHING METHODS

Category  

Hours of study time  

Description  

Scheduled Learning & Teaching 

22 

Lectures 

Scheduled Learning & Teaching 

11 

Tutorials or Practical Work 

Guided Independent Study 

117 

Background Reading and Self-Study 

 

ASSESSMENT
FORMATIVE ASSESSMENT - for feedback and development purposes; does not count towards module grade

Form of Assessment 

Size of the assessment e.g. duration/length 

ILOs assessed 

Feedback method 

Tutorials and Practical Work 

11 hours 

All 

Oral 

 

SUMMATIVE ASSESSMENT (% of credit)
Coursework 30 Written Exams 70 Practical Exams
DETAILS OF SUMMATIVE ASSESSMENT

Form of Assessment 

 

% of credit 

Size of the assessment e.g. duration/length 

ILOs assessed  

Feedback method 

Written exam 

70 

2 hours (Summer) 

all 

Oral on request 

Coursework 

30 

50 hours 

all 

Written 

 

DETAILS OF RE-ASSESSMENT (where required by referral or deferral)

Original form of assessment 

Form of re-assessment  

ILOs re-assessed 

Time scale for re-assessment 

All above 

Written exam (100%) 

all 

Ref/Def Examination Period 

 

RE-ASSESSMENT NOTES

 

 

RESOURCES
INDICATIVE LEARNING RESOURCES - The following list is offered as an indication of the type & level of
information that you are expected to consult. Further guidance will be provided by the Module Convener

https://vle.exeter.ac.uk/

Reading list for this module:

Type Author Title Edition Publisher Year ISBN
Set R.J. Anderson Security Engineering: A Guide to Building Dependable Distributed Systems 1st John Wiley 2001 0471389226
Set M. Howard, D. LeBlanc and J. Viega 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them 1st McGraw Hill 2010
Set B. Chess and J. West Secure Programming with Static Analysis 1st Addison Wesley 2007
Set Felderer M, et al Security Testing: A Survey, Advances in Computers 101 Advances in Computers 2016
Set Shostack, Adam Threat Modelling: Designing for Security 1st Wiley 2014
Set Othmane et al Empirical Research for Software Security: Foundations and Experience CRC Press 2017
CREDIT VALUE 15 ECTS VALUE 7.5
PRE-REQUISITE MODULES None
CO-REQUISITE MODULES None
NQF LEVEL (FHEQ) 7 AVAILABLE AS DISTANCE LEARNING No
ORIGIN DATE Wednesday 25th March 2020 LAST REVISION DATE Friday 24th July 2020
KEY WORDS SEARCH Software security, Threat modelling, Security by design, SDLC, Defensive security

Please note that all modules are subject to change, please get in touch if you have any questions about this module.