Building Secure and Trustworthy Systems - 2021 entry
| MODULE TITLE | Building Secure and Trustworthy Systems | CREDIT VALUE | 15 |
|---|---|---|---|
| MODULE CODE | ECMM463 | MODULE CONVENER | Prof Achim D. Brucker (Coordinator) |
| DURATION: TERM | 1 | 2 | 3 |
|---|---|---|---|
| DURATION: WEEKS | 11 |
| Number of Students Taking Module (anticipated) |
|---|
Building secure and trustworthy systems, I.e. systems that are hard to attack and protect the privacy of their users, are very hard to build. In this module, you will learn the foundations of building secure (software) systems ‘right from the beginning’. You will learn how to assess the threats of a system that need to be mitigated while building it, the risk assessment of vulnerabilities, as well as various approaches (e.g. defensive programming) and techniques for building secure systems. The module focuses on defensive security techniques that might be used by “blue teams.”
Pre-requisites: none
Co-requisites: ECM462 (Fundamentals of Security)
This module aims to give you a broad understanding of techniques for assessing the risks a modern IT system is exposed. Driven by these risks, we will discuss several defensive security techniques for building security and trustworthy (software) systems.
In more detail, the aims of the module are to enable you to
- assess the security of software architectures
- understand the principles of secure software architectures
- understand software vulnerabilities, their causes, and impact
- to develop secure software using defensive programming techniques
- understand the principles of security testing and verification techniques
On successful completion of this module you should be able to:
Module Specific Skills and Knowledge
2. Select the appropriate security controls for a given system
Discipline Specific Skills and Knowledge
4. Understand the concept of defensive security
Personal and Key Transferable / Employment Skills and Knowledge
6. Assess and manage the (security) risk of a specific system
The module will cover:
- Security Development Life Cycle (SDLC)
- Threat modelling
- Software vulnerabilities
- Defensive programming
- Security testing and verification
| Scheduled Learning & Teaching Activities | 33 | Guided Independent Study | 117 | Placement / Study Abroad |
|---|
| Category | Hours of study time | Description |
| Scheduled Learning & Teaching | 22 | Lectures |
| Scheduled Learning & Teaching | 11 | Tutorials or Practical Work |
| Guided Independent Study | 117 | Background Reading and Self-Study |
| Form of Assessment | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
|---|---|---|---|
| Tutorials and Practical Work | 11 hours | All | Oral |
| Coursework | 40 | Written Exams | 60 | Practical Exams |
|---|
| Form of Assessment | % of Credit | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
|---|---|---|---|---|
| Written exam | 60 | 2 hours (Summer) | all | Oral on request |
| Coursework | 40 | 50 hours | all | Written |
| Original Form of Assessment | Form of Re-assessment | ILOs Re-assessed | Time Scale for Re-assessment |
|---|---|---|---|
| All above | Written exam (100%) | all | Ref/Def Examination Period |
information that you are expected to consult. Further guidance will be provided by the Module Convener
https://vle.exeter.ac.uk/
Reading list for this module:
| CREDIT VALUE | 15 | ECTS VALUE | 7.5 |
|---|---|---|---|
| PRE-REQUISITE MODULES | None |
|---|---|
| CO-REQUISITE MODULES | None |
| NQF LEVEL (FHEQ) | 7 | AVAILABLE AS DISTANCE LEARNING | No |
|---|---|---|---|
| ORIGIN DATE | Tuesday 6th October 2020 | LAST REVISION DATE | Tuesday 11th May 2021 |
| KEY WORDS SEARCH | Software security, Threat modelling, Security by design, SDLC, Defensive security |
|---|
Please note that all modules are subject to change, please get in touch if you have any questions about this module.
