This module examines social and technical approaches to better security resilience in systems through consideration of methods of attack and defence.
The aim of this Module is to provide the student with specialist knowledge and experience of advanced hacking techniques, both human and technical, and their countermeasures which can be used to improve socio-technical system resilience.
By the end of this module the student should be able to:
1. Analyse and critically evaluate a range of secure software engineering techniques, and critically select and apply these techniques in the context of real-world software projects.
2. Identify an optimal authentication mechanism for a particular system to be used in a given context by a specified group of people, and design an interface to maximise usability during enrolment and subsequent login attempts.
3. Be able to apply machine learning and neural network algorithms to solve cyber-security problems such as identifying malicious traffic, insider threats in a network and malware detection.
1 Principles of Secure Software Development
The relationship between correctness, security and performance. Defence in depth. Input, output and state validation. Minimal privilege and privilege separation.
2 Language and API Design for Security
Inherent security problems with widely-used languages, and why people still use them. Undefined behaviour and compiler optimisations. Enforcing security properties using better type systems and language semantics. DSLs for security.
3 Secure Software Engineering
Security within the SDLC. Specifying security requirements. Secure coding standards. Code review for security.
4 The Ingredients of Machine Learning
Overview of the different ‘aspects’ of machine learning. All machine algorithms are not created equal. Applications of machine learning for cyber-security. Review of the various types of algorithms and the mathematics behind the algorithms. Exploration of supervised and un-supervised classifications. Creation of a spam filter such as SPAM-Assassin and applications of Machine Learning to Network Forensics.
5 Support Vector Machines for Cyber Security
Exploration of classification and regression analysis. Overview of the mathematics behind Support Vector Machine and the application of the SVM algorithm in the context of networking security. Introduction to non-linear classification and high-dimensional feature spaces to improve intrusion detection systems, mitigate security vulnerabilities and identify data exfiltration.
6 Neural Networks for Cyber Security
Exploration of neural networks for threat analysis and malware detection. Exploration of the propagation models, weights and learning rules. The mathematics and models behind the different algorithms are explored and applied to the classification of network traffic, identify threats, computer misuse, and improve network security.
7 Human-Centred Security
An introduction into the human side of security, and into how humans make security and privacy-related decisions.
8 Authentication Design
How authentication mechanisms ought to be chosen with the human in mind. The differences between what you own, what you are, and what you know, and how to judge which one is best to be used in a particular context. If passwords are chosen, how password requirements ought to be defined, how these ought to be communicated to the users. Design of secure password replacement.
Teaching and Learning Work Loads
|Teaching and Learning Method||Hours|
SCQF Level - The Scottish Credit and Qualifications Framework provides an indication of the complexity of award qualifications and associated learning and operates on an ascending numeric scale from Levels 1-12 with SCQF Level 10 equating to a Scottish undergraduate Honours degree.
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.
We make every effort to ensure that the information on our website is accurate but it is possible that some changes may occur prior to the academic year of entry. The modules listed in this catalogue are offered subject to availability during academic year 2021/22 , and may be subject to change for future years.