Description
This module examines social and technical approaches to better security resilience in systems through consideration of methods of attack and defence.
Aims
The aim of this module is to provide the student with specialist knowledge and experience of advanced hacking techniques, both human and technical, and their countermeasures which can be used to improve socio-technical system resilience.
Learning Outcomes
By the end of this module the student should be able to:
1. Understand hardware security and its challenges. Be able to understand common vulnerabilities and attack types in current hardware systems.
2. Describe a range of secure software engineering techniques, and critically select and apply these techniques in the context of real-world software projects.
3. Analyse and critically evaluate techniques used to mount social engineering and insider attacks and identify relevant countermeasures.
4. Choose an optimal authentication mechanism for a particular system to be used in a given context by a specified group of people, and design an interface to maximise usability.
5. Be able to apply machine learning and neural network algorithms to solve cyber-security problems such as identifying malicious traffic, insider threats in a network and malware detection.
Indicative Content
1 Hardware Security Challenges
Conceptual understanding of current hardware security landscape and how the field of hardware security is evolving. Understanding hardware security concepts, practices and physical attack types.
2 Principles of Secure Software Development
The relationship between correctness, security and performance. Defence in depth. Input, output and state validation. Minimal privilege and privilege separation.
3 Language and API Design for Security
Inherent security problems with widely-used languages, and why people still use them. Undefined behaviour and compiler optimisations. Enforcing security properties using better type systems and language semantics. DSLs for security.
4 Static and Dynamic Analysis
Static analysis tools for conventional code: what they can and can't find. Dynamic analysis of security properties. Formal specification and validation of software behaviour. Formal validation toolchains.
5 The Ingredients of Machine Learning
Overview of the different ‘aspects’ of machine learning. All machine algorithms are not created equal. Applications of machine learning for cyber-security. Review of the various types of algorithms and the mathematics behind the algorithms. Exploration of supervised and un-supervised classifications. Creation of a spam filter such as SPAM-Assassin and applications of Machine Learning to Network Forensics.
6 Support Vector Machines for Cyber Security
Exploration of classification and regression analysis. Overview of the mathematics behind Support Vector Machine and the application of the SVM algorithm in the context of networking security. Introduction to non-linear classification and high-dimensional feature spaces to improve intrusion detection systems, mitigate security vulnerabilities and identify data exfiltration.
7 Neural Networks for Cyber Security
Exploration neural networks and deep neural networks for threat analysis and malware detection. Exploration of the propagation models, weights and learning rules. Comparison of variants of neural networks (ANN, CNN, RNN). The mathematics and models behind the different algorithms are explored and applied to the classification of network traffic, identify threats, computer misuse, and improve network security.
8 Insider Threat
Exploration of the insider threat, the danger of the insider threat, and the consequences thereof. Explanation of the fraud triangle, insider motivations, how organisations facilitate such attacks. Discussion of tools that can be used to mitigate this threat.
9 Authentication Design
How authentication mechanisms ought to be chosen with the human in mind. The differences between what you own, what you are, and what you know, and how to judge which one is best to be used in a particular context. If passwords are chosen, how password requirements ought to be defined, how these ought to be communicated to the users. Design of secure password replacement. The use of 2FA for valuable systems.
10
Teaching and Learning Work Loads
| Teaching and Learning Method | Hours |
| Lecture | 13 |
| Tutorial/Seminar | 13 |
| Practical Activity | 24 |
| Assessment | 60 |
| Independent | 90 |
| Total | 200 |
Guidance notes
SCQF Level - The Scottish Credit and Qualifications Framework provides an indication of the complexity of award qualifications and associated learning and operates on an ascending numeric scale from Levels 1-12 with SCQF Level 10 equating to a Scottish undergraduate Honours degree.
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.
Disclaimer
We make every effort to ensure that the information on our website is accurate but it is possible that some changes may occur prior to the academic year of entry. The modules listed in this catalogue are offered subject to availability during academic year 2021/22 , and may be subject to change for future years.
