Building Secure and Trustworthy Systems - 2024 entry
| MODULE TITLE | Building Secure and Trustworthy Systems | CREDIT VALUE | 15 |
|---|---|---|---|
| MODULE CODE | ECMM463 | MODULE CONVENER | Prof Achim D. Brucker (Coordinator) |
| DURATION: TERM | 1 | 2 | 3 |
|---|---|---|---|
| DURATION: WEEKS | 11 |
| Number of Students Taking Module (anticipated) |
|---|
DESCRIPTION - summary of the module content
Building secure and trustworthy systems, i.e. systems that are hard to attack and protect the privacy of their users, are extremely hard to build. In this module, you will learn the foundations of building secure (software) systems ‘right from the beginning’. You will learn how to assess the threats of a system that need to be mitigated while building it, the risk assessment of vulnerabilities, as well as various approaches (e.g., defensive programming) and techniques for building secure systems. The module focuses on defensive security techniques that might be used by “blue teams.”
Pre-requisites: none
Co-requisites: ECM462 (Fundamentals of Security)
AIMS - intentions of the module
This module aims to give you a broad understanding of techniques for assessing the risks a modern IT system is exposed to. Driven by these risks, we will discuss several defensive security techniques for building security and trustworthy (software) systems.
In more detail, the aims of the module are to enable you to
- assess the security of software architectures
- understand the principles of secure software architectures understand software vulnerabilities, their causes, and impact
- to develop secure software using defensive programming techniques to understand the principles of security testing and verification technique
INTENDED LEARNING OUTCOMES (ILOs) (see assessment section below for how ILOs will be assessed)
On successful completion of this module you should be able to:
Module Specific Skills and Knowledge
1. Develop secure and trustworthy systems
2. Select the appropriate security controls for a given system
2. Select the appropriate security controls for a given system
Discipline Specific Skills and Knowledge
3. Understand the importance of building systems that are “secure by design”
4. Understand the concept of defensive security
4. Understand the concept of defensive security
Personal and Key Transferable / Employment Skills and Knowledge
5. Being able to balance potentially contradicting goals such as security and costs
6. Assess and manage the (security) risk of a specific system
6. Assess and manage the (security) risk of a specific system
SYLLABUS PLAN - summary of the structure and academic content of the module
The module will cover:
- Security Development Life Cycle (SDLC)
- Threat modelling
- Software vulnerabilities
- Defensive programming
- Security testing
- Verification and Certification of high assurance systems
LEARNING AND TEACHING
LEARNING ACTIVITIES AND TEACHING METHODS (given in hours of study time)
| Scheduled Learning & Teaching Activities | 33 | Guided Independent Study | 117 | Placement / Study Abroad |
|---|
DETAILS OF LEARNING ACTIVITIES AND TEACHING METHODS
| Category | Hours of study time | Description |
| Scheduled Learning & Teaching | 22 | Lectures |
| Scheduled Learning & Teaching | 11 | Tutorials or Practical Work |
| Guided Independent Study | 117 | Background Reading and Self-Study |
ASSESSMENT
FORMATIVE ASSESSMENT - for feedback and development purposes; does not count towards module grade
| Form of Assessment | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
|---|---|---|---|
| Tutorials and Practical Work | 11 hours | All | Oral |
SUMMATIVE ASSESSMENT (% of credit)
| Coursework | 40 | Written Exams | 60 | Practical Exams |
|---|
DETAILS OF SUMMATIVE ASSESSMENT
| Form of Assessment | % of Credit | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
|---|---|---|---|---|
| Written exam | 60 | 2 hours (Summer) | all | Oral on request |
| Coursework (Project) | 40 | 50 hours | all | Written |
DETAILS OF RE-ASSESSMENT (where required by referral or deferral)
| Original Form of Assessment | Form of Re-assessment | ILOs Re-assessed | Time Scale for Re-assessment |
|---|---|---|---|
| Written Exam | Written exam (2 hours) | All | August Ref/Def Period |
| Coursework (project) | Coursework (project) | All | August Ref/Def Period |
RE-ASSESSMENT NOTES
Reassessment will be by coursework and/or written exam in the failed or deferred element only. For referred candidates, the module mark will be capped at 50%. For deferred candidates, the module mark will be uncapped.
RESOURCES
INDICATIVE LEARNING RESOURCES - The following list is offered as an indication of the type & level of
information that you are expected to consult. Further guidance will be provided by the Module Convener
information that you are expected to consult. Further guidance will be provided by the Module Convener
https://vle.exeter.ac.uk/
Reading list for this module:
| CREDIT VALUE | 15 | ECTS VALUE | 7.5 |
|---|---|---|---|
| PRE-REQUISITE MODULES | None |
|---|---|
| CO-REQUISITE MODULES | None |
| NQF LEVEL (FHEQ) | 7 | AVAILABLE AS DISTANCE LEARNING | No |
|---|---|---|---|
| ORIGIN DATE | Tuesday 6th October 2020 | LAST REVISION DATE | Wednesday 20th December 2023 |
| KEY WORDS SEARCH | Software security, Threat modelling, Security by design, SDLC, Defensive security |
|---|
Please note that all modules are subject to change, please get in touch if you have any questions about this module.
