[an error occurred while processing this directive] Software Engineering at Oxford | Security Principles ( SPR ) [an error occurred while processing this directive]

Security Principles

Developing secure software requires a great deal more than a knowledge of programming. In security, the ability to understand threats and risks in general, as well as specific security technologies (for example cryptography or security protocols) is paramount. This course discusses these and other issues relating to software and systems security, including banking security and security evaluation.

Frequency

This course normally runs three times a year.

Course dates

Future courses are expected, but yet to be scheduled.

Objectives

At the end of the course, students will

Contents

Introduction
The need for security; types of security (confidentiality, authentication; non-repudiation; service integrity); big picture (network security; host OS security; physical security); multi-level security; trusted systems.
Contexts
Data protection/privacy, electronic payment, secret communications, government security. Risk assessment and social factors.
Cryptography
Number theory: inverses, primes. Basic encryption and decryption: terminology, substitution, stream, and block ciphers; characteristics of good ciphers. Symmetric and asymmetric encryption. Encryption algorithms: DES, RSA, AES, etc. Hashing.
Security Protocols
Goals of protocols: key distribution, authentication, key confirmation. Protocols and attacks: use of public-key and symmetric-key cryptography; Needham-Schroeder Protocols; Kerberos; Diffie-Helmann key exchange; dangers of key compromise. Key management. Advanced protocols: Encrypted Key Exchange; secret sharing.
Applications
Public-key cryptography and ISO authentication framework: design of X.509 certificates, and their uses. Secure sockets layer: SSL and encryption, key exchange protocols, use of X.509 certificates; secure web pages. Electronic signatures: role of hashing and cryptography; MD5 etc.; potential attacks, such as the `birthday book'.
Case Studies
Banking security, ATM, SWIFT, SET standards. Common criteria. Internet security; SSL/TLS, IPsec.

Requirements

There are no particular requirements for this course.


[an error occurred while processing this directive]