Modern computer applications are typically exposed to the Internet via the host machine or a networked system, thus making them vulnerable to attack from many different entities on a global scale. Developing secure applications means designing, implementing and testing code that can withstand attacks by malicious entities. Additional challenges are posed by the trend towards DevOps, i.e. merged development and operations phases, as well as the increased use and combination of technologies such as IoT and ICS applications, and hybrid and converged deployments. These trends enable rapid applications development, but also increase the potential for security vulnerabilities. The core cybersecurity principles of confidentiality, availability and integrity can be disrupted by attacks on insecure systems and applications, leading to financial and reputational loss, and possibly legal prosecution. 

This module covers fundamental issues that need to be understood when designing and building secure systems and applications. It aims to provide students with an overview of the common technical security controls available to prevent security incidents and to mitigate risk, as well as an understanding of the importance of secure development processes, security policies, and appropriate project management. 

Note: The module focusses on the development phase. Maintaining security throughout operation is taught in the accompanying module “Cybersecurity Operations”. 

1.       Compare and contrast common technical security controls available to prevent, detect and recover from security incidents and to mitigate risks. 
2.         Articulate security architectures relating to business needs using available tools, standards and protocols. 
3.         Deliver systems assured to have met their security profile using accepted methods and development processes. 
4.         Critically analyse the correctness and properties of secure systems 
5.         Justify the selection of different cryptosystems 
6.         Critically analyse recent cyber security case studies 

This module will be delivered through a combination of traditional lecture and flipped learning with a blend of lectures, supervised lab sessions, workshops, guest sessions from industry practitioners, face to face small group sessions (e.g. help classes, feedback sessions), and team meetings as appropriate. 

Teamwork 

Communication skills – discussions, report 

Critical assessment 

Research of relevant resources 

Concise writing 

There are 2 assessments in the module: 

Assessment 1 (30%) - Class Test (Quiz covering LO 3, 5), A multiple choice-based quiz will be conducted either online or in class that will assess the understanding of the students about the topics covered. 

Assessment 2 (70%) - Technical Report (LO 1, 2, 4, 6). The coursework will be a technical report that will give students an opportunity to use their knowledge and understanding, do online research, and ability to apply some of the taught course content. The students are either given with a network architecture or expected to choose one of the given topics of cyber security domains (or they can propose their own, if suitable) and then explore security attacks and issues related to that topic along with associated challenges in resolving such issues, start of the art solutions, and choosing the best/suitable solutions to address specific security issues. 

Formative assessments will take place during the semester prior to summative assessment and regular feedback will be provided to students in the form of model answers and group discussions of common issues. 

Students will be provided with reassessment opportunities in line with University regulations. 

• Attacks and Security Properties: Security Properties (CIA), Threat Landscape and Modelling. 

• Symmetric Key Cryptography: Cipher and algorithm types (e.g. AES), One-time password, attackers’ capabilities. Selected topics and choosing appropriate mechanisms. 

• Public Key Cryptography: Cipher and algorithm types (e.g. DHKE, RSA), applications to confidentiality, integrity and authentication, PKI (including key management). Selected topics and choosing appropriate mechanisms. 

• Hashing and Digital Signature: hash function, MAC function, digital signature algorithms. 

• Threshold cryptography, secure multi-party computation, zero-knowledge proof, Introduction to Blockchain and quantum cryptography. 

• Authentication: Types and techniques. Choosing appropriate mechanisms and case studies (e.g. cellular networks). 

• Email Security. Spam and phishing security. Choosing appropriate mechanisms 

• Communications: OSI and TCP/IP models, Network security, Network devices, IPSec, IDS. Choosing appropriate mechanisms 

• Web Security: Broken authentication, SSL/TLS, Single sign-on, Kerberos. choosing appropriate mechanisms. 

• CNI, SCADA, ICS/OT, CPS security, automotive, smart grid, AMI security, Stuxnet case study.