University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Facebook
Follow us on twitter
Twitter
Linked in
Linked in
Google plus
Google plus
Digg
Digg
Pinterest
Pinterest
Stumble Upon
Stumble Upon

Security Principles

Developing secure software requires a great deal more than a knowledge of programming. In security, the ability to understand threats and risks in general, as well as specific security technologies (for example cryptography or security protocols) is paramount. This course discusses these and other issues relating to software and systems security, including banking security and security evaluation.

Frequency

This course normally runs three times a year.

Course dates

Future courses are expected, but yet to be scheduled.

Objectives

At the end of the course, students will

  • understand the main issues in computer and information security;
  • have practical experience in the analysis of secure communication protocols;
  • have an overview of the scope of the current leading technologies and standards;
  • be able to evaluate security solutions.

Contents

Introduction
The need for security; types of security (confidentiality, authentication; non-repudiation; service integrity); big picture (network security; host OS security; physical security); multi-level security; trusted systems.
Contexts
Data protection/privacy, electronic payment, secret communications, government security. Risk assessment and social factors.
Cryptography
Number theory: inverses, primes. Basic encryption and decryption: terminology, substitution, stream, and block ciphers; characteristics of good ciphers. Symmetric and asymmetric encryption. Encryption algorithms: DES, RSA, AES, etc. Hashing.
Security Protocols
Goals of protocols: key distribution, authentication, key confirmation. Protocols and attacks: use of public-key and symmetric-key cryptography; Needham-Schroeder Protocols; Kerberos; Diffie-Helmann key exchange; dangers of key compromise. Key management. Advanced protocols: Encrypted Key Exchange; secret sharing.
Applications
Public-key cryptography and ISO authentication framework: design of X.509 certificates, and their uses. Secure sockets layer: SSL and encryption, key exchange protocols, use of X.509 certificates; secure web pages. Electronic signatures: role of hashing and cryptography; MD5 etc.; potential attacks, such as the `birthday book'.
Case Studies
Banking security, ATM, SWIFT, SET standards. Common criteria. Internet security; SSL/TLS, IPsec.

Requirements

There are no particular requirements for this course.