COMP0107 Language Based Security

This database contains the 2018-19 versions of syllabuses.

Note: Whilst every effort is made to keep the syllabus and assessment records correct, the precise details must be checked with the lecturer(s).

Academic session

2018-19

Module

Language Based Security

Code

COMP0107

Module delivery

1819/A7P/T2/COMP0107 Postgraduate

Related deliveries

1819/A7U/T2/COMP0107 Masters (MEng)

Prior deliveries

COMPGS10

Level

Postgraduate

FHEQ Level

L7

FHEQ credits

15

Term/s

Term 2

Module leader

Clark, David

Contributors

Clark, David

Module administrator

Nolan, Martin

Aims

The aim of this module is to provide students with specialist knowledge and understanding to solve software related problems associated with the security of software systems.

Learning outcomes

On successful completion of the module, a student will be able to:

  1. understand the relationship between computer program design and security.
  2. understand how various security-related properties of computer programs are formulated and guaranteed.
  3. understand how to apply in-depth knowledge of a variety of contexts.

Availability and prerequisites

This module delivery is available for selection on the below-listed programmes. The relevant programme structure will specify whether the module is core, optional, or elective.

In order to be eligible to select this module as optional or elective, where available, students must meet all prerequisite conditions to the satisfaction of the module leader. Places for students taking the module as optional or elective are limited and will be allocated according to the department’s module selection policy.

Programmes on which available:

  • MSc Computer Science
  • MSc Software Systems Engineering

Prerequisites:

To be eligible to select this module, students must have:

  • an understanding of the basics of programming and software engineering.

Content

The course covers in depth major issues in computer security related to computer programming, in particular it provides a detailed treatment of theory and practice for:

  1. Vulnerabilities and faults
  2. Secure information flow

Students will be introduced to removal of vulnerabilities of code via fault detection. Topics covered will include Data Flow Analysis and Fuzz Testing.

The bulk of the course will be devoted to theory and practice of secure information flow. Students will learn how to use dependence analysis extracted via a slicing tool to do practical information flow control. They will learn how type systems can be used to assess information flow properties such as confidentiality and tainting. They will be taught some underlying theory and progress to more advanced topics such as flow sensitive type systems, information erasure, declassification, Secure Multi Execution and measuring information flow. Concepts will be illustrated with code examples and techniques supported by tools such as JIF, PARAGON, CBMC and LeakWatch.

An indicative reading list is available via http://readinglists.ucl.ac.uk/departments/comps_eng.html.

Delivery

The module is delivered through a combination of lectures, problem solving sessions and training on laboratory tools.

Assessment

This module delivery is assessed as below:

#

Title

Weight (%)

Notes

1

Unseen written examination (2hrs 30mins)

70

 

2

Review essay

15

 

3

Technical exercise

15

 

In order to pass this module delivery, students must achieve an overall weighted module mark of 50%.