COMP0107 Language Based Security
This database contains the 2018-19 versions of syllabuses.
Note: Whilst every effort is made to keep the syllabus and assessment records correct, the precise details must be checked with the lecturer(s).
Language Based Security
The aim of this module is to provide students with specialist knowledge and understanding to solve software related problems associated with the security of software systems.
On successful completion of the module, a student will be able to:
- understand the relationship between computer program design and security.
- understand how various security-related properties of computer programs are formulated and guaranteed.
- understand how to apply in-depth knowledge of a variety of contexts.
Availability and prerequisites
This module delivery is available for selection on the below-listed programmes. The relevant programme structure will specify whether the module is core, optional, or elective.
In order to be eligible to select this module as optional or elective, where available, students must meet all prerequisite conditions to the satisfaction of the module leader. Places for students taking the module as optional or elective are limited and will be allocated according to the department’s module selection policy.
Programmes on which available:
To be eligible to select this module, students must have:
The course covers in depth major issues in computer security related to computer programming, in particular it provides a detailed treatment of theory and practice for:
- Vulnerabilities and faults
- Secure information flow
Students will be introduced to removal of vulnerabilities of code via fault detection. Topics covered will include Data Flow Analysis and Fuzz Testing.
The bulk of the course will be devoted to theory and practice of secure information flow. Students will learn how to use dependence analysis extracted via a slicing tool to do practical information flow control. They will learn how type systems can be used to assess information flow properties such as confidentiality and tainting. They will be taught some underlying theory and progress to more advanced topics such as flow sensitive type systems, information erasure, declassification, Secure Multi Execution and measuring information flow. Concepts will be illustrated with code examples and techniques supported by tools such as JIF, PARAGON, CBMC and LeakWatch.
An indicative reading list is available via http://readinglists.ucl.ac.uk/departments/comps_eng.html.
The module is delivered through a combination of lectures, problem solving sessions and training on laboratory tools.
This module delivery is assessed as below:
Unseen written examination (2hrs 30mins)
In order to pass this module delivery, students must achieve an overall weighted module mark of 50%.