MSc Information Security

Award:  
Master of Science (MSc)
Level:Postgraduate
Duration:1 Year
Fees:UK/EU £10,765
Overseas £23,690

Programme Contact: email advancedmsc-admissions@cs.ucl.ac.uk

Research Group: Information Security Research Group

Application Deadline: 1 August 2015


Our degree

Information Security provides the foundations for a rewarding career in the growing cyber security industry or further doctoral research. International security experts teach a balance of established theory and cutting edge practice, equipping graduates with the broad expertise necessary to succeed in information security. The course is supported by industry experts and leading companies who engage with students through joint projects and guest lectures.

UCL is one of eight UK universities conducting world class research in the field of cyber security that have been awarded “Academic Centre of Excellence in Cyber Security Research” status.

The Academic Centre of Excellence status has been awarded by GCHQ in partnership with the Research Councils’ Global Uncertainties Programme (RCUK) and the Department for Business Innovation and Skills (BIS). Other universities will also become Centres in the near future as part of an ongoing process.

- See more at: www.ucl.ac.uk/news/news-articles/1204/120402-UCL-awarded-excellence-status-in-cyber-security-research

UCL is one of eight UK universities conducting world class research in the field of cyber security that have been awarded “Academic Centre of Excellence in Cyber Security Research” status.

The Academic Centre of Excellence status has been awarded by GCHQ in partnership with the Research Councils’ Global Uncertainties Programme (RCUK) and the Department for Business Innovation and Skills (BIS). Other universities will also become Centres in the near future as part of an ongoing process.

- See more at: www.ucl.ac.uk/news/news-articles/1204/120402-UCL-awarded-excellence-status-in-cyber-security-research

UCL is one of eight UK universities conducting world class research in the field of cyber security that have been awarded “Academic Centre of Excellence in Cyber Security Research” status.

The Academic Centre of Excellence status has been awarded by GCHQ in partnership with the Research Councils’ Global Uncertainties Programme (RCUK) and the Department for Business Innovation and Skills (BIS). Other universities will also become Centres in the near future as part of an ongoing process.

- See more at: www.ucl.ac.uk/news/news-articles/1204/120402-UCL-awarded-excellence-status-in-cyber-security-research;

UCL is one of eight UK institutions to be awarded 'Academic Centre of Excellence in Cyber Security Research' status by GCHQ, in partnership with the Research Councils Global Uncertainties Programme (RCUK) and the Department for Business Innovation and Skills (BIS). Information Security students at UCL won the first UK Cyber Security Challenge in Code Cracking (2013).

Our graduates

Information Security graduates are keenly sought by the world's leading security organisations and are particularly valued as a result of the Department's international reputation, strong links with industry, and ideal location close to the City of London.

Top graduate destinations include:       

  • IBM
  • Ernst & Young
  • Cisco
  • KPMG

Top graduate roles include:                

  • Security Consultant
  • Secure Software Design
  • Information Protection Advisor
  • Security Analyst

Top further study destinations:

  • University of Cambridge
  • UCL

Average starting salary £31,200 (all data from Graduate Surveys, January 2013)

Our staff

Information Security staff are recognised globally for their research, most notably in cryptography and human-centred approaches to security, privacy and trust, and include expertise from areas such as Software Systems Engineering, Human-Computer Interaction and Systems and Networked Centred Systems.

Dr Earl Barr

Dr Earl Barr

Lecturer.

Research interests: include program analysis, information theory, and optimisation.

Teaches 'Malware' module.

Email e.barr@cs.ucl.ac.uk

Webpage www.earlbarr.com  

Office 7.05 Malet Place Engineering Building

Dr David Clark

Dr David Clark

MSc Information Security Programme Director, Senior Lecturer.

Research interests: analysis and verification, understanding software and specifications, reasoning about them, providing that they satisfy desirable properties, showing that they behave properly.

Teaches 'Language Based Security' module.

Email d.clark@cs.ucl.ac.uk

Webpage http://www0.cs.ucl.ac.uk/staff/D.Clark/

Office 7.02 Malet Place Engineering Building

Dr George Danezis

Dr George Danezis

Reader in Security & Privacy Engineering.

Research interests: include computer security, privacy traffic analysis and statistical inference. Has worked extensively on the design and analysis of anonymous communications systems (like Tor), on smart metering privacy and peer-to-peer networking and social network  security. Has a special interest in the application of modern machine learning to security problems.

Teaches 'Computer Security I' and 'Privacy Enhancing Technologies' modules.

Email g.danezis@cs.ucl.ac.uk

Webpage http://www0.cs.ucl.ac.uk/staff/G.Danezis/

Office 614 Malet Place Engineering Building

Dr Emiliano De Cristofaro

Dr Emiliano De Cristofaro

Senior Lecturer.

Research interests: privacy enhancing technologies, security and applied cryptography.

Teaches 'Computer Security II' and 'Introduction to Cryptography' modules.

Email e.decristofaro@cs.ucl.ac.uk

Webpage http://www.emilianodc.com/

Office 6.04 Malet Place Engineering Building

Dr Jens Groth

Dr Jens Groth

Reader in Cryptology.

Research interests: cryptography including zero-knowledge proofs, mix-nets used in anonymization and electronic voting, digital signatures with advances properties, and pairing-based cryptography.

Email j.groth@cs.ucl.ac.uk

Webpage http://www0.cs.ucl.ac.uk/staff/j.groth/

Office 7.21a Malet Place Engineering Building

Dr Jens Krinke

Dr Jens Krinke

Senior Lecturer.

Research interests: include program analysis; malware analysis; taint analysis; information flow control; bug detection; clone detection.

Teaches 'Language Based Security' and 'Malware' modules.

Email j.krinke@cs.ucl.ac.uk

Webpage http://www0.cs.ucl.ac.uk/staff/j.krinke/

Office 5.06 Malet Place Engineering Building

Dr Sarah Meiklejohn

Dr Sarah Meiklejohn

Lecturer.

Research interests include: security and cryptography.

Email s.meiklejohn@cs.ucl.ac.uk

Webpage http://www0.cs.ucl.ac.uk/staff/S.Meiklejohn/

Office 4.13 Malet Place Engineering Building

Dr Steven Murdoch

Dr Steven Murdoch

Principal Research Fellow.

A Royal Society University Research Fellow in the Information Security Research Group of University College London, working on developing metrics for security and privacy. His research interests include authentication/passwords, banking security, anonymous communications, censorship resistance and covert channels. He has worked with the OpenNet Initiative, investigating Internet censorship, and for the Tor Project, on improving the security and usability of the Tor anonymity system. His current research on developing methods to understand complex system security is supported by the Royal Society. He is also working on analysing the security of banking systems, especially Chip & PIN/EMV, and is Innovation Security Architect of Cronto, an online authentication technology provider and part of the VASCO group.

Email s.murdoch@cs.ucl.ac.uk

Webpage http://www0.cs.ucl.ac.uk/staff/S.Murdoch/

Office 4.13 Malet Place Engineering Building

Prof David Pym

Prof David Pym

Professor of Information, Logic, and Security.

Research interests: includes those primarily concerned with questions of policy and the interaction between policy and system architecture, with a particular perspective provided by economics. Also interested in logical approaches to access control policy in which the interplay between policy architecture and system architecture is considered explicitly. Further interests are in the security of critical national infrastructure, particularly from the perspective of security economics.

Also Head of the Programming Principles, Logic & Verification Research Group.

Email d.pym@cs.ucl.ac.uk

Webpage http://www0.cs.ucl.ac.uk/staff/D.Pym/

Office 6.19 Malet Place Engineering Building

Prof Angela Sasse

Prof Angela Sasse

Head of Information Security Research Group.

Research interests: how we design and implement innovative technologies that are fit for purpose, value for money, and improve productivity and well-being of individuals and society.

Teaches 'People & Security' module.

Also Director of the Research Institute in Science of Cyber Security. 

Email a.sasse@cs.ucl.ac.uk

Webpage http://sec.cs.ucl.ac.uk/people/m_angela_sasse/

Office 6.06 Malet Place Engineering Building

Dr Gianluca Stringhini

Dr Gianluca Stringhini

Lecturer.

Research interests: various fields of computer security, in particular social network security, web security, botnet mitigation, and cyber crime analysis. PhD dissertation studied the different ways in which malicious and legitimate users use online services (such as social networks, web-based email services, and blogs), and has developed mitigation techniques that leverage such differences to detect malicious activity.

Teaches 'Computer Security II' module.

Email g.stringhini@cs.ucl.ac.uk

Webpage http://www0.cs.ucl.ac.uk/staff/G.Stringhini/

Office 4.13 Malet Place Engineering Building

Our modules

MSc Information Security consists of 8 taught modules and a thesis. The PG Diploma programme comprises the taught modules only (no thesis). All students take 4 core modules and 4 optional modules. The 4 core modules are:

COMPGA01 - Computer Security 1

CodeCOMPGA01 (Also taught as COMPM062)
YearMSc
PrerequisitesNone
Term1
Taught ByGeorge Danezis (100%)
AimsThis module provides an introduction to computer security concepts and techniques. It covers core security principles to engineer systems that provide certain properties, like confidentiality, integrity or availability, despite the efforts of malicious entities to subvert them. We will study military and commercial security design patterns, but also topics around privacy, censorship, or pervasive surveillance. All topics are approached from a security engineer perspective, but also from the perspective of someone who aims to bypass security protections.
Learning OutcomesStudents will learn how to recognise security properties of systems, as well as formulate security policies, and model the threats they may face. Through exposure to a number of established industry and government security mechanisms and design patterns, they will be able to select appropriate controls to guarantee that the security policies are robustly implemented and may sustain efforts to subvert them. Conversely, students will gain skills in analysing computer systems, and developing strategies to bypass security controls. 

Content:

The course is organized in 10 topics. The first half of the course covers basic principles; access control; UNIX, Windows and Android security; high-confidentiality government systems; high-integrity commercial systems, including banking and medical informatics. The second half dives goes into the details of technical protection mechanisms and computer attacks including hardware mechanisms; network defences and attacks; authentication & identification; and applied cryptography.

Method of Instruction:

Lecture presentations with associated class coursework.

Assessment:

The course has the following assessment components:

  • Written Examination (2.5 hours, 85%)
  • Coursework Section (1 piece, 15%) due in week 10.

To pass this course, students must:

  • Obtain an overall pass mark of 50% for all sections combined

Resources:

Dieter Gollmann "Computer Security" (3rd edition, but 2nd is also fine) - available in the UCL library

http://www.amazon.com/Computer-Security-Dieter-Gollmann/dp/0470741155

Ross Anderson "Security Engineering"

http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/

(Also available on-line at: http://www.cl.cam.ac.uk/~rja14/book.html

COMPGA02 - Computer Security 2

CodeCOMPGA02
YearMSc
PrerequisitesN/A
Term2
Taught ByEmiliano De Cristofaro (50%) and Gianluca Stringhini (50%)
AimsProviding an advanced understanding of network and computer security vulnerabilities and countermeasures in real-world systems.
Learning OutcomesStudents will learn how to think critically and creatively about security. They will learn how, when and why to apply security technologies for the most benefit. Students will familiarize with, and learn how to overcome, the challenges of security and cryptography software design and implementation.

Content:

Network protocols and vulnerabilities; Network defenses;Firewalls, Intrusion & Anomaly Detection,Anti-virus protection; Software and system security: threats, vulnerabilities,and countermeasures via real-world examples; Malware and botnets;Authentication, identification, and identity management; Cryptographic software implementation; Network Security tools;Penetration Testing

Method of Instruction:

Lecture presentations and laboratory sessions with associated coursework

Assessment:

The course has the following assessment components:

  • Written Examination (2.5 hours, 70%)
  • Coursework (30%)

To pass this course, students must:

  • Obtain an overall pass mark of 50% for all sections combined

Resources:

Dieter Gollmann, "Computer Security" (3rd edition).

Ross Anderson, “Security Engineering”.

William Stallings, “Cryptography and Network Security”.

C.P. Pfleeger and S.L. Pfleeger, “Analyzing Computer Security: A

Threat/Vulnerability/Countermeasure

Approach”. 

COMPGA03 - Introduction to Cryptography

Code COMPGA03
Year MSc
Prerequisites N/A
Term 1
Taught By Emiliano De Cristofaro (100%)
Aims For many centuries the goal of cryptography was the protection of privacy of communications. Computers, digital communication and in particular the internet have brought an abundance of new security goals. Examples are: anonymity, authenticity, non-repudiation, authorized wiretapping (called law enforcement), and traceability. To each need corresponds security mechanisms to achieve it. The goal of the course is to make students familiar with such techniques and some of the foundations of these methods. In particular students will be confronted with a range of security objectives, different levels of security that can be achieved and some available cryptographic techniques that can be used.
Learning Outcomes Students start learning how to think from an adversarial viewpoint. The goal is to become familiar with basic techniques to protect data in computer and communication environments against several different varieties of fraud.

Content:

Classical cyphers
Cryptanalysis of classical ciphers
Probability theory
Perfect security
Block cyphers
DES
AES
Block cipher modes of operation
Private-key encryption
Chosen plaintext attacks
Randomised encryption
Pseudorandomness
Chosen cyphertext attacks
Message authentication codes
Private-key authentication
CBC-MAC
Pseudorandom functions
CCA-secure private-key encryption
Hash functions
Integrity
Pre-image resistance
2nd pre-image resistance
Collision freeness
SHA-256
NMAC/HMAC
Key distribution
Key distribution centres
Modular arithmetic and group theory
Diffie-Hellman key exchange
Public-key Distribution
EIGamal encryption
Cramer-Shoup encryption
Discrete logarithm problem
Digital Signatures
RSA signatures
RSA-FDH and RSA-PSS signatures
DSA signatures
X.509 certificates
Certification paths

Method of Instruction:

Tutor-led class sessions, problem-solving sessions and private study

Assessment:

The course has the following assessment components:

  • Coursework Section (several pieces, 25%)
  • Written Examination (2.5 hours hours, 75%)

To pass this course, students must:

  • Obtain an overall pass mark of 50% for all sections combined

Resources:

Katz and Lindell: Introduction to Modern Cryptography. Chapman & Hall/ CRC Press, 2007.

COMPGA11 - Research in Information Security

Code COMPGA11
Year MSc
Prerequisites None
Term 2
Taught By Steven Murdoch (100%)
Aims To develop an understanding of what research in information security is about, how to identify a contribution, what the quality standards in scientific publications are, and to study selected technical sub-topics in depth.
Learning Outcomes Students will be exposed to research on information security, by reading quality technical research papers in information security.

Content:

Content
Students attend lectures and read scientific papers within an area of information security. The students will present a scientific paper in class, write two short reviews of papers presented in class, and write one detailed report about one paper in particular.

Method of Instruction:

Lectures and directed study on information security literature

Assessment:

The course has the following assessment components:

  • Oral presentation in class (20%)
  • Coursework (20%)
  • Report (60%)

To pass this course, students must:

  • Obtain a combined mark of at least 50%

Resources:

Original scientific literature from proceedings or journals.

Students will normally select their 4 options from the following list:

COMPGZ03 - Distributed Systems and Security

CodeCOMPGZ03 (Also taught as: COMPM030)
Year4
Prerequisitesgood understanding of object-oriented programming and design and networking protocols
Term1
Taught ByBrad Karp (100%)
AimsThe first half of the class explores the design and implementation of distributed systems in case-study fashion: students read classic and recent research papers describing ambitious distributed systems. In lecture, students critically discuss the principles that cause these systems to function correctly, the exten to which these systems solve the problem articulated by the authors and the extent to which the problem and solution chosen by the quthors are relevant in practice. The second half of the class explores computer system security, again, largely in case-study fashion.
Learning OutcomesCorrectness under concurrency is a central challenge in distributed systems and one that can only fully be understood through experience of building such systems (and encountering subtle bugs n them). To give students experience of this sort, the module includes one significant programming coursework in C, in which the students implement a simple distributed system that must provide an ordering guarantee. Further written coursework helps students solidify their understanding of the security material in the class.

Content:

Course introduction; OS concepts

Design: Worse is Better; Concurrent IO; RPC & Transparency

Ivy: Distributed Shared Memory

Bayou: Weak Connectivity and Update Conflicts; GFS: The Google File System

RouteBricks: Cluster-Based IP Router; Introduction to Security; User Authentification

Cryptographic Primitives I; Cryptographic Primitives II;

Secure Sockets Layer (SSL); Reasoning Formally about Authentification : TAOS

Software Vulnerabilities and Expoits; Preventing Exploits

Containing Buggy Code: Software-based Fault Isolation; OKWS: Approximating Least Privilege in a Real-World Web Server

Method of Instruction:

Lectures, case-studies

Assessment:

The course has the following assessment components:

  • Written Examination (2.5 hours, 70%)
  • Coursework Section (30%)

To pass this course, students must:

  • Obtain an overall pass mark of 50% for all sections combined

COMPGA10 - People and Security

Code COMPGA10 (Also taught as: COMPM061)
Year MSc
Prerequisites Knowledge of basic information security principles, and essay-writing skills. Students who are not enrolled in Infosec need to attain permission from the module tutor (AS) to enrol; this requires an interview in person.
Term 1
Taught By Angela Sasse (100%)
Aims Students will be able to specify usability criteria that a security mechanism has to meet to be workable for end-user groups and work contexts; - know the strengths and weaknesses of particular security mechanisms in practice, and hence be able to choose and configure mechanisms for best performance in a given organisational context; and - be able to specify accompanying measures (policies, training, monitoring and ensuring compliance) that a user organisation needs to implement to ensure long-term security in practice.
Learning Outcomes Students will be able to apply their knowledge of human factors to computer security

Content:

Introduction: The Human Factor in Security
Systemic approach to security design
Users, tasks and context
Why only usable security is effective security?
Basic concepts from security and risk analysis
Authentication mechanisms and their usability issues
Knowledge-based authentication
Passwords
PINs
Passphrases
Graphical Passwords
Challenge-Response systems
Improving KBA: personal entropy
Credential recovery
Token-based authentication
Securid tokens
Smartcards
Biometric authentication
Physical Biometrics: Finger, Iris, Face
Behavioural Biometrics: Voice, digital signature, gait, typing
Enrolment
Verification
User perception and acceptance of biometrics
Security tasks and business processes
Security as a supporting task
Deriving performance requirements from production tasks
Security mechanisms and context of use
Risk analysis and risk management
The AEGIS method
User education and training
Identifying user perceptions
Designing security training
Changing user perceptions and behaviour
Motivational approaches
Security tests
User interfaces to security tools
Social engineering
Organisational issues
Security culture
Responsibility and communication
Designing security policies
Monitoring and compliance
Insider threats
Trust
Enterprise security
Customer requirements for security
Data protection
Privacy
Attacks and Attackers
Surveillance and monitoring
CCTV
RFID
Automated Detection

Method of Instruction:

Lecture presentations and classroom-based coursework

Assessment:

The course has the following assessment components:

  • Written Examination (2.5 hours, 90%)
  • Coursework (10%)

To pass this course, students must: Obtain a mark of at least 50% in all sections combined.

Resources:

Lorrie Faith Cranor and Simson Garfinkel, 'Security and Usability: Designing Secure Systems that People Can Use', 2005.

Bruce Schneier, 'Beyond Fear - Thinking Sensibly About Security in an Uncertain World', 2005.

COMPGA12 - Applied Cryptography

CodeCOMPGA12 (Also taught as COMPM064)
YearMSc
PrerequisitesN/A
Term2
Taught ByNicolas Courtois (100%)
AimsUnderstanding how cryptographic algorithms keys and protocols, and an appropriate hardware/software environment can solve security problems (confidentiality integrity authenticity). Showing how security is achieved in real-life systems in areas of payment, telecom, buildings/transportation, government/identity etc. Study of legal, ethical, business and usability questions. Technology adoption, understanding the smart cards and RFID market. Promotion of ‘best practices’. Understanding attacks and vulnerabilities of current industrial standards. Side-channel attacks and countermeasures.
Learning OutcomesLearning how security problems are solved in the industry, and understanding why specific choices are made. Understanding security (attacks and defences) in complex real-life systems and the role of keys, cryptographic algorithms and protocols, tamper resistant hardware and other types of countermeasures.

Content:

Key generation and management

Encryption

Message authentication

Digital signatures and timestamping

Security definitions and secure padding schemes

Hard problems and key sizes

Best practices and standardized cryptographic algorithms

Security engineering principles

Smart cards and RFID

Side-channel attacks and countermeasures

Applications of cryptographic algorithms

Bank cards and terminals

Electronic passports

RFID systems in public transportation and automobiles

Smart cards and mobile phone security

Financial cryptography, payment systems, crypto currencies, bitcoin.

Method of Instruction:

Tutor-led class sessions, problem-solving sessions and private study

Assessment:

The course has the following assessment components:

  • Written Examination (2 hours, 80%)
  • Compulsory Assessed Orals (10 minute presentation, 20%)

To pass this course, students must: Obtain a mark of 50% or more for all components combined

    Resources:

    Lecture notes to be provided in class

    Recommended texts: Anderson, R. 'Security Engineering' Wiley 2006. W. Rankl and W. Effing, 'Smart Card Handbook' Wiley 2003.

    Mayes, K. and Markantonakis K (Editors) 'Smart Cards, Tokens, Security and Applications' Springer 2006.

    COMPGA14 - Information Security Management

    Code COMPGA14
    Year MSc
    Prerequisites None
    Term 1
    Taught By Granville Moore (100%)
    Aims The course will provide the student with an understanding of the principles of information security management that are commonly used in business. It will introduce the student to commonly used frameworks and methods and explore critically the suitability and appropriateness of these for addressing today's organisational security needs.
    Learning Outcomes The successful participant will:
    • have an understanding of the key themes and principles of information security management and be able to apply these principles in designing solutions to managing security risks effectively;
    • understand how to apply the principles of information security management in a variety of contexts;
    • have an appreciation of the interrelationship between the various elements of information security management and its role in protecting organisations.

    Content:

    Content
    The course covers the principles of applied information security management and is suitable for those who are looking for an in-depth understanding of security management in medium to large organisations. The course comprises the following topics: governance and security policy, threat and vulnerability management, incident management, risk management, information leakage, crisis management and business continuity, legal and compliance, security awareness and security implementation considerations.
    Under these broad headings, the following areas covered: ISO 27000 series and the Plan-Do-Check-Act model, assessment of threats and vulnerabilities, incident response, forensics and investigations, risk assessment and risk management frameworks, dealing with classified/ sensitive data, contingency planning, legal and regulatory drivers and issues, certification, common criteria, securiy awareness, education and training, and practical considerations when implementing the frameworks to address current and future threats.

    Method of Instruction:

    The module is delivered through a combination of lectures, classroom exercises and group discussion.

    Assessment:

    The course has the following assessment components:

    • Unseen written examination (100%)

    To pass this course, students must:

    • Obtain a mark of at least 50%

    Resources

    Resources can be found on Moodle.

    COMPGA16 - Malware

     CodeCOMPGA16 (Also taught as: COMPM066)
    YearMsc
    PrerequisitesAn understanding of the basics of programming and software engineering.
    Term1
    Taught ByDavid Clark (Module Leader), Jens Krinke, Earl Barr, Paul Gill
    AimsTo provide students with(1) Specialist understanding of the issues and techniques in malware detection andclassification(2) Broad understanding of the human, social, economic and historical context inwhich malware exists and is deployed.
    Learning OutcomesSuccessful completion of this course will provide students with a specialist understanding of the nature of malware, its capabilities, and how it is combatted through detection and classification. Students will understand what are the underlying scientific and logical limitations on society’s ability to combat malware. Furthermore, students should have an appreciation and broad understanding of the social, economic and historical context in which malware occurs.

    Content

    Understanding of the issues in combatting malware through detection and classification. Topics to be covered include:

    1. Introductiona. The taxonomy of malware and its capabilities: viruses, Trojan horses, rootkits, backdoors, worms, targeted malwareb. History of malware

    2. The social and economic context for malware: crime, anti-malware companies, legal issues, the growing proliferation of malware

    3. Basic Analysisa. Signature generation and detectionb. clone detection methods

    4. Static Analysisa. System calls: dependency analysis issues in assembly languages; semantic invariance of system call sequences

    5. Dynamic Analysisa. virtualization: semantic gapb. reverse engineering

    6. Hidinga. Polymorphism:    i. compression   ii. encryption   iii. virtualizationb. Metamorphism   i. high level code obfuscation engines    ii. on-board metamorphic engines    iii. semantics-preserving rewritingsc. Frankenstein

    7. Behaviour/Semantic detection methodsa. abstract interpretation b. taint-based analysesc. semantic clones

    8. The theory of malware:a. Rice’s theorem and the undecidability of semantic equivalence, b. Adleman’s proof of the undecidability of the presence of a virus, c. Cohen’s experiments on detectability and self-obfuscation

    9. Problems in large scale classification: a. scalability, b. triage methodsc. Required FP rate

    10. Human issues in malware (social engineering)a. deceptionb. misrepresentationc. safe behaviours

    Method of instruction

    Lectures, class-room based exercises and occasional labs

    Assessment

    Examination: 70%

    Coursework: 30%

    Reading

    Practical Malware AnalysisThe Hands-On Guide to Dissecting Malicious SoftwareBy Michael Sikorski, Andrew Honig


    Other texts and papers as advised.

    COMPGA17 - Privacy Enhancing Technologies

     CodeCOMPGA17
    YearMSc
    PrerequisitesNo (COMPGA01 -- Computer Security 1 recommended)
    Term2
    Taught ByGeorge Danezis (100%)
    AimsUpon completion of the course the students are expected to be
    1. specialists in understanding the issues around privacy in computer systems and on-line services;
    2. aware of the best available techniques for mitigating important privacy threats through appropriate security controls, namely the use of private communications, private authentication and private computations;
    3. be able to securely implement those techniques, as well as familiar with the process of building secure systems (design review, code review and white-box pen testing).
    Learning OutcomesKey knowledge:
    • Basic and advanced conceptions of privacy;
    • Techniques used for on-line tracking and pervasive surveillance infrastructures;
    • Privacy in authentication;
    • Selective disclosure credentials and zero-knowledge proofs; anonymous e-cash systems;
    • Anonymous communications and Tor; Traffic analysis;
    • Privacy in databases and storage systems;
    • Censorship and censorship evasion;
    • Private computations using homomorphic encryption and secret sharing.
    Key understanding:
    • Different privacy paradigms.
    • Incentives for protecting or violating privacy.
    • Trade-offs between quality of protection and cost, bandwidth and latency in anonymous communications.
    • Unconditional anonymity and long term attacks on imperfect schemes.
    • Identity management and relation to privacy.
    • Selective disclosure and its relation to authorization in computer security.
    • Understanding of class of problems zero-knowledge techniques can address.
    • Understanding of the completeness of private computation techniques.
    • Trade-offs in the use of Homomorphic encryption versus multi-party computation.
    • Appreciation for the computational complexity of expressing computations as circuits.
    • Understanding of differential privacy properties and mechanisms.
    • The inherent difficulty in anonymizing datasets instead of query results.

    Key skills:

    • Can perform a privacy audit and a privacy impact assessment;
    • Can draft a privacy notice.
    • Can analyze an authentication protocol for privacy features.
    • Can design a ZK protocol to prove linear, multiplicative relations of secrets.
    • Can use a CL-signature to build a simple credential scheme.
    • Can build a simple e-cash scheme.
    • Can build a simple anonymity channel.
    • Can perform a long term traffic analysis attack (statistical disclosure)
    • Can analyze a protocol for differential privacy properties.
    • Can devise tracker attacks against k-anonymous / ad-hoc anonymization schemes.
    • Can write secure cryptographic software according to a specification.
    • Can write conformance tests for cryptographic software.
    • Can perform design and code reviews on cryptographic software.
    • Can write bug reports and communicate mitigation to others.
    • Can perform a white-box penetration text on cryptographic software.

    Content

    The course covers in depth major issues in computer security related to protecting privacy as well as threats to the privacy of computer users. In particular is covers the theory and practice of:

    (1) Private communications, anonymous communications, censorship circumvention and traffic analysis.

    (2) Private authentication, selective disclosure credentials for identify management, and zero-knowledge proof techniques.

    (3) Private statistics and computations through homomorphic encryption and secure multi-party computation and differential privacy.

    Students are introduced to both privacy threats such as pervasive surveillance, profiling, location analysis, and traffic analysis, as well as the technical mitigation techniques relying on modern cryptography and differential privacy. 

    The course starts with an introduction to the social, economic and legal context of privacy protection, privacy policies and standard privacy practices. At the same time standard threats to on-line privacy such as profiling, and location analysis are discussed. 

    The course then covers in depth techniques to achieve strong private communications that hide both content and the meta-data associated with whom is talking to who (anonymous communications). These are studied in the context of private polling and elections.  

    The students are then introduced to techniques to mitigate abuses arising from anonymous communication, while preserving privacy, through the use of private authentication, and selective disclosure credentials that can be used to build digital cash systems. The engineering of zero-knowledge proofs and their use as building blocks of privacy enhancing technologies will be studied in detail.

    Finally, students are introduced to the problem of computing on private data using simple homomorphic encryption schemes as well as modern secure multi-party computation techniques. Statistical disclosure control is discussed, ad-hoc techniques are analyzed and defeated, and techniques based on differential privacy discussed.

    Method of Instruction

    The course is delivered in 30 hours split between 20 hours of lectures and 10 hours of supervised labs to support programming exercises. For the labs and programming exercises students, will be expected to run a pre-configured virtual machine using “VirtualBox” and be familiar with basic programming in C or Python.

    Assessment

    This course has the following assessment components:

    Written Exam (50%, 2.5 hours)

    Lab Work (30%) – programming exercises building privacy enhancing technologies. 

    Course Work (20%) – report of programming exercises and short essay on privacy by design.

    Resources

    See Moodle page

    COMPGA18 - Cryptanalysis

    CodeCOMPGA18 (Also taught as COMPM068)
    YearMSc
    PrerequisitesIntroduction to Cryptography COMPGA03
    Term2
    Taught ByNicolas Courtois and Christophe Petit
    AimsWe will attempt to cover all major topics in cryptanalysis. Study of various cryptosystems from the point of view of cryptanalysis and also from the point of view of crypto developers (internal structure, important properties). Understanding the maths and security design principles in different cryptosystems. Showing a variety of ways to break and fix/repair cryptographic primitives. Discovering with software of key properties which are relevant to their security. Learning how to use standard crypto libraries, computer algebra software and software cryptanalysis tools. Understanding of cryptography in all of historical, scientific, and a practical/industrial perspectives.
    Learning OutcomesUnderstanding security (attacks and defences) of cryptographic systems. Understanding security goals and practical industry requirements. Learning how to evaluate the practical feasibility of attacks in terms of time, memory, pre-computation, data and the protocol / context in which they can be executed. Knowledge and understanding of how current cryptographic security technologies are built with individual components and their interaction, how they are (sometimes) defeated and how they can be designed or enhanced to be more robust. Recognising various security engineering trade-offs. Understanding the role of keyed operations, non-linearity, randomness, one-wayness, diffusion, side-channel vulnerabilities, permutations, security reductions, etc in the design of cryptographic protections.

    Content

    Historical cryptanalysis, differential cryptanalysis, linear cryptanalysis, self-similarity attacks on ciphers, algebraic cryptanalysis, algorithmic cryptanalysis, cryptographic explorations with software, protocol/initialization attacks, factoring, discrete logarithms, lattice attacks, elliptic curves, side channel attacks. 

    Method of Instruction

    Tutor-led class sessions, student projects which combine problem-solving and programming, participation in code-breaking competitions, private study. 

    Concepts will be illustrated by practical computations with software. Students will execute individual projects in which they will learn how to manipulate or/and implement complex cryptographic building blocks in order to achieve concrete cryptanalysis targets in terms of discovery/implementation/study of attacks or/and security evaluation of cryptographic schemes. 

    Assessment

    The course has the following assessment components: One Individual Exploratory Programming Project (50%) and One Participation in a Code Breaking Competition (Jan-May 50%). 

    There is NO written examination. 

    To pass this course, students must: Submit both the programming project and participate in the competition, and obtain an overall combined mark of 50% for both components.

    In code breaking competitions students will be assessed on 1) their engagement, participation, team spirit, intellectual attitude and curiosity 2) mastery of underlying mathematical/algorithmic concepts and operational tools and techniques, and 3) scientific and practical achievements. 

    Resources

    Lecture notes to be provided in class. 

    Reference books: Antoine Joux: Algorithmic Cryptanalysis, CRC Press Menezes, van Oorschot, Vanstone: Handbook of Applied Cryptography, CRC Press. www.cacr.math.uwaterloo.ca/hac 

    COMPGS10 - Language Based Security

    CodeCOMPGS10 (Also taught as: COMPM028)
    YearMSc
    PrerequisitesAn understanding of the basics of programming and software engineering.
    Term2
    Taught ByDavid Clark (50%), Jens Krinke(50%)
    AimsThe aim of this module is to provide students with specialist knowledge and understanding to solve software related problems associated with the security of software systems.
    Learning OutcomesSuccessful completion of this module will provide students with an understanding of the relationship between computer program design and security, how variousl security-related properties of computer programs are formulated and guaranteed, and in-depth knowledge of a variety of contexts in which understanding can be applied.

    Content:

    The course covers in depth major issues in computer security related to computer programming, in particular it provides a detailed treatment of theory and practice for:

    1. vulnerabilities and faults
    2. secure information flow
    3. semantics based malware detection

    Students will be introduced to removal of vulnerabilities of code via fault detection. Topics covered will include Data Flow Analysis, Buffer OVerruns and Fuzz Testing.

    The bulk of the course will be devoted to theory and practice of secure inforamtion flow. First sutdents will learn how to use dependence analysis extracted via a slicing tool to do practical information flow control. Subsequently they will be taught some underlying theory and then examine more advanced topics such as flow sensitive type systems, information erasure, declassification and measuring information flow. This will be supported by tools such as JIF, PARAGON, a bounded model checker and the QIF Analyser.

    The final part of the course will look at issues in semantics based malware detection, particularly at the limitations of such an approach with respect to semantic decidability and encryption/ packing techniques.

    Method of Instruction

    Delivery will be via a combination of lectures, problem solving sessions and traning on laboratory tools. Students will be given weekly exercises to explore and practice new techniques and tools. 

    Assessment:

    The course has the folowing assessment components:

    • Unseen written examination (2.5 hours, 70%)
    • 2 courseworks (15% each)

    To pass the module students must:

    • Obtain an overall pass mark of 50%

    Resources:

    Provided on Moodle

    The thesis is an in-depth research project carried out under the supervision of a member of academic staff. Please see COMPGA99 for details.

    More details about our modules can be found here.

    Our entry requirements

    A minimum of an upper-second class UK Bachelor's degree in computer science, electrical engineering or mathematics, or an overseas qualification of an equivalent standard. Relevant work experience may also be taken into account.

    English Language minimum requirements

    • International English Language Testing System: An overall grade of 7.0 with a minimum of 6.0 in each of the subtests
    • Other English Language Qualifications: Please click here for the full list of accepted English Language qualifications. Please note that our courses require a level of English equivalent to the "UCL Good Level".

    Entry requirements by country

    Please click here for more information. Applicants are required to meet both the entry requirements and the English Language requirements separately. Each applicant will be considered on an individual basis. The grades and qualifications listed are intended to give an approximate level of achievement we believe you will need to succeed on the programme.

    Excellence scholarships

    We are offering 4 MSc Scholarships worth £4,000 to UK/EU offer holders with a record of excellent academic achievement. These will be awarded at the discretion of the department's Postgraduate Tutor. The closing date for applying is 30 June 2015.

    Successful nominees will be notified by the end of July 2015. Nominees have 1 week to respond to this notification. If the nominee has not responded within 1 week, or if they decline the funding, a reserve candidate will be contacted. If you haven't been contacted by the end of August 2015, please assume that your application was unsuccessful. 

    The scholarships may be held alongside other scholarships, studentships, awards or bursaries. However, nominees must declare whether they are in receipt of other sources of funding. Recipients of the scholarship will receive the award in the form of a £4,000 discount from their tuition fees.

    Eligibility

    • This scholarship is open to UK/EU domiciled students, defined as country of ordinary residence.
    • All applicants of this scholarship are required to hold a valid offer for entry onto one of our MSc degree programmes for the September 2015 intake and have accepted their offer.
    • All applications for the scholarship must be received before the end of 30 June 2015.

    Successful candidates will be asked to write a short piece at the end of their degree reflecting on their experiences at UCL and how the scholarship assisted them. To apply click here.

    You can find out more about our fees and funding here.

    More information

    Our Frequently Asked Questions are here.

    UCL's Prospective Student webpages which contain more information on fees and funding, accommodation and international students can be found here.