COMPM030 - Distributed Systems and Security

This database contains the 2017-18 versions of syllabuses. Syllabuses from the 2016-17 session are available here.

Note: Whilst every effort is made to keep the syllabus and assessment records correct, the precise details must be checked with the lecturer(s).

Code COMPM030 (Also taught as COMPGZ03)
Year 4

Distributed Systems and Security is open to 4th-year undergraduates (M030) and graduate students (GZ03).

Students taking M030 should have strong programming skills in C (including dynamic memory allocation and the use of pointers), should have prior exposure to and understanding of operating systems constructs and principles (such as virtual memory and system calls), and should be able to read and understand assembly code.

For undergraduates, prior completion of Networked Systems (3035) or equivalent prior experience is a prerequisite.

For graduate students, concurrent enrollment in Networked Systems (GZ01) or prior equivalent experience is required.

Despite the differing module codes, M030 and GZ03 are identical: they share the same syllabus, lectures, readings, courseworks, exam, and weighting of marks.

Term 1
Taught By Brad Karp (100%)
Aims The first half of the class explores the design and implementation of distributed systems in case-study fashion: students read classic and recent research papers describing ambitious distributed systems. In lecture, students critically discuss the principles that cause these systems to function correctly, the extent to which these systems solve the problem articulated by the authors and the extent to which the problem and solution chosen by the authors are relevant in practice. The second half of the class explores computer system security, again, largely in case-study fashion.
Learning Outcomes Correctness under concurrency is a central challenge in distributed systems and one that can only fully be understood through experience of building such systems (and encountering subtle bugs in them). To give students experience of this sort, the module includes one significant programming coursework in C, in which the students implement a simple distributed system that must provide an ordering guarantee. Further written coursework helps students solidify their understanding of the security material in the class.


  • Course introduction; OS concepts
  • Design: Worse is Better; Concurrent IO; RPC & Transparency
  • Ivy: Distributed Shared Memory
  • Bayou: Weak Connectivity and Update Conflicts; GFS: The Google File System
  • RouteBricks: Cluster-Based IP Router; Introduction to Security; User Authentification
  • Cryptographic Primitives I; Cryptographic Primitives II;
  • Secure Sockets Layer (SSL); Reasoning Formally about Authentification : TAOS
  • Software Vulnerabilities and Exploits; Preventing Exploits
  • Containing Buggy Code: Software-based Fault Isolation; OKWS: Approximating Least Privilege in a Real-World Web Server 

Method of Instruction

Lectures, case-studies


The course has the following assessment components:

  • Written Examination (2.5 hours, 70%)
  • Coursework Section (30%)

To pass this course, students must:

  • Obtain an overall pass mark of 50% for all sections combined
  • Obtain a minimum mark of 40% in each component worth ≥ 30% of the module as a whole.


Reading list available via the UCL Library catalogue.