Security Systems Theory UG2 Module Introduction Themes 1. Top down design of security systems – security technologies as 'black boxes'. 2. Internal design of security systems – what's inside the box 3. Security administration and technologies

Security systems as black boxes Until you start to explore security practice you probably won't be able to understand much of the theory. So we are going to start by learning to use some cryptographic programs and we'll be doing some systems administration. By using crypto programs, the intention is to prepare you for the mathematics, which will come later.

Coursework deliverable 1 Over the next several weeks lab work will involve using some cryptography programs and some user account administration on Linux. Some of the content previously part of this module is now within the Open Systems module. 10% of the module mark will involve coursework due later this term requiring you to carry out some user account and password management and use some command line crypto.

Deliverable 1: topics covered Symmetric cryptography Asymmetric public key cryptography Linux file ownership and permissions The Linux password and login system

Coursework deliverable 2: Student selected security investigation mini-project Every student will select and undertake an individual security mini-project starting week 12. The topic will be investigated through experimentation and background reading. This is an important piece of work, worth 40% of the module mark. Tutorial as "surgery" teaching support will be provided. Tutors don't have complete knowledge but will help you discover answers when we don't know these directly.

Examination: Security theory The closed book examination will be worth 50% of the module mark. Teaching support will be provided through lectures throughout the module and tutorials before and after the mini-project. Passing this module requires you attend these classes as well as carrying out your own background reading and experiments. Skimming through lecture notes won't be enough to enable you to adopt a critical and questioning approach.

Examination topics Part A – Cryptography mathematics and theory, RSA, Diffie Hellman, PKI, modular exponentiation, prime number theory. Part B – Security legislation, security threats, security technologies and models e.g. Kerberos, Clark Wilson, Mandatory Access Control.

Examination topics slide 2 * Laws influencing network and computing security * Various technical attacks: viruses, trojans, buffer overflows, XSS etc. * Issues affecting specific applications e.g. copyright protection, , nuclear weapons, financial transactions.

Assignment Summary Assignment 1 part 1: 10%. Practical use of crypto and linux user account management and security. Assignment 1 part 2: 40%. Student's individual security investigation and report Assignment 2: 50%. Closed book 2 hour written examination.

Bases for teaching and learning security systems theory slide 1 * Security can never be absolute, but risk can be managed. * Security is a costly overhead so people will resist it - up to a point. * Fear uncertainty and doubt (FUD) drives the security market - also up to a point. * Users who need it often don't really know what they want and will pay for the appearance of security if not the reality of it. Caveat emptor. So we need a more critical approach.

Bases for teaching and learning security systems theory slide 2 * Security is only as strong as the weakest link. Are you installing a bank-vault lock in a cardboard door ? * Security requires accountability and continuous learning - making the person who fails to do it right become the one who pays the cost. * Establishing trust objectively can avoid costs. * Complexity is the enemy of security and simplicity its friend. Today's systems are getting more complex.