Short Description

Cybersecurity is often in the news these days. Either theft of personal data, or organisations closed by ransomware, or both. But how do these attacks arise, and what can people, specifically computer people, do about them? We will see that many attacks could have been prevented by very simple measures, sometimes in programming, but also in systems, such as multi-factor authentication. 

You’ll learn to:

• Describe common security models
• Discuss what it means for a given system to be 'secure'
• Identify security weaknesses in proposed systems
• Understand the principles and application of cryptography
   

Topics covered in this unit may include (but are not limited to) the following:  

1. Philosophical, legal, ethical issues. What is a person? Passwords, user ids and biometrics.

2. What are authorisation and delegation? What are data? Security against theft, destruction, interception, tampering. Some thoughts on physical security. Data Protection Act, Freedom of Information Act, Regulatory and Investigatory Powers Act. Military/government requirements for security. 

3. Security within a computer. Hardware support for security: States and memory protection. Memory mapping, virtual memory, and security. The Unix Security model: chown, chgrp, setuid, and chroot. Strengths and weaknesses of the Unix security model: Common attacks.

4. Security within networks. 'Man in the middle' attacks. What does the 's' in https signify?

5. Case studies: For example, internet worm. Power attacks and other covert channels. A chain can be weaker than its weakest link: the Crouch-Davenport attack.