This course covers secure software engineering methods and techniques. It explores all aspects of the software engineering lifecycle that are directly applicable to designing systems where security and/or privacy is critical. 

2 hours of lecture time and 1 hour of tutorial or practical work, per week

None

None

80% for the end of year exam, 20% for assessed coursework

Reassessments are normally available for all courses, except those which contribute to the Honours classification. For non-Honours courses, students are offered reassessment in all or any of the components of assessment if the satisfactory (threshold) grade for the overall course is not achieved at the first attempt. This is normally grade D3 for undergraduate students and grade C3 for postgraduate students. Exceptionally it may not be possible to offer reassessment of some coursework items, in which case the mark achieved at the first attempt will be counted towards the final course grade. Any such exceptions for this course are described below. 

Coursework takes a significant number of days to produce. It is infeasible to replicate supporting the re-doing of such coursework over the summer.

Broadly, this course aims to offer practical knowledge on engineering secure systems across the software engineering life-cycle. These include requirements, design, implementation, testing and maintenance. Topics covered include secure design principles and patterns, eliciting security requirements and uncovering security flaws in software design. This is in addition to fundamental privacy engineering concepts such as Privacy-by-Design and other the conceptual framework for understanding privacy in software. This course also devotes a significant time to discussing well known secure design solutions including architectural patterns and design patterns focusing on security/privacy countermeasures. We discuss information-flow analysis and evaluation as mechanisms to assess the effectiveness of the secure design solutions implemented in source code.

The course will help prepare students to apply software security and privacy techniques in industry, as well as to pursue research in software engineering, security and privacy.

By the end of this course students will be able to:

1. Describe the life cycle for developing secure software systems.

2. Apply lightweight refactoring methods to balance trade-offs between competing security, privacy and functionality quality measures in software.

3. Verify the effectiveness of a secure software design solution.

4. Explore general approaches to privacy engineering and Privacy-by-Design paradigm in software.

5. Build a simple privacy justificatory framework for justifying the extent a given software aligns with data protection regulations (e.g GDPR, HIPPA, etc.).

6. Apply secure software design principles to a range of application domains and case studies such as social networks, internet of things, mobile computing, ecommerce, service oriented architectures, multi-agent and autonomous systems.

Students must submit at least 75% by weight of the components (including examinations) of the course's summative assessment.