14 weeks of teaching consisting of lectures and exercises. Please note that the "Computer networks" lecture is not part of this course. Coursework takes the following forms. • Lectures introducing & discussing concepts. • Exercises (self-study) • Experimental lab work (self-study) • Project work Most weeks will have lectures, exercises and lab work. Lectures will introduce concepts, paving the way for exercises and lab work. You are expected to complete the exercises by yourself. In lab work, you will carry out experiments in order to better understand the motivation and methods for secure implementation and configuration of IT systems and to assess the effectivity and impact of security measures. The experiments will be based on an extensive script and virtual machines that include example applications, questions, and answers. Some weeks—in particular during project and review—you are expected to be work independently; there are no lectures or exercise classes. However, TAs have office hours 3 times a week, where you can come and ask any question you might have, and we expect to use the learnit forums extensively for questions and answers. Finally, you will also complete (in groups) a project: • Based on a set of functional requirements, you will design and implement a prototypical IT system. • You will conduct a security analysis and devise appropriate security measures for this system. • You will then swap systems with another group, and carry out a security review of this other group's system. ------------------------------------ Information about study structure For students admitted from Autumn 2014 and later this course is part of the SDT AC track mandatory modules. For SDT DE track the course is part of the specialisation in Web Systems
Exam questions will contain a sub-section on "Binary exploits and malicious code" not in the corresponding MSc exam. The duration of the written examination is 4 hours.