This unit will present the lessons from recent research and from case studies of practice to bring students the skills to assess and improve the security of deployed systems. A particular focus is on data-driven approaches to collect operational data about a system's security. We explore deployment issues at local and global scale, e. g. for X. 509, DNS, and BGP, and also take human factors explicitly into account. As a result, students will learn to put building blocks of security together in a sound way, to arrive at engineering solutions that are empirically verifiable, functional, and secure against realistic threats. As Dan Geer once famously said: "Any security technology whose effectiveness can't be empirically determined is indistinguishable from blind luck."
Lectures, Tutorials, Project Work - own time
through semester assessment (40%) and final exam (60%)
ELEC5616 OR INFO2315 OR INFO2222. Good programming skills in Go, Python or C; skills to learn a new language if required. A reasonable technical orientation and basic networking knowledge is required. Students should bring the mathematical skills to understand cryptography; the unit will introduce the functional principles as background. Prior exposure to security is helpful, but not a pre-requisite.