41182 System Security

Warning: The information on this page is indicative. The subject outline for a particular session, location and mode of offering is the authoritative source of all information about the subject for that offering. Required texts, recommended texts and references in particular are likely to change. Students will be provided with a subject outline once they enrol in the subject.

Subject handbook information prior to 2024 is available in the Archives.

UTS: Information Technology: Computer Science
Credit points: 6 cp

Subject level:

Undergraduate

Result type: Grade and marks

Requisite(s): 31268 Web Systems OR 48410 Introduction to ICT Engineering OR 41082 Introduction to Data Engineering OR 65325 Digital Trace and Identity OR 31257 Information System Development Methodologies OR 41092 Network Fundamentals OR 31266 Introduction to Information Systems OR 48023 Programming Fundamentals OR 41039 Programming 1 OR 48430 Fundamentals of C Programming

Description

This subject covers modern system security concepts, strategies, and techniques. Students develop practical and working tactics to achieve digital security in operation systems, databases and servers in various aspects. Students apply security measures and principles by design, implementation, and configurations crossing the systems. Students can enforce the system security and privacy by exploring the framework of system security and safety principles and guidelines, and utilizing various tools. This subject cover mechanisms and prominent techniques of system hardening. Students perform system hardening approaches in practical sessions, and can test the students’ hardened system with various attacks.

Subject learning objectives (SLOs)

Upon successful completion of this subject students should be able to:

1.	Identify and explain the difference between particular types of security systems. (D.1)
2.	Identify and analyse security vulnerabilities and issues in computer systems. (D.1)
3.	Propose and justify technical solutions and potential remedy actions to increase security. (D.1)
4.	Communicate with peers effectively concerning ethical hacking practice. (E.1)

Course intended learning outcomes (CILOs)

This subject also contributes specifically to the development of the following Course Intended Learning Outcomes (CILOs):

Technically Proficient: FEIT graduates apply abstraction, mathematics and discipline fundamentals, software, tools and techniques to evaluate, implement and operate systems. (D.1)
Collaborative and Communicative: FEIT graduates work as an effective member or leader of diverse teams, communicating effectively and operating within cross-disciplinary and cross-cultural contexts in the workplace. (E.1)

Contribution to the development of graduate attributes

Engineers Australia Stage 1 Competencies

This subject contributes to the development of the following Engineers Australia Stage 1 Competencies:

1.1. Comprehensive, theory based understanding of the underpinning natural and physical sciences and the engineering fundamentals applicable to the engineering discipline.
1.4. Discernment of knowledge development and research directions within the engineering discipline.
2.2. Fluent application of engineering techniques, tools and resources.
3.2. Effective oral and written communication in professional and lay domains.
3.4. Professional use and management of information.

Teaching and learning strategies

This subject uses active learning strategies, which involves a combination of lectures, workshops and practical sessions to support a research-inspired learning strategy. It also includes elements of guided self-study learning.

Students will be required to review online materials, pre-readings and research literatures before taking the on-campus workshops. Within workshops, students present the current research issues following the standard procedure, and conduct practical lab in system security independently. In group activities, students engage in intensive discussion and activities on selected topics or projects. In assessment 2, students are grouped into defensive and offensive teams. The offensive team has to choose on a subset of the top ten vulnerabilities listed on OWASP project website, identify these vulnerabilities in systems nominated by the defensive team and document their findings. Defensive team Students will be tested on their ability to harden the system. Both teams verify experimental outcomes and to propose solutions to remedy the identified vulnerabilities.

Students must attend workshop sessions and tutorials to complete the required assessment tasks. Feedback for assessment tasks will be given to students once the marking is finalised. Students will also receive continued feedback for their workshops and tutorial exercises on weekly basis. This will be administered by the tutor in the tutorial sessions where the deficiencies in the answers to problems are pointed out to students.

Content (topics)

Cyberspace
OS Security
Network Security
Database Security
Identity and Access Management
Implementation Security
The Web Security
System Security
System Hardening
Security Tools
Review

Assessment

Assessment task 1: An essay to conduct independent research on one of the latest system security topics.

Intent:	This assessment is for students to conduct independent research on one of the latest system security topics. Students will be required to follow the standard procedure to investigate research papers in the area of system security. Students must generate a proposal to address system security problems and present a proposal to their peers in a 5-minute presentation.
Objective(s):	This assessment task addresses the following subject learning objectives (SLOs): 1 and 2 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): D.1
Type:	Report
Groupwork:	Individual
Weight:	40%
Length:	1500 words report, 5 minutes oral presentation

Assessment task 2: A project to identify security vulnerabilities and propose technical solutions to rectify them.

Intent:	This assessment task is for students to identify security vulnerabilities by various attacks to hardened system. The students will grouped in defensive team and offensive team. The offensive team has to choose on a subset of the top ten vulnerabilities listed on OWASP project website, identify these vulnerabilities in systems nominated by the defensive team and document their findings. Defensive team Students will be tested on their ability to harden the system. Both teams are required to verify experimental outcomes and to propose solutions to remedy the identified vulnerabilities.
Objective(s):	This assessment task addresses the following subject learning objectives (SLOs): 2, 3 and 4 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): D.1 and E.1
Type:	Project
Groupwork:	Group, individually assessed
Weight:	40%
Length:	2500 words report

Assessment task 3: Online Quiz

Intent:	This online quiz will assess student’s appliance of system security, internal mechanisms and broad Information Technology knowledge related to computer system security. Students must demonstrate an ability to relate, justify, analyse and respond to questions around system security, technical vulnerabilities, technical remedies and cyberspace security and safety under examination conditions.
Objective(s):	This assessment task addresses the following subject learning objectives (SLOs): 1, 2 and 3 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): D.1
Type:	Quiz/test
Groupwork:	Individual
Weight:	20%
Length:	30 minutes.

Minimum requirements

In order to pass the subject, a student must achieve an overall mark of 50% or more.

Required texts

There is no prescribed text for this subject.

Other resources

FEIT student resources: https://www.uts.edu.au/current-students/current-students-information-faculty-engineering-and-it/manage-your-course