The University of Southampton

COMP3217 Secure Systems

Module Overview

The course involves programming in C and in Java, and required a good understanding of modern computer networking. For example, we would expect you already to be able to: - Write a very simple web server in C (perhaps 50 lines of code) - Write a simple GUI network client in Java - Set up a Linux installation with a webserver - Write a simple Python script - Set up a simple relational database - Understand the basics of machine code and assembly language (ARM or iA32).

Aims and Objectives

Module Aims

The aim of this module is to equip students with the necessary skills and experience to understand, and attempt to counter, the principal threats to data and electronic system security. It is compulsory for students wishing to obtain a GCHQ accredited MSc in Cyber Security.

Learning Outcomes

Knowledge and Understanding

Having successfully completed this module, you will be able to demonstrate knowledge and understanding of:

  • The range of cyber physical and software systems which present potential security hazards
Subject Specific Practical Skills

Having successfully completed this module you will be able to:

  • Take straightforward measures to protect systems from security breaches
Subject Specific Intellectual and Research Skills

Having successfully completed this module you will be able to:

  • Understand and recognise instances of the principal attacks on such systems


Background: types of attack and attacker, range of systems Software systems and vulnerabilities - Software Vulnerabilities: Buffer overflow - Reverse engineering of suspicious codes OS vulnerabilities: patch management, rootkits and viruses - Penetration testing Cyber Physical - Side channel attacks: power analysis and resistant designs - Wireless ID: ISO14443, Mifare, E-Passports and related near-field communications systems - Card security, EMV payment systems, GSM and SIM cards - Physical security: chip and pin machines, secure modules - Wired and WiFi network security - Examples of weak cryptosystems: GSM, WEP - Infrastructure attacks: smart grids - Cloud computing security

Special Features

It's hands-on, and it's fun. But it's not an easy ride.

Learning and Teaching

Teaching and learning methods

This is an unusually intensive module. There are thirty-six lectures and a further six four-hour laboratories, making for a total of sixty contact hours. Further reading and code practice outside the lectures and laboratories will be essential.

Preparation for scheduled sessions18
Wider reading or practice22
Follow-up work18
Completion of assessment task46
Total study time150

Resources & Reading list

Gollmann, D. (2011). Computer Security. 

Eilam, E. (2005). Reversing: Secrets of Reverse Engineering. 

Anderson, R. J. (2008). Security Engineering: A Guide to Building Dependable Distributed Systems. 

Ross J Anderson (2008). Security Engineering: A Guide to Building Dependable Distributed Systems. 


Assessment Strategy

There will be six assessed practical laboratories covering card security (near field and contact-based), side channel attacks, e-commerce site penetration, PKI, embedded and workstation operating systems.


MethodPercentage contribution
Laboratory Report 25%
Laboratory Report 25%
Laboratory Report 25%
Laboratory Report 25%


MethodPercentage contribution
Coursework 100%

Repeat Information

Repeat type: Internal

Linked modules

Pre-requisites: ELEC1201 OR COMP1202

Share this module Facebook Google+ Twitter Weibo

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.