nl en

System and Software Security


Admission requirements

Assumed prior knowledge

This course aims at students who want to gain a deep understanding of modern security issues in computer systems. We expect that students already have some background knowledge in security (e.g. have taken the Security course at the Bachelor level) and computer architectures (e.g. have taken the Computer Architecture course).


Computer systems that communicate, process or store personal or company-critical data, need to be protected against attacks that undermine their security. These computer systems are used in diverse applications, ranging from low-energy sensor nodes in the Internet of Things, to high-performance servers in data centers. Therefore, security mechanisms need to adhere to the constraints imposed by the system with respect to energy consumption, performance, cost, etc. This course will concentrate on attacks and mitigations at the software and the hardware (processor) level.

The first part of the course will focus on vulnerabilities and their mitigations at the software level. We will overview the most important code vulnerability types and will study the state-of-the-art techniques for identifying security issues at the software level, e.g., fuzzing, static and dynamic security analysis. We will also review the secure software development lifecycle.

The second part of the course covers attacks and protection mechanisms that specifically focus on the hardware of computer systems. We will study vulnerabilities in the computer architecture and the memory, as well as hardware-based roots of trust and security architectures.

Course objectives

After this course, you will have knowledge about security vulnerabilities in software and computer systems. You will also learn about the latest developments in the system and software security research, and you will be able to evaluate it critically. In addition, you will have hands-on experience with state-of-art security tools and practices, and you will have tackled security issues in real systems by planning and executing your own security project.


The most recent timetable can be found at the Computer Science (MSc) student website.

You will find the timetables for all courses and degree programmes of Leiden University in the tool MyTimetable (login). Any teaching activities that you have sucessfully registered for in MyStudyMap will automatically be displayed in MyTimeTable. Any timetables that you add manually, will be saved and automatically displayed the next time you sign in.

MyTimetable allows you to integrate your timetable with your calendar apps such as Outlook, Google Calendar, Apple Calendar and other calendar apps on your smartphone. Any timetable changes will be automatically synced with your calendar. If you wish, you can also receive an email notification of the change. You can turn notifications on in ‘Settings’ (after login).

For more information, watch the video or go the the 'help-page' in MyTimetable. Please note: Joint Degree students Leiden/Delft have to merge their two different timetables into one. This video explains how to do this.

Mode of instruction

Lectures, peer presentation classes, workshops.

Course load

Total hours of study: 168 hrs. (= 6 EC). Of those (ca.):

  • 14 hrs of lectures

  • 14 hrs of peer presentations and workshops

  • 10 hrs of self-study (reading scientific literature)

  • 30 hrs of research literature analysis

  • 100 hrs of project work

Assessment method

Final grade = 30% paper written analysis&presentation grade + 70% project work&report&presentation grade (no exam)


  • Paper analysis and presentation in a group of 2-3: papers/topics are proposed by the teachers. This assignment is not re-takeable; grade in case of non-completed assignment: 0.

  • Project for ca. 100 hours in a group of 2-3. Projects are defined by students jointly with lecturers, e.g., a replication study or propose a new application of the tool. Students present the project results, and also submit a short report (with a short literature review, motivation, project overview and discussion of results) and project artifacts (code, dataset, etc.) used in the project. There will be one resit opportunity for this assignment. Grade in case of non-completed assignment: 0.

Reading list

There is no textbook. Recommended readings (research papers, etc.) will be announced on Brightspace.


From the academic year 2022-2023 on every student has to register for courses with the new enrollment tool MyStudyMap. There are two registration periods per year: registration for the fall semester opens in July and registration for the spring semester opens in December. Please see this page for more information.

Please note that it is compulsory to both preregister and confirm your participation for every exam and retake. Not being registered for a course means that you are not allowed to participate in the final exam of the course. Confirming your exam participation is possible until ten days before the exam.

Extensive FAQ's on MyStudymap can be found here.


  • Contact the lecturers via email.