Prospectus

nl en

System and Software Security

Course
2024-2025

Admission requirements

Assumed prior knowledge

This course aims at students who want to gain a deep understanding of modern security issues in computer systems. We expect that students already have some background knowledge in security (e.g. have taken the Security course at the Bachelor level) and computer architectures (e.g. have taken the Computer Architecture course). We expect that students also have experience and skills in scientific writing, presenting, and collaborative research project management.

Description

Computer systems that communicate, process or store personal or company-critical data, need to be protected against attacks that undermine their security. These computer systems are used in diverse applications, ranging from low-energy sensor nodes in the Internet of Things, to high-performance servers in data centers. Therefore, security mechanisms need to adhere to the constraints imposed by the system with respect to energy consumption, performance, cost, etc. This course will concentrate on attacks and mitigations at the software and the hardware (processor) level, and will examine how these attacks and mitigations are constrained in real-world environments.

The first part of the course will focus on vulnerabilities and their mitigations at the software level. We will overview the most important code vulnerability types and will study the state-of-the-art techniques for identifying security issues at the software level, e.g., fuzzing, static and dynamic security analysis. We will also review the secure software development lifecycle.

The second part of the course covers attacks and protection mechanisms that specifically focus on the hardware of computer systems. We will study vulnerabilities in the computer architecture and the memory, as well as hardware-based roots of trust and security architectures.

Finally, the course will give students space to go more in-depth with their chosen software or system security topics. We will analyze the most recent, state-of-the-art publications on system and software security, and will work on group projects using state-of-the-art research tools.

Course objectives

After this course, you will:

  • Understand security vulnerabilities in software and computer systems.

  • Be familiar with the latest research results in system and software research.

  • Be able to compare and critically evaluate scientific studies on system and software security based on a set of well-formulated and objective metrics.

  • Be able to work with state-of-the-art tools and methods for securing software and systems in the relevant contexts.

  • Be able to design and execute a small-scale research study using state-of-the-art tools and methods related to software and system security.

Timetable

In MyTimetable, you can find all course and programme schedules, allowing you to create your personal timetable. Activities for which you have enrolled via MyStudyMap will automatically appear in your timetable.

Additionally, you can easily link MyTimetable to a calendar app on your phone, and schedule changes will be automatically updated in your calendar. You can also choose to receive email notifications about schedule changes. You can enable notifications in Settings after logging in.

Questions? Watch the video, read the instructions, or contact the ISSC helpdesk.

Note: Joint Degree students from Leiden/Delft need to combine information from both the Leiden and Delft MyTimetables to see a complete schedule. This video explains how to do it.

Mode of instruction

Lectures, peer presentation classes, workshops, self-study and group work.

Course load

Total hours of study: 168 hrs. (= 6 EC). Of those (ca.):

  • 14 hrs of lectures

  • 14 hrs of peer presentations and workshops

  • 10 hrs of self-study (reading scientific literature)

  • 30 hrs of research literature analysis

  • 100 hrs of project work

Assessment method

Final grade = 30% Assignment 1 + 70% Assignment 2. There is no exam.

Details:

  • Assignment 1: paper analysis and presentation in a group of 2-4: papers/topics are proposed by the teachers. This assignment is not re-takeable; grade in case of non-completed assignment: 0.

  • Assignment 2: project for ca. 100 hours in a group of 2-4. Projects are defined by students jointly with lecturers, e.g., a replication study or propose a new application of the tool. Students present the project results, and also submit a short report (with a short literature review, motivation, project overview and discussion of results) and project artifacts (code, dataset, etc.) used in the project. There will be one resit opportunity for this assignment. Grade in case of non-completed assignment: 0.

  • For both assignments, all group members should actively participate in all project work components, including participating in presentations and writing reports.

  • We expect academic integrity from all students and all deliverables in the course, including, but not limited to, submitting own work only (and not produced by Generative AI techniques or copied from other people’s work), acknowledging sources of all quotes and figures, etc.

Reading list

There is no textbook. Recommended readings (research papers, etc.) will be announced on Brightspace.

Registration

As a student, you are responsible for enrolling on time through MyStudyMap.

In this short video, you can see step-by-step how to enrol for courses in MyStudyMap.
Extensive information about the operation of MyStudyMap can be found here.

There are two enrolment periods per year:

  • Enrolment for the fall opens in July

  • Enrolment for the spring opens in December

See this page for more information about deadlines and enrolling for courses and exams.

Note:

  • It is mandatory to enrol for all activities of a course that you are going to follow.

  • Your enrolment is only complete when you submit your course planning in the ‘Ready for enrolment’ tab by clicking ‘Send’.

  • Not being enrolled for an exam/resit means that you are not allowed to participate in the exam/resit.

Contact

  • Contact the lecturers via email.

Remarks

Software
Starting from the 2024/2025 academic year, the Faculty of Science will use the software distribution platform Academic Software. Through this platform, you can access the software needed for specific courses in your studies. For some software, your laptop must meet certain system requirements, which will be specified with the software. It is important to install the software before the start of the course. More information about the laptop requirements can be found on the student website.