Skip to main content
Unit of study_

COMP4617: Empirical Security Analysis and Engineering

2025 unit information

This unit will present the lessons from recent research and from case studies of practice to bring students the skills to assess and improve the security of deployed systems. A particular focus is on data-driven approaches to collect operational data about a systems security. We explore deployment issues at local and global scale, e. g. for X. 509, DNS, and BGP, and also take human factors explicitly into account. As a result, students will learn to put building blocks of security together in a sound way, to arrive at engineering solutions that are empirically verifiable, functional, and secure against realistic threats. As Dan Geer once famously said: Any security technology whose effectiveness cant be empirically determined is indistinguishable from blind luck.

Unit details and rules

Managing faculty or University school:

Engineering

Study level Undergraduate
Academic unit Computer Science
Credit points 6
Prerequisites:
? 
(DATA3888 or COMP3888 or COMP3988 or CSEC3888 or SOFT3888 or ENGG3112 or SCPU3001) and (CSEC3616 or INFO3616 or ELEC5616)
Corequisites:
? 
Enrolment in a thesis unit INFO4001 or INFO4911 or INFO4991 or INFO4992 or AMME4111 or BMET4111 or CHNG4811 or CIVL4022 or ELEC4712 or COMP4103 or SOFT4103 or DATA4103 or ISYS4103
Prohibitions:
? 
COMP5617 or OCMP5617
Assumed knowledge:
? 
A major in a computer science area

At the completion of this unit, you should be able to:

  • LO1. Understand the balance between risk, achieved security, and cost; experience with threat modelling and risk analysis as tools to choose this balance for a given system
  • LO2. Understand common security terminology in security literature
  • LO3. Understand different ways in which security of computer systems can be compromised, e.g. physically, remotely, operationally (esp. social engineering); and relate specific attack scenarios to the major security goals such as authentication, integrity, secrecy, non-repudiation
  • LO4. Understand the major challenges for security of programs, information, computers and networks, and ability to avoid most egregious (typical) flaws in designing and operating IT systems
  • LO5. Demonstrate a high-level knowledge of common approaches to achieve security goals in computer systems, including the main security protocols in the Internet stack
  • LO6. demonstrate knowledge of privacy-preserving technologies
  • LO7. Produce written reports that evaluate a system's security
  • LO8. Research information on security issues from the literature, and analyse a security incident use case

Unit availability

This section lists the session, attendance modes and locations the unit is available in. There is a unit outline for each of the unit availabilities, which gives you information about the unit including assessment details and a schedule of weekly activities.

The outline is published 2 weeks before the first day of teaching. You can look at previous outlines for a guide to the details of a unit.

Session MoA ?  Location Outline ? 
Semester 2 2024
Normal evening Camperdown/Darlington, Sydney
Session MoA ?  Location Outline ? 
Semester 2 2025
Normal evening Camperdown/Darlington, Sydney
Outline unavailable
Session MoA ?  Location Outline ? 
Semester 2 2023
Normal evening Camperdown/Darlington, Sydney
Outline unavailable

Find your current year census dates

Modes of attendance (MoA)

This refers to the Mode of attendance (MoA) for the unit as it appears when you’re selecting your units in Sydney Student. Find more information about modes of attendance on our website.