微信客服:xiaoxionga100
微信客服:ITCS521
report代写-CMT310
时间:2021-08-10
Cardiff School of Computer Science and Informatics
Coursework Assessment Pro-forma
Module Code: CMT310
Module Title: Developing Secure Systems and Applications
Lecturer: Dr Neetesh Saxena
Assessment Title: Technical Report
Assessment Number: 1
Date Set: 19 July 2021
Submission Date and Time: 9 August 2021 at 09:30am
Return Date: 30 August 2021
This assignment has two parts and is worth 100% of the total marks available for this
module. If coursework is submitted late (and where there are no extenuating
circumstances):
1 If the assessment is submitted no later than 24 hours after the deadline,
the mark for the assessment will be capped at the minimum pass mark;
2 If the assessment is submitted more than 24 hours after the deadline, a
mark of 0 will be given for the assessment.
Your submission must include the official Coursework Submission Cover sheet, which can be
found here: http://docs.cs.cf.ac.uk/downloads/coursework/Coversheet.pdf
Submission Instructions
Each submission must have the following submitted files:
Description Type Name
Cover sheet Compulsory One PDF (.pdf) file [student number].pdf
Report Compulsory Only One PDF (.pdf) CMT310-[student number].pdf/doc/docx
All submissions must be made via Central Learning. The assessment should be submitted via
Turnitin. You are expected to merge both PDF documents (listed above) into one file and
only ONE single file should be uploaded to Turnitin. Failure to do so will incur in a penalty.
Incomplete submission (missing the report): the final mark will be 0/100.
Not following the structure of the report (mentioned on page 2): the mark awarded will
reduce by 10%.
Staff reserves the right to invite students to a meeting to discuss coursework submissions
Learning Outcomes Assessed
This individual assignment contributes to the assessment of the following Learning
Outcomes (LO) 1, 2, 3, 4, 5 and 6 of the unit:
1. Comprehend the common technical security controls available to prevent, detect and
recover from security incidents and to mitigate risk.
2. Articulate security architectures relating to business needs and commercial product
development that can be realised using available tools, products, standards and protocols.
3. Deliver systems assured to have met their security profile using accepted methods and
development processes.
4. Critically analyse the formal correctness of software systems
5. Justify the selection of different cryptosystems and of different models of PKI
6. Critically analyse industry control systems and protocols
Assignment
PART-I: (50% Weightage)
INSTRUCTIONS
You are free to choose ANY ONE of the following topics to explore the current state of cyber
security:
? Industrial software: issues and security
? Industrial cloud storage: issues and security
? Industrial IoT devices: issues and security
? E-mail in industrial context: issues and security
** Please note: you cannot choose the same topic as you have worked on for
your previous coursework assignment. Make sure this time your topic is
different from your previous attempt. **
STRUCTURE OF THE REPORT
Part-I of this individual assessment consists of three tasks as mentioned below, requires
coursework submission as a single report of 2,000 words (maximum, including all except
references). There should not be any appendix attached or included in this report. The font
size should not be smaller than 10 on all pages. Your submission should not be more than 5
pages in total, except for references and the cover page. You’re expected to back your
answers with citations.
(1) Technical security issues (indicative length, 800 words): Describe any FOUR most critical
security issues that are available in modern systems. You are expected to mention the name
of the threat and/or vulnerability. Also, explain any FOUR standard ways of compromising
(attacking) such systems.
(2) Associated and unique provisioned challenges (indicative length, 400 words): Identify
any FOUR associated and unique challenges with such systems. You are expected to
mention how to deal with such challenges to develop a secure, efficient and scalable
system.
(3) State-of-art and proposed technologies to be used (indicative length, 800 words):
Describe any EIGHT technological solutions (TWO solutions for each issue) available to use
against security issues found in (1). Recommend and critically justify a suitable technology to
use (select the best one from TWO solutions for each issue). Your criticism and arguments
should be supported by the literature. You should contribute with your own opinion and
form an architecture (by drawing a diagram), including applying the chosen techniques for
an efficient, secure and scalable system. This diagram will be considered equivalent to 100
words. Hence, the text in this subsection should not be more than 700 words.
References
References are not counted in the word limit. Use the IEEE format references: http://ieee-
dataport.org/sites/default/files/analysis/27/IEEE%20Citation%20Guidelines.pdf. This point
will be further discussed in the first lecture of the module.
HELPING NOTES
? Vulnerability: A weakness in any aspect of a system that makes an exploit possible.
? Threat: A potential cause of an unwanted incident that may result in harm to a system.
? Attack: An attempt to destroy, expose, alter, disable, steal or gain unauthorized access
to or make unauthorized use of an asset.
? Risk: An intersection of assets, threats and vulnerabilities.
? Examples: http://www.ques10.com/p/8993/explain-with-examples-vulnerability-
threat-and-att/
? System or system model: Aa system that attackers target for attacks.
? Architecture: This is the abstract design (logical view) of an application or the system. It
does not have any implementation, just has an idea of where to put each component.
? A sample example will be provided in one of the lectures for a better understanding of
what is expected to cover and how to complete the given tasks.
Criteria for assessment
PART-I: Credit will be awarded against the following criteria.
Criteria Comments Available
Marks (50)
Technical
security
issues
Describe any FOUR most critical security issues that are
available in modern systems. Also, explain any FOUR standard
ways of compromising (attacking) such systems.
[Pass – narrate FOUR security issues with potential risks;
explain FOUR attacking techniques briefly (marks 10-11);
Merit – clearly narrate FOUR security issues with potential
risks; list and define security vulnerabilities and threats in each
scenario; explain FOUR attacking techniques briefly (marks 12-
13);
Distinction – clearly narrate FOUR security issues with
potential risks and their impact; list and define security
vulnerabilities and threats in each scenario; explain reasons for
such vulnerabilities and name potential threats with some
specific technical details, such as CVE; explain FOUR attacking
techniques briefly (marks 14-20)]
20
Associated
and unique
provisione
Identify any FOUR associated and unique challenges with such
systems. You are expected to mention how to deal with such
challenges to develop a secure, efficient, and scalable system.
10
d
challenges
[Pass – list and explain FOUR unique challenges (marks 5);
Merit – list and explain FOUR unique challenges; narrate at
least one idea for each challenge on how to resolve it (marks
6-7);
Distinction – list and explain FOUR unique challenges; narrate
at least one idea for each challenge on how to resolve it; justify
your idea with a citation where it worked in the past (marks 8-
10)]
State-of-art
and
proposed
technologi
es to be
used
Describe any EIGHT technological solutions (TWO solutions for
each issue) available to use against security issues found in (1).
Recommend and justify a suitable technology to use (select
the best one from TWO solutions for each issue). Your criticism
and arguments should be supported by the literature. You
should contribute with your own opinion and form an
architecture (by drawing a diagram), including applying the
chosen techniques for an efficient, secure and scalable system.
[Pass – list and explain TWO solutions for each security issue;
select the best one from TWO solutions for each issue and
justify the reason why it is more suitable compared to another
one; draw an architecture with the chosen FOUR solutions,
each for an identified security issue (marks 10-11);
Merit – list and explain TWO solutions for each security issue;
clearly mention which cryptosystem you will be using; select
the best one from TWO solutions for each issue and justify the
reason why it is more suitable compared to another one; draw
an architecture with the chosen FOUR solutions, each for an
identified security issue; show what pieces of information will
be exchanged between the entities of the system (marks 12-
13);
Distinction – list and explain TWO solutions for each security
issue along with the security properties (name) they maintain;
clearly mention which cryptosystem you will be using; select
the best one from TWO solutions for each issue and justify the
reason why it is more suitable compared to another one;
narrate what an attacker can try and how this solution defeats
the attacker’s attempts; draw an architecture with the chosen
FOUR solutions, each for an identified security issue; show
what pieces of information will be exchanged between the
entities of the system; (marks 14-20)]
20
PART-II: (50% Weightage)
INSTRUCTIONS
You are expected to cover all THREE below topics:
? Encryption algorithms
? Hashing algorithms
? Digital signature algorithms
STRUCTURE OF THE REPORT
Part-II of this individual assessment consists of three tasks as mentioned below, requires
coursework submission as a single report of 2,000 words (maximum, including all except
references). There should not be any appendix attached or included in this report. The font
size should not be smaller than 10 on all pages. Your submission should not be more than 5
pages in total, except for references and the cover page.
(1) Security properties and choosing the best algorithms (indicative length, 1,200 words):
Briefly describe the “security properties” that can be achieved by these algorithms listed as
topics. List any FOUR algorithms for each of these topics that are implemented in real-world
scenarios of the topic you have chosen in part-I. In your opinion, you are expected to
mention the best algorithm for each of these topics. You also need to critically justify the
reasons as to why such algorithms (one for each topic) are considered the best compared to
other algorithms. Your arguments must be backed by research articles in that area.
(2) Future aspects of the identified algorithms (indicative length, 300 words):
Critically analyse and state your thoughts on the future aspects of the algorithms identified
in (1). You are expected to reflect on as to whether the identified algorithms may develop
any security issues in the coming future, and if, what could be the issues, or if they will still
be suitable for use.
(3) Industrial data communication protocols (indicative length, 500 words):
Identify and critically analyse any FOUR protocols used for data communications associated
with your topic in part-I. Compare and contrast these protocols to identify which protocol is
most suitable and which one is least preferable to use in practice.
References
References are not counted in the word limit. Use the IEEE format references: http://ieee-
dataport.org/sites/default/files/analysis/27/IEEE%20Citation%20Guidelines.pdf. This point
will be further discussed in the first lecture of the module.
HELPING NOTES
? A sample example will be provided in one of the lectures for a better understanding of
what is expected to cover and how to complete the given tasks.
Criteria for assessment
PART-II: Credit will be awarded against the following criteria.
Criteria Comments Available
Marks (50)
Security
properties
and
choosing
the best
algorithms
Briefly describe the “security properties” that can be achieved
by these algorithms listed as topics. List any FOUR algorithms
for each of these topics that are implemented in real-world
scenarios of the topic you have chosen in part-I. In your
opinion, you are expected to mention the best algorithm for
each of these topics. You also need to critically justify the
reasons as to why such algorithms (one for each topic) are
considered the best compared to other algorithms.
[Pass – describe security properties for all three types of
25
algorithms; list FOUR algorithms for each type; briefly
mentioning why these algorithms are better than others
(marks 12-14);
Merit – describe security properties for all three types of
algorithms; list FOUR algorithms for each type; briefly
mentioning why these algorithms are better than others by
citing a few performance and other key metrics (marks 15-17);
Distinction – describe security properties for all three types of
algorithms; list FOUR algorithms for each type; briefly
mentioning why these algorithms are better than others by
citing a good number of research articles reflecting
performance and other key metrics and clearly arguing the
reasons from the information provided (marks 18-25)]
Future
aspects of
the
identified
algorithms
Critically analyse and state your thoughts on the future aspects
of the algorithms identified in (1). You are expected to reflect
on as to whether the identified algorithms may develop any
security issues in the coming future, and if, what could be the
issues, or if they will still be suitable for use.
[Pass – stating the issues and their associated reasons (marks
5);
Merit – stating the issues and their associated reasons and
with clear justification (marks 6-7);
Distinction – identify future requirements and challenges and
state the issues and their associated reasons; provide clear
justification with some quantitative information (marks 8-10)]
10
Industrial
data
communica
tion
protocols
Identify and critically analyse any FOUR protocols used for data
communications associated with your topic in part-I. Compare
and contrast these protocols to identify which protocol is most
suitable and which one is least preferable to use in practice.
[Pass – list and explain FOUR protocols for data
communications; identify protocols with most and least
preference to use in practice (marks 7-8);
Merit – list and analyse FOUR protocols for data
communications; identify pros and cons in terms of security
features and associated cyber risks, identify protocols with
most and least preference to use in practice (marks 9-10);
Distinction – list and analyse FOUR protocols for data
communications; identify pros and cons in terms of security
features and associated cyber risks, identify protocols with
most and least preference to use in practice and justify their
reason with arguments (marks 11-15)]
15
A student is considered “Fail” if the total mark obtained in this assessment is less than 50.
Assessment marks award: Distinction (70-100%); Merit (60-69%); Pass (50-59%); Fail (0-49)
Feedback and suggestion for future learning
Feedback on your coursework (part-I and II) will address the above-mentioned criteria.
Feedback and marks for both parts will be returned digitally via Learning Central. Feedback
from this assignment will be useful for attempting any security-related master project.
*** End of document ***
Coursework Assessment Pro-forma
Module Code: CMT310
Module Title: Developing Secure Systems and Applications
Lecturer: Dr Neetesh Saxena
Assessment Title: Technical Report
Assessment Number: 1
Date Set: 19 July 2021
Submission Date and Time: 9 August 2021 at 09:30am
Return Date: 30 August 2021
This assignment has two parts and is worth 100% of the total marks available for this
module. If coursework is submitted late (and where there are no extenuating
circumstances):
1 If the assessment is submitted no later than 24 hours after the deadline,
the mark for the assessment will be capped at the minimum pass mark;
2 If the assessment is submitted more than 24 hours after the deadline, a
mark of 0 will be given for the assessment.
Your submission must include the official Coursework Submission Cover sheet, which can be
found here: http://docs.cs.cf.ac.uk/downloads/coursework/Coversheet.pdf
Submission Instructions
Each submission must have the following submitted files:
Description Type Name
Cover sheet Compulsory One PDF (.pdf) file [student number].pdf
Report Compulsory Only One PDF (.pdf) CMT310-[student number].pdf/doc/docx
All submissions must be made via Central Learning. The assessment should be submitted via
Turnitin. You are expected to merge both PDF documents (listed above) into one file and
only ONE single file should be uploaded to Turnitin. Failure to do so will incur in a penalty.
Incomplete submission (missing the report): the final mark will be 0/100.
Not following the structure of the report (mentioned on page 2): the mark awarded will
reduce by 10%.
Staff reserves the right to invite students to a meeting to discuss coursework submissions
Learning Outcomes Assessed
This individual assignment contributes to the assessment of the following Learning
Outcomes (LO) 1, 2, 3, 4, 5 and 6 of the unit:
1. Comprehend the common technical security controls available to prevent, detect and
recover from security incidents and to mitigate risk.
2. Articulate security architectures relating to business needs and commercial product
development that can be realised using available tools, products, standards and protocols.
3. Deliver systems assured to have met their security profile using accepted methods and
development processes.
4. Critically analyse the formal correctness of software systems
5. Justify the selection of different cryptosystems and of different models of PKI
6. Critically analyse industry control systems and protocols
Assignment
PART-I: (50% Weightage)
INSTRUCTIONS
You are free to choose ANY ONE of the following topics to explore the current state of cyber
security:
? Industrial software: issues and security
? Industrial cloud storage: issues and security
? Industrial IoT devices: issues and security
? E-mail in industrial context: issues and security
** Please note: you cannot choose the same topic as you have worked on for
your previous coursework assignment. Make sure this time your topic is
different from your previous attempt. **
STRUCTURE OF THE REPORT
Part-I of this individual assessment consists of three tasks as mentioned below, requires
coursework submission as a single report of 2,000 words (maximum, including all except
references). There should not be any appendix attached or included in this report. The font
size should not be smaller than 10 on all pages. Your submission should not be more than 5
pages in total, except for references and the cover page. You’re expected to back your
answers with citations.
(1) Technical security issues (indicative length, 800 words): Describe any FOUR most critical
security issues that are available in modern systems. You are expected to mention the name
of the threat and/or vulnerability. Also, explain any FOUR standard ways of compromising
(attacking) such systems.
(2) Associated and unique provisioned challenges (indicative length, 400 words): Identify
any FOUR associated and unique challenges with such systems. You are expected to
mention how to deal with such challenges to develop a secure, efficient and scalable
system.
(3) State-of-art and proposed technologies to be used (indicative length, 800 words):
Describe any EIGHT technological solutions (TWO solutions for each issue) available to use
against security issues found in (1). Recommend and critically justify a suitable technology to
use (select the best one from TWO solutions for each issue). Your criticism and arguments
should be supported by the literature. You should contribute with your own opinion and
form an architecture (by drawing a diagram), including applying the chosen techniques for
an efficient, secure and scalable system. This diagram will be considered equivalent to 100
words. Hence, the text in this subsection should not be more than 700 words.
References
References are not counted in the word limit. Use the IEEE format references: http://ieee-
dataport.org/sites/default/files/analysis/27/IEEE%20Citation%20Guidelines.pdf. This point
will be further discussed in the first lecture of the module.
HELPING NOTES
? Vulnerability: A weakness in any aspect of a system that makes an exploit possible.
? Threat: A potential cause of an unwanted incident that may result in harm to a system.
? Attack: An attempt to destroy, expose, alter, disable, steal or gain unauthorized access
to or make unauthorized use of an asset.
? Risk: An intersection of assets, threats and vulnerabilities.
? Examples: http://www.ques10.com/p/8993/explain-with-examples-vulnerability-
threat-and-att/
? System or system model: Aa system that attackers target for attacks.
? Architecture: This is the abstract design (logical view) of an application or the system. It
does not have any implementation, just has an idea of where to put each component.
? A sample example will be provided in one of the lectures for a better understanding of
what is expected to cover and how to complete the given tasks.
Criteria for assessment
PART-I: Credit will be awarded against the following criteria.
Criteria Comments Available
Marks (50)
Technical
security
issues
Describe any FOUR most critical security issues that are
available in modern systems. Also, explain any FOUR standard
ways of compromising (attacking) such systems.
[Pass – narrate FOUR security issues with potential risks;
explain FOUR attacking techniques briefly (marks 10-11);
Merit – clearly narrate FOUR security issues with potential
risks; list and define security vulnerabilities and threats in each
scenario; explain FOUR attacking techniques briefly (marks 12-
13);
Distinction – clearly narrate FOUR security issues with
potential risks and their impact; list and define security
vulnerabilities and threats in each scenario; explain reasons for
such vulnerabilities and name potential threats with some
specific technical details, such as CVE; explain FOUR attacking
techniques briefly (marks 14-20)]
20
Associated
and unique
provisione
Identify any FOUR associated and unique challenges with such
systems. You are expected to mention how to deal with such
challenges to develop a secure, efficient, and scalable system.
10
d
challenges
[Pass – list and explain FOUR unique challenges (marks 5);
Merit – list and explain FOUR unique challenges; narrate at
least one idea for each challenge on how to resolve it (marks
6-7);
Distinction – list and explain FOUR unique challenges; narrate
at least one idea for each challenge on how to resolve it; justify
your idea with a citation where it worked in the past (marks 8-
10)]
State-of-art
and
proposed
technologi
es to be
used
Describe any EIGHT technological solutions (TWO solutions for
each issue) available to use against security issues found in (1).
Recommend and justify a suitable technology to use (select
the best one from TWO solutions for each issue). Your criticism
and arguments should be supported by the literature. You
should contribute with your own opinion and form an
architecture (by drawing a diagram), including applying the
chosen techniques for an efficient, secure and scalable system.
[Pass – list and explain TWO solutions for each security issue;
select the best one from TWO solutions for each issue and
justify the reason why it is more suitable compared to another
one; draw an architecture with the chosen FOUR solutions,
each for an identified security issue (marks 10-11);
Merit – list and explain TWO solutions for each security issue;
clearly mention which cryptosystem you will be using; select
the best one from TWO solutions for each issue and justify the
reason why it is more suitable compared to another one; draw
an architecture with the chosen FOUR solutions, each for an
identified security issue; show what pieces of information will
be exchanged between the entities of the system (marks 12-
13);
Distinction – list and explain TWO solutions for each security
issue along with the security properties (name) they maintain;
clearly mention which cryptosystem you will be using; select
the best one from TWO solutions for each issue and justify the
reason why it is more suitable compared to another one;
narrate what an attacker can try and how this solution defeats
the attacker’s attempts; draw an architecture with the chosen
FOUR solutions, each for an identified security issue; show
what pieces of information will be exchanged between the
entities of the system; (marks 14-20)]
20
PART-II: (50% Weightage)
INSTRUCTIONS
You are expected to cover all THREE below topics:
? Encryption algorithms
? Hashing algorithms
? Digital signature algorithms
STRUCTURE OF THE REPORT
Part-II of this individual assessment consists of three tasks as mentioned below, requires
coursework submission as a single report of 2,000 words (maximum, including all except
references). There should not be any appendix attached or included in this report. The font
size should not be smaller than 10 on all pages. Your submission should not be more than 5
pages in total, except for references and the cover page.
(1) Security properties and choosing the best algorithms (indicative length, 1,200 words):
Briefly describe the “security properties” that can be achieved by these algorithms listed as
topics. List any FOUR algorithms for each of these topics that are implemented in real-world
scenarios of the topic you have chosen in part-I. In your opinion, you are expected to
mention the best algorithm for each of these topics. You also need to critically justify the
reasons as to why such algorithms (one for each topic) are considered the best compared to
other algorithms. Your arguments must be backed by research articles in that area.
(2) Future aspects of the identified algorithms (indicative length, 300 words):
Critically analyse and state your thoughts on the future aspects of the algorithms identified
in (1). You are expected to reflect on as to whether the identified algorithms may develop
any security issues in the coming future, and if, what could be the issues, or if they will still
be suitable for use.
(3) Industrial data communication protocols (indicative length, 500 words):
Identify and critically analyse any FOUR protocols used for data communications associated
with your topic in part-I. Compare and contrast these protocols to identify which protocol is
most suitable and which one is least preferable to use in practice.
References
References are not counted in the word limit. Use the IEEE format references: http://ieee-
dataport.org/sites/default/files/analysis/27/IEEE%20Citation%20Guidelines.pdf. This point
will be further discussed in the first lecture of the module.
HELPING NOTES
? A sample example will be provided in one of the lectures for a better understanding of
what is expected to cover and how to complete the given tasks.
Criteria for assessment
PART-II: Credit will be awarded against the following criteria.
Criteria Comments Available
Marks (50)
Security
properties
and
choosing
the best
algorithms
Briefly describe the “security properties” that can be achieved
by these algorithms listed as topics. List any FOUR algorithms
for each of these topics that are implemented in real-world
scenarios of the topic you have chosen in part-I. In your
opinion, you are expected to mention the best algorithm for
each of these topics. You also need to critically justify the
reasons as to why such algorithms (one for each topic) are
considered the best compared to other algorithms.
[Pass – describe security properties for all three types of
25
algorithms; list FOUR algorithms for each type; briefly
mentioning why these algorithms are better than others
(marks 12-14);
Merit – describe security properties for all three types of
algorithms; list FOUR algorithms for each type; briefly
mentioning why these algorithms are better than others by
citing a few performance and other key metrics (marks 15-17);
Distinction – describe security properties for all three types of
algorithms; list FOUR algorithms for each type; briefly
mentioning why these algorithms are better than others by
citing a good number of research articles reflecting
performance and other key metrics and clearly arguing the
reasons from the information provided (marks 18-25)]
Future
aspects of
the
identified
algorithms
Critically analyse and state your thoughts on the future aspects
of the algorithms identified in (1). You are expected to reflect
on as to whether the identified algorithms may develop any
security issues in the coming future, and if, what could be the
issues, or if they will still be suitable for use.
[Pass – stating the issues and their associated reasons (marks
5);
Merit – stating the issues and their associated reasons and
with clear justification (marks 6-7);
Distinction – identify future requirements and challenges and
state the issues and their associated reasons; provide clear
justification with some quantitative information (marks 8-10)]
10
Industrial
data
communica
tion
protocols
Identify and critically analyse any FOUR protocols used for data
communications associated with your topic in part-I. Compare
and contrast these protocols to identify which protocol is most
suitable and which one is least preferable to use in practice.
[Pass – list and explain FOUR protocols for data
communications; identify protocols with most and least
preference to use in practice (marks 7-8);
Merit – list and analyse FOUR protocols for data
communications; identify pros and cons in terms of security
features and associated cyber risks, identify protocols with
most and least preference to use in practice (marks 9-10);
Distinction – list and analyse FOUR protocols for data
communications; identify pros and cons in terms of security
features and associated cyber risks, identify protocols with
most and least preference to use in practice and justify their
reason with arguments (marks 11-15)]
15
A student is considered “Fail” if the total mark obtained in this assessment is less than 50.
Assessment marks award: Distinction (70-100%); Merit (60-69%); Pass (50-59%); Fail (0-49)
Feedback and suggestion for future learning
Feedback on your coursework (part-I and II) will address the above-mentioned criteria.
Feedback and marks for both parts will be returned digitally via Learning Central. Feedback
from this assignment will be useful for attempting any security-related master project.
*** End of document ***
