Skip to main content
KBS_Icon_questionmark link-ico
Study Abroad at King’s
Study

Go to…

Security Engineering

Key information

  • Module code:

    7CCSMSEN

  • Level:

    7

  • Semester:

      Autumn

  • Credit value:

    15

Module description

Aims and Learning Outcomes

This module focuses on how to design and develop secure systems. It also provides a detailed understanding of implementation errors and exploits, including mitigations techniques often built on static and dynamic analysis.

On successful completion of this module, students will:

  • Identify and address security concerns in the design and implementation of secure systems
  • Understand implementation errors and exploits as well as mitigations often built on top of static and dynamic analysis
  • Demonstrate an understanding of security principles and secure programming
  • Perform privilege management and access control

Syllabus

Unless specifically stated, all the material covered in this module is examinable. In particular, the syllabus of this module includes (but is not limited to):

1. ComMand injection, UNIX shell environment, and related attacks

2. Memory corruption vulnerabilities:

  • Memory errors
  • x86 IA-32 Assembly 101
  • Stack and Stackframes
  • Stackframes and functions
  • Stack-based buffer overflows
  • Shellcode
  • Local exploits (the buffer address) and other code pointers

3. Memory corruption vulnerability mitigations and countermeasures:

  • Mitigations and countermeasures to defend against memory error exploitations
  • Modern mitigations and advanced attacks

 4. Write4 primitives:

  • Format string vulnerabilities
  • Exploiting format string vulnerabilities Department of Informatics Secure software development:
  • Threat modelling
  • Security requirements
  • Design flaws
  • Design category: favor simplicity
  • Design category: trust with reluctance
  • Design category: defense in depth and monitoring/traceability
  • Top design flaws
  • Case study: VSFTPD

5. Static analysis:

  • Static flow analysis
  • Flow analysis: adding sensitivity

6. Symbolic execution:

  • Introduction to symbolic execution
  • Basics of symbolic execution
  • Symbolic execution, search strategy, and SMT solvers.

7. Identification, authentication, and authorization

Assessment details

Please note: the below assessment details for the 2025/26 academic year may be updated. The confirmed details will be available on the Student Handbook and on the module KEATS page at the beginning of the semester.

  • 70% Examination
  • 30% Coursework

Department

Module description disclaimer

King’s College London reviews the modules offered on a regular basis to provide up-to-date, innovative and relevant programmes of study. Therefore, modules offered may change. We suggest you keep an eye on the course finder on our website for updates.

Please note that modules with a practical component will be capped due to educational requirements, which may mean that we cannot guarantee a place to all students who elect to study this module.

Please note that the module descriptions above are related to the current academic year and are subject to change.