Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

CSC-8214 System Security Main Coursework

2025-26

General Guidance

This coursework is for 100 marks and it is worth 60% of the coursemark. This means that if you score 100 in this coursework, you gain 60% towards your total mark for this course.

You should include references in the Harvard style or IEEE Referencing Style and evidence of research material to reinforce your answers.   Base your report on the knowledge you have gained through exercising your research skills, and give as much detail as necessary to com-plete the tasks properly, while keeping the response within the word limits specified.  Ensure that any work produced is entirely your own and any sources should be properly cited.

The minimum indicative word count is 1500 words for your entire response excluding code, questions, figures, and references.  The maximum indicative word count is 3000 words.  It is usually harder to write in a concise manner. Shorter answers to the point may attract a better mark than a long rambling one. Code should be commented in detail, and submitted inline within the PDF document.

Your submission will be run through our plagiarism detection mechanisms. Please ensure you are familiar with the University)s plagiarism rules https://www.ncl.ac.uk/academic-skills-kit/good-academic-practice/plagiarism. No AI tools may be used in the generation of your submission. You are allowed the use of appropriate Python ML libraries.  You do not have to implement any cryptographic or machine learning primitives.

ASSESSMENT OVERVIEW

This assessment covers the following topics within systems security: Distributed Systems, Op- erating Systems, Malware, Threat modeling, and Cyberphysical Systems.

The learning outcomes verified are technical expertise within:

1.  System vulnerabilities, and common attacks on security systems.

2.  Importance of interface usability in robust secure systems.

3.  Security engineering methods: threat model, security policy and protection mechanisms.

4.  Trade-offs that needed to be considered with any sensible security scheme.

5.  System-of-systems in computer security.

Late Submissions and Extensions

Late submissions are subject to University penalties (5% deduction per calendar day up to 7 days; after 7 days a mark of zero is recorded). Extensions must be requested through the PEC process in advance of the deadline. Address all extension requests to the Teaching Office.

QUESTION 1 – 35 MARKS

Design a host anomaly detection system on Linux that accepts an executable binary file and detects whether it is anomalous or not. Your system should use strace (or equivalent) to inspect the system calls generated by the binary and accordingly classify it as anomalous or not. You can use any statistical method or an ensemble of methods in your design. Focus on detection alone. Responses to anomalous behaviour are out of scope.

You can use pre-existing ML libraries but simple changes to a pre-existing anomaly detection systems is not allowable.   To generate data for your experiments use the strace or ptrace utility, which capture run-time system calls from a given executable. Consider a variety of clean (non - malware) programs and write your own code to simulate traces of anomalous behaviour. Do not attempt to apply strace/ptrace over real malware on any computer system!

(i)  Describe your threat model and security policy

100 words [5 Marks]

(ii)  Provide an architecture diagram, and explain your high-level design includingthe con- sideration of how you define a baseline with due consideration of static-vs-dynamic baselines

200 words [10 Marks]

(iii)  Implement your design in python (well commented code) to detect anomalies based on a dynamic definition of good behaviour using an appropriate statistical method such as a machine learning model. Describe suitable metrics to test your system with due justification, including test results [20 Marks]

QUESTION 2 – 25 MARKS

You are tasked with designing a system to help users generate and remember strong pass- words in the threat model ofa remote adversary.

(i)  Implement your design in Python and provide well-commented code.         [15 Marks]

(ii)  Discuss how it achieves its security goals

200 words [10 Marks]

QUESTION 3 - 25 MARKS

In federated learning, the Federated Averaging algorithm is used to combine weights from multiple decentralised sources and distributes an updated model to all participants. The pseudo-code of Federated Averaging is as follows:

!htbp]f igure

Consider a threat model where one of the participants is compromised.

(i)  Provide pseudocode for an attack on the FedAvg algorithm, orchestrate via corrupt model update from the compromised participant. [15 marks]

(ii)  Discuss the effectiveness of your attack.

200 words [10 Marks]

QUESTION 4 - 15 MARKS

A feature of DNS servers is the ability to cache responses to queries to speed up future pro- cessing. A server will store a response to a DNS lookup for a domain name for the duration of the TTL value in the response field, before removing it from the cache. The TTL value is set by the client requesting the lookup. Ifa domain does not have an entry in the cache, then the server will perform a recursive lookup to the authoritative name server.

Design a time-expiring storage mechanism using the time-limited caching property of DNS.

(i)  Explain how your scheme works with the help of diagrams.

100 words [5 Marks]

(ii)  Implement your storage mechanism using Python and submit your code with appro- priate comments. [10 marks]