Background
The MSc in Software and System Security degree at University of Oxford provides the students with a wonderful feature - they allow you to select the modules that you want to work on, learn more about and are not doing it just for the sake of curriculum. Meaning, that mostly people would take a certain module because they are really curious and passionate about a subdomain of cyber and software engineering. So here goes my list of module selections without gatekeeping
Modules
I attended my first module in the lovely winter weather of February 2023 (although I was enrolled in October 2022).
Security Principles (February 2023)
A comprehensive understanding of cybersecurity’s specialized sub-domains necessitates a strong grounding in its fundamental principles. This module effectively achieves that balance by systematically building from first principles to more complex system-level considerations. It begins with foundational discussions on the rationale for security, core concepts such as the CIA triad, and the interrelationships between risk, threats, and vulnerabilities, before progressing toward security-aware system design.
The module further provides a rigorous treatment of cryptographic protocol design, which underpins the security of modern computing systems. It examines the primary goals of security protocols, including key distribution, authentication, and key confirmation, and explores the associated protocol constructions and attack models. Key topics include the use of symmetric-key and public-key cryptography, classic protocols such as Needham–Schroeder and Kerberos, the Diffie–Hellman key exchange mechanism, and the security implications arising from key compromise and improper key management.
Building on these foundations, the module introduces advanced cryptographic protocols, including Encrypted Key Exchange mechanisms and secret sharing schemes, highlighting their role in strengthening trust and resilience in distributed systems. The module concludes with a critical examination of real-world case studies, analyzing both failures and successful deployments of cryptographic protocols in contemporary systems, thereby reinforcing the importance of sound protocol design and implementation in practice.
Having historically associated cryptography with extensive memorization and complexity, I approached the module with some apprehension. However, I found the material to be far more engaging and conceptually driven than anticipated.
Cloud Security (February 2023)
This module allowed me to develop a structured understanding of cloud computing and related technologies while remaining deliberately provider-agnostic. I particularly appreciated this neutrality, as it encouraged me to focus on underlying security principles rather than vendor-specific implementations. Through the module, I engaged with foundational concepts such as trust, privacy, and the shared responsibility model, before examining their security implications, common attack scenarios, and the associated legal and regulatory consequences across different jurisdictions.
As the module progressed into security remediation, I found the emphasis on layered controls especially effective. The discussion extended beyond technical safeguards to include physical security considerations relevant to the design of cloud infrastructure, alongside policy- and procedure-based controls and personnel security measures. This approach reinforced for me that cloud security is not solely a technical challenge, but one that is equally shaped by organizational structure and human factors.
The concluding focus on virtualization, cloud-specific attack vectors, and corresponding security controls helped consolidate my understanding of how theoretical principles manifest in real-world cloud environments. Overall, the module strengthened my ability to reason about cloud security holistically, integrating technical, organizational, and regulatory dimensions.
Security In Wireless Networks (March 2023)
This was my third module at the University of Oxford and one I found particularly engaging due to my background in Electronics and Telecommunication Engineering. The module revisited core wireless concepts such as anti-jamming techniques, Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum (DSSS), and Orthogonal Frequency Division Multiplexing (OFDM), and extended them by examining how these technologies are attacked in real-world settings.
A key focus was the security of low-energy wireless technologies, including Bluetooth Low Energy (BLE), ZigBee, and NFC. The module provided valuable insight into how these protocols operate in practice and how design or implementation weaknesses can be exploited if not adequately secured.
One highlight was the discussion of the paper “Brokenwire: Vulnerability in the Combined Charging System for Electric Vehicles,” authored by members of the department, which demonstrated how subtle flaws in widely deployed systems can have significant security implications.
Overall, the module offered a well-balanced combination of theory and practical security analysis, deepening my understanding of wireless technologies and reinforcing the importance of security-by-design.
Mobile System Security (June 2023)
Attending this module immediately after Security in Wireless Network allowed me to establish connectivity with