Introductory description

This module explores the cyber security implications of virtualised systems and the opportunities they present, with a particular emphasis on software containerisation technologies such as Docker. Through comparison with other virtualisation tools and techniques, the module examines trust relationships and security controls between the underlying operating system, containers or other virtualised environments, and the software running within them. Students will investigate the fundamental principle that all software executes within a specific context or container, whether as a mobile application, a laptop operating system, a cloud-hosted virtual machine, or an embedded system, and how this execution context governs behaviour, isolation, and resource access.

A core theme of the module is secure software development and the challenge of regulating resources effectively throughout the software lifecycle. Students will study how secure design, implementation, testing, and deployment practices influence the security of containerised and virtualised systems, ensuring that software is granted just enough privilege to function while preventing unintended or malicious behaviour. The module explicitly integrates principles from the Secure Software Lifecycle (SSL), emphasising security as a continuous process embedded within secure software development rather than an afterthought. Students will examine how development and lifecycle stages impact security in cloud and virtualised environments, and how evolving secure development methodologies help maintain effective controls as systems, contexts, and threat landscapes change.

Through a combination of practical experience with containerisation platforms and critical analysis of secure software development practices, the module equips students with the conceptual and technical skills needed to reason clearly about modern cyber security challenges. By aligning containerisation techniques with secure software development and lifecycle-based security principles, students will gain a systematic understanding of how to proactively mitigate risks, maintain trust across system evolution, and contribute confidently to informed cyber security decision-making in professional and interdisciplinary settings.

Module aims

Outline syllabus

This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.

Overall context:

Secure Software Lifecycle:

• secure design principles for virtualised and containerised environments

• vulnerability management and patching strategies

• security testing: static and dynamic testing

• deployment hardening and configuration management

• why is virtualisation and containment needed?

Development of containment in computing:

• bare metal evolution, instruction sets, clock speed, storage, multicore
• operating system, multitasking, scheduling, sharing and isolation
• root jails, virtualisation, containers
• resources: cpu cycles, storage, communications bandwidth, entropy, input, output.

Containment ecosystem:

• host, container (guest) and sibling containers (guests)
• virtualisation vs containerisation

Lifecycle of the provision of a service:

• concept, specification, design, development, versioning, signing, testing, deployment, maintenance, evolution, decommissioning, timescales

Security in virtualisation and containment:

• threats, sources, agents, vulnerabilities, exploits, vectors,
• controls, privilege, capabilities – in host and container (guest)
• resource separation, storage, execution, networking – in host and container (guest)

Learning outcomes

By the end of the module, students should be able to:

• Identify and explain evolving security methodologies across the secure software lifecycle in cloud and virtualised environments. (AHEP 3.1.1, 3.1.2, 3.1.3, 3.2.3, 3.3.6, M1., M2., M3.)
• Analyse the security relationships within a virtualised ecosystem, focusing on interactions between a virtualised container, its sibling containers, and the underlying host (AHEP 3.1.1, 3.1.2, 3.1.3, 3.2.3, M1, M2).
• Evaluate the extent to which a virtualised container ecosystem satisfies its desired security properties (AHEP 3.1.1, 3.1.2, 3.2.3, 3.3.6, M2., M3.)
• Configure a virtualised container ecosystem to achieve the desired security properties from the perspective of both the container and the underlying host. (AHEP 3.1.1, 3.1.2, 3.1.3, 3.2.3, 3.3.6, M1., M3.)

Indicative reading list

Reading lists can be found in Talis

Specific reading list for the module

Research element

There is a strong emphasis on the development, growth and enhancement of individual research skills so as to provide participants with the high level research knowledge, skills and competencies needed to undertake an independent, original piece of research. The module content draws upon and highlights research within the domain and the module assessment requires participants to perform further research before preparing a response to the assessment task.

Subject specific skills

Assessing security of cloud-based and virtualised systems.
Secure containerised systems design and deployment
Secure deployment of cloud-based systems
Applying secure software lifecycle principles across development and operational stages
Performing vulnerability management and patching strategies
Executing security testing (static, dynamic) for containerised and cloud systems
Hardening deployments and managing secure configurations

Transferable skills

Problem solving, critical thinking, systematic analysis, conceptual frameworks