CMPT 403 (Summer 2023): System Security and Privacy
Classes are held in WMC 3260 on:
- We 1:30PM - 2:20PM
- Fr 12:30PM - 2:20PM
Zoom recordings are available here.
Office hours will be held each Monday 3:45 to 4:30 pm on Zoom.
https://sfu.zoom.us/s/8146113895
Please e-mail me if you need to meet me at other times or in person.
Grading
Your mark will consist of the following:
- Assignment: 45% (3 assignments, 15% each)
- Mid-term: 25%. June 30th during class.
- Mock exam
- Covers everything up to and including the June 23rd class.
- Final: 30%
Course slides
- Module 1: Introduction
- Module 2: Software Security
- Module 3: Cryptography and Security
- Module 4: Network Security
- Module 5: Data Security and Privacy
- Bonus slides
Assignments
For programming, three languages are allowed: C++, Java, and Python3. Assignments will be posted when released.
- Assignment 1, login.cpp, password.txt
- Assignment 2, ciphertext_gen.py, oracle.py, ciphertext
- Assignment 3, packets.txt
Other resources
Some details of the course are given below.
Course description
Starting from cybersecurity principles, students will learn to protect systems from attacks on data confidentiality, integrity, system availability, and user privacy. By modeling system security, students will learn to find weaknesses in software, hardware, networks, data storage systems, and the Internet, and identify current security practices to protect these systems. Prerequisite: CMPT 300 with a minimum grade of C-.
Note that this course was offered as CMPT 479 in Summer 2022.
Textbook
There are no required textbooks for this course. As a reference, students may find "Security in Computing, 5th Edition" by Shari Lawrence Pfleeger, Charles P. Pfleeger, Jonathan Margulies to be helpful.
However, this course is constantly updated to reflect the ongoing security and privacy landscape - the book is relatively old (2015) and would not cover the newer topics in this course.
Grading
There is no specific minimum grade to pass this course. A 50 is a guaranteed pass. The assignments each have a written and a programming portion, with the programming portion expected to take longer. The exams are open-book and are mainly multiple choice, with some longer written questions. (This means that you should not expect to find the answer directly in the slides - some deduction and learning is necessary.)
Other resources
I've found that Arc Technica has good, detailed reporting on computer system attacks, and I often use it as a source for my material.
Bruce Schneier runs an informative and fascinating blog commenting on security (and also CS). He will be able to give you insights into the current security landscape beyond the textbook.