CMPT 783: Cybersecurity Lab II
We will use CourSys for all class materials, discussions and grading.
Your grade will be:
- Labs (60%)
- Project (25%)
- Quizzes (15%)
Syllabus
The topics covered in this course are:
I. System security
- Shellcode development
- Buffer overflow
- Control-flow attacks and defenses
- Format string vulnerabilities
- Return-to-libc attacks
- Return Oriented Programming
II. Network Security
- Network architecture and routing
- ARP/ICMP
- Network analysis
- TCP/IP attacks
- DNS attacks
- Firewalls
- VPNs
Project
See Project explainer for grading and details.
Deadlines
- Project proposal (Feb 12th): Form a group and decide on a project topic. Submit a project proposal.
- First project progress report (Mar 11th)
- Second project progress report (Mar 25th)
- Presentation + Demo (April 8th)
- Final project report (April 15th)
Example topics
- IoT vulnerabilities and defenses
- Automated vulnerability analysis (static, dynamic)
- Resolving Spectre/Meltdown attacks
- Smart contract attacks
- Network anomaly detection
Marking
Your project will be graded on the following:
- Presentation (30%) - communication skill, clarity, organization, and content;
- Report (30%) - professional writing, organization, and content;
- Code deliverable (40%) - novelty, impact, scale, and security skills demonstrated.
Schedule
Classes are held on Mondays from 9:30 AM to 11:20 AM at SECB1010. Recordings will be posted after each class.
Labs are held on Mondays from 12:30 PM to 4:20 PM at SECB1010. Lab reports will be due on the following Sunday.
Office hours are held on Thursdays from 2:00 PM to 2:30 PM on Zoom (https://sfu.zoom.us/j/8146113895). Note that technical questions on laboratory assignments are expected to be addressed during the lab.
Please e-mail me if you need to meet me at other times or in person.
Quizzes
There will be two quizzes. Each quiz will be held in person during the first 30 minutes of the lab.
The first quiz is on February 26 and will cover Lectures 1 to 6.
The quizzes are open book. All materials are permitted, but electronics are not permitted.
Materials
Lecture 1, Lab 1, Lab 1 explainer (Updated Jan 8 1PM to correct due dates and website IP)
Lecture 2, Lab 2, Lab 2 explainer, Lab 2 code
Lecture 3, Lab 3, Lab 3 explainer, Lab 3 code
Lecture 4, Lab 4, Lab 4 explainer, Lab 4 code
Lecture 5, Lab 5, Lab 5 explainer, Lab 5 code
Lecture 6, Lab 6, Lab 6 explainer, Lab 6 code
Lecture 7, Lab 7, Lab 7 explainer, Lab 7 code
Lecture 8, Lab 8, Lab 8 explainer, Lab 8 code
Lecture 9, Lab 9, Lab 9 explainer, Lab 9 code
Lecture 10, Lab 10, Lab 10 explainer, Lab 10 code
Lecture 11, Lab 11, Lab 11 explainer, Lab 11 code
Further reading
- Computer & Internet Security: A Hands-on Approach, Wenliang Du, May 1 2019, 9781733003933
- The Practice of Network Security Monitoring: Understanding Incident Detection and Response, Richard Bejtlich, Jul 15 2013, 9781593275099
- Computer Networking: A Top-Down Approach (7th Edition), James Kurose and Keith Ross, Apr 26 2016, 9780133594140