CMPT 403 (Summer 2024): System Security and Privacy
This course is CMPT 403: System Security and Privacy. It is also cross-listed as CMPT 980 G3.
Classes are held in WMC 3260 on:
- Tu 2:30 - 4:20 B9201
- Th 2:30 - 3:20 SWH 10041
Zoom recordings are available here.
Office hours will be held each Thursday 11:00 to 11:30 am, extended to 12:00 am if there are questions, on Zoom.
https://sfu.zoom.us/s/8146113895
Please e-mail me if you need to meet me at other times or in person.
Grading
Your mark will consist of the following:
- Assignment: 45% (3 assignments, 15% each)
- Blog post: 5%.
- Self-Assessment: 5%.
- Mid-term: 20%. During class, to be scheduled.
- Final: 25%
Course slides
- Module 1: Introduction
- Module 2: Software Security
- Module 3: Cryptography and Security (not yet updated)
- Module 4: Network Security (not yet updated)
- Module 5: Data Security and Privacy (not yet updated)
Assignments
For programming, three languages are allowed: C++, Java, and Python3. Assignments will be posted when released.
- Assignment 1, login.cpp, password.txt
- Assignment 2, ciphertext_gen.py, oracle.py, ciphertext
- Assignment 3, packets.txt
Other resources
Some details of the course are given below.
Course description
Starting from cybersecurity principles, students will learn to protect systems from attacks on data confidentiality, integrity, system availability, and user privacy. By modeling system security, students will learn to find weaknesses in software, hardware, networks, data storage systems, and the Internet, and identify current security practices to protect these systems. Prerequisite: CMPT 300 with a minimum grade of C-.
Note that this course was offered as CMPT 479 in Summer 2022.
Textbook
There are no required textbooks for this course. As a reference, students may find "Security in Computing, 5th Edition" by Shari Lawrence Pfleeger, Charles P. Pfleeger, Jonathan Margulies to be helpful.
However, this course is constantly updated to reflect the ongoing security and privacy landscape - the book is relatively old (2015) and would not cover the newer topics in this course.
Grading
There is no specific minimum grade to pass this course. A 50 is a guaranteed pass. The assignments each have a written and a programming portion, with the programming portion expected to take longer. The exams are open-book and are mainly multiple choice, with some longer written questions. (This means that you should not expect to find the answer directly in the slides - some deduction and learning is necessary.)
Other resources
I've found that Arc Technica has good, detailed reporting on computer system attacks, and I often use it as a source for my material.
Bruce Schneier runs an informative and fascinating blog commenting on security (and also CS). He will be able to give you insights into the current security landscape beyond the textbook.