CMPT 783: Cybersecurity Lab II

We will use CourSys for all class materials, discussions and grading.

Your grade will be:

Labs (50%)
- Includes initial report and final report for each lab
Presentation (5%)
Project (30%)
Quizzes (15%)

Syllabus

The topics covered in this course are:

I. System security

Shellcode development
Buffer overflow
Control-flow attacks and defenses
Format string vulnerabilities
Return-to-libc attacks
Return Oriented Programming

II. Network Security

Network architecture and routing
ARP/ICMP
Network analysis
TCP/IP attacks
DNS attacks
Firewalls
VPNs

Presentation

Each group of 3-4 will give one presentation during our Wednesday labs. Your presentation should be a deep dive into a security topic that you find interesting, with a focus on technical aspects. You are encouraged to use academic papers to support your presentation.

Your presentation will be graded on:

Depth (50%). Show that you have mastered the material you are presenting; show insights beyond a Wikipedia entry or an AI response.
Presentation technique (30%). This includes slides and any other materials; they should be clear, concise, well organized, and professional.
Speech (20%). Speak confidently, loudly, and practice before your presentation.

Generally one group will receive one grade, so be sure to help each other with presentation skills.

Sign-up link: https://www.signupgenius.com/go/10C0A45A8AB28A0FDCF8-54298834-cmpt783

You are not required to use the same group as your project, though it may be convenient to do so.

Project

See Project explainer for grading and details.

Deadlines

Project proposal (Feb 7th): Form a group and decide on a project topic. Submit a project proposal.
First project progress report (March 7th)
Second project progress report (March 24th)
Presentation + Demo (Apr 8th, in class)
Final project report (Apr 15th)

Example topics

IoT vulnerabilities and defenses
Automated vulnerability analysis
Advanced persistent threats, malware technique analysis
Intrusion prevention and detection systems
Trusted code execution
Network anomaly detection

Marking

Your project will be graded on the following:

Presentation (30%) - communication skill, clarity, organization, and content;
Report (30%) - professional writing, organization, and content;
Code deliverable (40%) - novelty, impact, scale, and security skills demonstrated.

Schedule

Classes are held on Tuesdays from 2:30 PM to 4:20 PM at WMC 2532. Recordings will be sent to students who request it with sufficient reason for missing attendance.

There are two labs per week, at SECB 1013:

Wednesday, 2:30 PM to 4:20 PM. Attendance is required. You are asked to submit an initial report after each Wednesday lab. We will also do presentations and quizzes during this time.
Friday, 10:30 AM to 12:20 PM. Attendance is not mandatory and a TA (Sam Shadbeh) will be available to help you with your lab assignment and report.

Full lab reports will be due on the following Sunday.

Office hours are held on Mondays from 1 PM to 2 PM on Zoom (https://sfu.zoom.us/j/82554829748?pwd=RA0gjyuDZP3cGjEmuVdAoQcfcJQJIS.1).

Please e-mail me if you need to meet me at other times or in person.