CMPT 783: Cybersecurity Lab II
We will use CourSys for all class materials, discussions and grading.
Your grade will be:
- Labs (45%)
- Includes initial report and final report for each lab
- Presentation (5%)
- Project (30%)
- Quizzes (20%)
Syllabus
The topics covered in this course are:
I. System security
- Shellcode development
- Buffer overflow
- Control-flow attacks and defenses
- Format string vulnerabilities
- Return-to-libc attacks
- Return Oriented Programming
II. Network Security
- Network architecture and routing
- ARP/ICMP
- Network analysis
- TCP/IP attacks
- DNS attacks
- Firewalls
- VPNs
Presentation
Each group of 3-4 will give one presentation during our Wednesday labs. Your presentation should be a deep dive into a security topic that you find interesting, with a focus on technical aspects. You are encouraged to use academic papers to support your presentation.
Your presentation will be graded on:
- Depth (50%). Show that you have mastered the material you are presenting; show insights beyond a Wikipedia entry or an AI response.
- Presentation technique (30%). This includes slides and any other materials; they should be clear, concise, well organized, and professional.
- Speech (20%). Speak confidently, loudly, and practice before your presentation.
Generally one group will receive one grade, but an exception will be made in the case of serious issues with the presentation, such as powerpoint karaoke or reading from a script.
Sign-up link https://www.signupgenius.com/go/10C0A45A8AB28A0FDCF8-61522321-2026. Sign up deadline is Jan 28. Choose your slots early!
Your presentation group will be the same as your project group.
Project
See Project explainer for grading and details.
Deadlines
- Project proposal (Feb 7th): Form a group and decide on a project topic. Submit a project proposal.
- First project progress report (March 7th)
- Second project progress report (March 24th)
- Presentation + Demo (Apr 7th, in class)
- Final project report (Apr 14th)
Example topics
- IoT vulnerabilities and defenses
- Automated vulnerability analysis
- Advanced persistent threats, malware technique analysis
- Intrusion prevention and detection systems
- Trusted code execution
- Network anomaly detection
Marking
Your project will be graded on the following:
- Progress Reports (10%)
- Presentation (30%) - communication skill, clarity, organization, and content;
- Report (20%) - professional writing, organization, and content;
- Code deliverable (40%) - novelty, impact, scale, and security skills demonstrated.
Schedule
Classes are held on Tuesdays from 2:30 PM to 4:20 PM at RCB 7100. Recordings will only be made and sent to you if you give me a reason for missing attendance before class.
There are two labs per week, at SECB 1013:
- Wednesday, 2:30 PM to 4:20 PM. Attendance is required. You are asked to submit an initial report after each Wednesday lab. We will also do presentations and quizzes during this time.
- Friday, 10:30 AM to 12:20 PM. Attendance is not mandatory and a TA (Sam Shadbeh) will be available to help you with your lab assignment and report.
Full lab reports will be due on the following Tuesday.
Please e-mail me if you need to meet me at other times or in person.
Quizzes
There will be two quizzes. Each quiz will be held in person during the first 30 minutes of the lab.
The first quiz is on February 25 and will cover Lectures 1 to 6.
The quizzes are open book. All materials are permitted, but electronics are not permitted.
Materials
Lecture 1, Lab 1, Lab 1 explainer
Further reading
- Computer & Internet Security: A Hands-on Approach, Wenliang Du, May 1 2019, 9781733003933
- The Practice of Network Security Monitoring: Understanding Incident Detection and Response, Richard Bejtlich, Jul 15 2013, 9781593275099
- Computer Networking: A Top-Down Approach (7th Edition), James Kurose and Keith Ross, Apr 26 2016, 9780133594140
- Extra presentation slides