Not logged in. Login

CMPT 403 (Summer 2026): System Security and Privacy

This course is CMPT 403: System Security and Privacy for Summer 2006. Welcome!

Classes are held in C9002 on:

  • Wednesday 3:30 - 4:20 PM
  • Friday 2:30 - 4:20 PM

Recordings are available on stream.sfu.ca.

Office hours will be held each Monday 3-4 PM in person, in my office TASC1 9015.

Please e-mail me if you need to meet me at other times.

Grading

Your mark will consist of the following:

  • Assignment: 45%
    • 3 assignments, 10% each
  • Mid-term: 25%. July 3 (Friday). During class, Modules 1 to 3. Includes demos.
  • Final: 30%
    • Merged with Quiz on Assignments, 15%

You may bring any non-electronic materials to the exams.

Course slides

TO BE UPDATED:

Assignments

For programming, please use one of these languages: C++, Java, and Python3. Assignments will be posted when released.

Assignment 1

Assignment 2, oracle.py, citext.zip, ttp-shorten.txt

Other resources

Reading 1: C is not a low level language

Reading 2: Format string vulnerability tutorial by hacker group TESO

Reading 3: Reflections on Trusting Trust, Ken Thompson's 1984 Turing Award Lecture

Reading 4: Function hooking by example: https://kylehalladay.com/blog/2020/11/13/Hooking-By-Example.html

cribdrag.py


Some details of the course are given below.

Course description

Starting from cybersecurity principles, students will learn to protect systems from attacks on data confidentiality, integrity, system availability, and user privacy. By modeling system security, students will learn to find weaknesses in software, hardware, networks, data storage systems, and the Internet, and identify current security practices to protect these systems. Prerequisite: CMPT 300 with a minimum grade of C-.

Textbook

There are no required textbooks for this course. As a reference, students may find "Security in Computing, 5th Edition" by Shari Lawrence Pfleeger, Charles P. Pfleeger, Jonathan Margulies to be helpful.

However, this course is constantly updated to reflect the ongoing security and privacy landscape - the book is relatively old (2015) and would not cover the newer topics in this course.

Grading

There is no specific minimum grade to pass this course. A 50 is a guaranteed pass. The assignments each have a written and a programming portion, with the programming portion expected to take longer. The exams are open-book and are mainly multiple choice, with some longer written questions. (This means that you should not expect to find the answer directly in the slides - some deduction and learning is necessary.)

Other resources

Arc Technica has good, detailed reporting on computer system attacks, and I often use it as a source for my lecture material.

Bruce Schneier runs an informative and fascinating blog commenting on security (and also CS). He will be able to give you insights into the current security landscape beyond the textbook.

Updated Wed July 08 2026, 15:02 by taowang.