CMPT 403 (Summer 2026): System Security and Privacy
This course is CMPT 403: System Security and Privacy for Summer 2006. Welcome!
Classes are held in C9002 on:
- Wednesday 3:30 - 4:20 PM
- Friday 2:30 - 4:20 PM
Recordings are available on stream.sfu.ca.
Office hours will be held each Monday 3-4 PM in person, in my office TASC1 9015.
Please e-mail me if you need to meet me at other times.
Grading
Your mark will consist of the following:
- Assignment: 45%
- 3 assignments, 10% each
- Mid-term: 25%. July 3 (Friday). During class, Modules 1 to 3. Includes demos.
- Final: 30%
- Merged with Quiz on Assignments, 15%
You may bring any non-electronic materials to the exams.
Course slides
- Module 1: Introduction
- Module 2: Software Security
- Module 3: Cryptography and Security
- Module 4: Network Security
TO BE UPDATED:
Assignments
For programming, please use one of these languages: C++, Java, and Python3. Assignments will be posted when released.
Assignment 2, oracle.py, citext.zip, ttp-shorten.txt
Other resources
Reading 1: C is not a low level language
Reading 2: Format string vulnerability tutorial by hacker group TESO
Reading 3: Reflections on Trusting Trust, Ken Thompson's 1984 Turing Award Lecture
Reading 4: Function hooking by example: https://kylehalladay.com/blog/2020/11/13/Hooking-By-Example.html
Some details of the course are given below.
Course description
Starting from cybersecurity principles, students will learn to protect systems from attacks on data confidentiality, integrity, system availability, and user privacy. By modeling system security, students will learn to find weaknesses in software, hardware, networks, data storage systems, and the Internet, and identify current security practices to protect these systems. Prerequisite: CMPT 300 with a minimum grade of C-.
Textbook
There are no required textbooks for this course. As a reference, students may find "Security in Computing, 5th Edition" by Shari Lawrence Pfleeger, Charles P. Pfleeger, Jonathan Margulies to be helpful.
However, this course is constantly updated to reflect the ongoing security and privacy landscape - the book is relatively old (2015) and would not cover the newer topics in this course.
Grading
There is no specific minimum grade to pass this course. A 50 is a guaranteed pass. The assignments each have a written and a programming portion, with the programming portion expected to take longer. The exams are open-book and are mainly multiple choice, with some longer written questions. (This means that you should not expect to find the answer directly in the slides - some deduction and learning is necessary.)
Other resources
Arc Technica has good, detailed reporting on computer system attacks, and I often use it as a source for my lecture material.
Bruce Schneier runs an informative and fascinating blog commenting on security (and also CS). He will be able to give you insights into the current security landscape beyond the textbook.