CMPT 403 (Summer 2026): System Security and Privacy
This course is CMPT 403: System Security and Privacy for Summer 2006. Welcome!
Classes are held in C9002 on:
- Wednesday 3:30 - 4:20 PM
- Friday 2:30 - 4:20 PM
Recordings will be available from Information Systems; link will be posted here.
Office hours will be held each Thursday 11:00 to 12:00 pm on Zoom.
Please e-mail me if you need to meet me at other times or in person.
Grading
Your mark will consist of the following:
- Assignment: 45%
- 3 assignments, 10% each
- Quiz on Assignments, 15%
- Self-Assessment: 5%.
- Mid-term: 20%. During class, Modules 1 to 3. Includes demos.
- Final: 30%
You may bring any non-electronic materials to the exams.
Course slides
TO BE UPDATED:
- Module 1: Introduction
- Module 2: Software Security
- Module 3: Cryptography and Security
- Module 4: Network Security
- Module 5: Data Security and Privacy
- Deniable messaging
- Notes on differential privacy
Assignments
For programming, please use one of these languages: C++, Java, and Python3. Assignments will be posted when released.
Other resources
Some details of the course are given below.
Course description
Starting from cybersecurity principles, students will learn to protect systems from attacks on data confidentiality, integrity, system availability, and user privacy. By modeling system security, students will learn to find weaknesses in software, hardware, networks, data storage systems, and the Internet, and identify current security practices to protect these systems. Prerequisite: CMPT 300 with a minimum grade of C-.
Note that this course was offered as CMPT 479 in Summer 2022.
Textbook
There are no required textbooks for this course. As a reference, students may find "Security in Computing, 5th Edition" by Shari Lawrence Pfleeger, Charles P. Pfleeger, Jonathan Margulies to be helpful.
However, this course is constantly updated to reflect the ongoing security and privacy landscape - the book is relatively old (2015) and would not cover the newer topics in this course.
Grading
There is no specific minimum grade to pass this course. A 50 is a guaranteed pass. The assignments each have a written and a programming portion, with the programming portion expected to take longer. The exams are open-book and are mainly multiple choice, with some longer written questions. (This means that you should not expect to find the answer directly in the slides - some deduction and learning is necessary.)
Other resources
Arc Technica has good, detailed reporting on computer system attacks, and I often use it as a source for my lecture material.
Bruce Schneier runs an informative and fascinating blog commenting on security (and also CS). He will be able to give you insights into the current security landscape beyond the textbook.