Instructor: | Philip W. L. Fong <pwlfong _AT_ ucalgary _DOT_ ca> |
Lectures: | Tuesday/Thursday 3:30 - 4:45 PM ; ST 139 |
Office Hours: | Wednesday 3:00 - 5:00 PM ICT 640 |
TA: |
Zain Rizvi <szrrizvi _AT_ ucalgary _DOT_ ca> Simpy Parveen <simpy.parveen1 _AT_ ucalgary _DOT_ ca> |
Tutorials: |
T01: Tuesday/Thursday 12:00 - 12:50 PM ; ICT
517 T02: Tuesday/Thursday 1:00 - 1:50 PM ; ICT 517 T03: Monday/Wednesday 6:00 - 6:50 PM ; MS 160 |
Course web page: | http://www.cpsc.ucalgary.ca/~pwlfong/525 |
Official Course Outline: | TBA |
CPSC 457 and one of MATH 271 or 273. CPSC 329 is recommended as preparation for this course.
Tutorial Participation | 5% |
Assignments: | 40% |
Project Proposal | 5% |
Project Final Report: | 50% |
Assignments: | 30% |
Project Proposal | 5% |
Project Interim Report: | 15% |
Project Final Report: | 50% |
Important: Each of the above components will be given a letter grade using the official University grading system. The final grade will be calculated using the grade point equivalents weighted by the percentage given above and then reconverted to a final letter grade using the official University grade point equivalents.
Desire2Learn (D2L) will be used for the following purposes:
All other materials concerning this course will be made available at the course website.
The final grade will NOT be posted at D2L.
There is no required textbook. All required readings will be available at D2L.
A Reading List will be made available online at D2L. The list specifies the reading assignment for each of Week 2 to Week 12 (excluding week 7, the Mid-Term Break). Students shall complete the readings on a weekly basis.
The following is a tentative lecture plan. Adjustment will be made as the semester progresses.
Week | Date | Topic | Remarks |
---|---|---|---|
1 | Jan 9, 11 |
Introduction Design Principles |
|
2 | Jan 16, 18 |
The Kernel-User Dichotomy Authentication |
|
3 | Jan 23, 25 |
Access Control Memory Protection |
|
4 | Jan 30, Feb 1 | Vulnerabilities and Exploits |
A1 due (525 only) Proposal due |
5 | Feb 6, 8 |
Defenses Unix Security (1) |
A1 due (525 only) Proposal due |
6 | Feb 13, 15 | Unix Security (2) | |
7 | Feb 20, 22 | No lecture due to Mid-Term Break. | A2 due |
8 | Feb 27, Mar 1 | Database Security | |
9 | Mar 6, 8 | Java Security | |
10 | Mar 13, 15 |
Android Security Discretionary Access Control (1) |
A3 due (525 only) Interim Report due (625 only) |
11 | Mar 20, 22 |
Discretionary Access Control (2) Safety Analysis |
A3 due (525 only) Interim Report due (625 only) |
12 | Mar 27, Mar 29 |
Information Flow Control Access Control for Commercial Applications (1) |
|
13 | Apr 3, 5 |
Access Control for Commercial Applications (2) Role-Based Access Control (1) |
A4 due |
14 | Apr 10, 12 |
Role-Based Access Control (2) Special topics |
Lecture slides will be posted at the course website.
In the tutorial sessions, the TAs will go through the following book with you:
Adam Shostack. Threat Modeling: Designing for Security. Wiley, 2014.
The idea is that those of you who will be doing an "implementation project" (one of the four types of projects recommended in the Suggested Project Topics page on D2L) will be requested to do a little bit of threat modeling. The tutorials are for giving you a rough idea of what that could mean, and to hopefully get you interested enough that you would read the book as part of your project work.
You are not required to read the above book, but only encouraged to do so if you find it relevant to your project work.
To encourage your participation in the tutorial sessions, 5% of the coursework will be allocated to tutorial attendance and participation. You are permitted to skip 2 of the 24 tutorial sessions in weeks 2-14 without receiving any penalty in grades.
Four assignments will be given. Two are reading responses. They are minor writing exercises for students to demonstrate their understanding of the assigned readings. All students (both 525 and 625) shall attempt the reading responses. The other two assignments invite students to do some investigations into technical topics relevant to the course. Only 525 students are required to attempt the investigation assignments.
# | Assignment Topic | Due Date | 525 % | 625 % |
---|---|---|---|---|
1 | Investigation: Software Vulnerabilities |
Friday, Feb 2 Monday, Feb 5 |
10% | N/A |
2 | Reading Response: Weeks 2-6 | Friday, Feb 23 | 10% | 15% |
3 | Investigation: UMA |
Friday, Mar 16 Friday, Mar 23 |
10% | N/A |
4 | Reading Response: Weeks 8-12 | Friday, Apr 6 | 10% | 15% |
All assignments are due at noon on the due dates. Submissions are done via Desire2Learn.
Assignment specifications will be posted at the course website.
A major component of the coursework is the term project. For 525 students, the project will be completed by groups of 4. For 625 students, each student will work on his or her own project.
The topic of the project is flexible, but it must be approved by the instructor. The bottomline is that the selected topic shall fall within the scope of this course:
The best way of assuring that your chosen topic is acceptable is to meet with the instructor during the posted office hours, at least one week prior to the due date of the proposal.
A list of Suggested Project Topics will be posted at D2L. It doesn't mean that students must only pick from the list, but it doesn't hurt to do so either.
The project consists of 3 deliverables for 625 students and only 2 for 525 students:
# | Project Component | Due Date | 525 % | 625 % |
---|---|---|---|---|
1 | Proposal |
Noon, Friday, Feb 2 Noon, Friday, Feb 9 |
5% | 5% |
2 | Interim Report |
Noon, Friday, Mar 16 Noon, Friday, Mar 23 |
N/A | 15% |
3 | Final Report | Noon, Wednesday, April 18 | 50% | 50% |
Specification of the requirements for the 3 components will be posted at the course website.
Resources for the project:
Helmut Kopka and Patrick W. Daly. Guide to LaTex (4th Edition). Addison-Wesley Professional, 2003. Available online at the UofC Library website.
$Id: index.html,v 1.13 2018/03/23 16:23:38 pwlfong Exp $