| layout | title | permalink |
|---|---|---|
page |
Syllabus |
/syllabus/ |
Mainly, writing a blog post is required.
In the first topic, we will cover the following sub-topics:
- Shellcode
- Control-flow hijacking and defenses
- Return-oriented programming
- Control flow integrity
- OS security
- (Tentative) Sandboxing and Fuzzing
We will cover various network security sub-topics as follows:
- TCP/IP attacks
- DoS and DDoS attacks
- Internet naming security
- Internet routing security
- SDN attacks
- IDS and Firewalls
- knowledge of data structures and algorithms
- understanding of computer architecture and operating systems (e.g., memory layout, execution semantics)
- good understanding of computer networks (e.g., layering concept, IP networks, Internet naming and routing)
- strong programming skills in C/C++ and Python
- being comfortable to write Assembly code
- ability to learn new languages, tools and frameworks
Most importantly, you are eager to learn new concepts and to challenge yourself.
If you are not familiar with at least four of these skills and cannot learn the other two quickly, this course might be hard for you.
The reading materials will come from book chapters and research papers.
- Final Project (Group of 2–3): 35%
- Assignments (Individual): 30% (3 x 10%)
- Research Reading (Individual): 10%
- Quizzes: 12% (2 x 6%)
- Blog Post (Group of 2–3, or Individual): 8%
- Participation: 5%
The letter grade is calculated based on the final score as follows:
- A+: 95% – 100%
- A : 90% – 94%
- A-: 85% – 89%
- B+: 80% – 84%
- B : 75% – 79%
- B-: 70% – 74%
- C+: 65% – 69%
- C : 60% – 64%
- C-: 55% – 59%
- D : 50% – 54%
For more details, check project and assignment pages. You are required to read all non-optional materials before the lecture.
In addition, you will be asked throughout the semester to summarize at least five papers out of all the materials you will read.
- This is an individual activity.
- These papers will be mentioned in the "Events" column in the schedule page at least three days before the deadline.
- You should deliver a hardcopy of your summary to the instructor no later than 9:40am in the lecture.
- The summary must be your own. Avoid any type of plagiarism or paraphrasing.
- Please use this Latex template.
- The summary should be up to two pages. Longer documents will not be graded
- Late delivery will not be graded.
Your summary should answer these questions (I am using Vyas Sekar's questions):
- Did you like this paper? Why? 1–2 sentences.
- What problem is this paper solving? 2–3 sentences.
- What are the strengths of this paper? 3–4 sentences.
- What are the main weaknesses in the paper? Do you see any potential attacks? 3–4 sentences.
- What would you do differently? Are there assumptions you disagree with? Do you see ideas for future work or improving the solution proposed? 3–4 sentences
A quiz may be given at the beginning of class and will cover topics from the preceding lectures and readings. It is strongly suggested that students read non-optional materials before the lecture. Quizzes missed because of absences can not be made up unless arrangements are made with the instructor prior to the lecture. For more details, check this page. I expect students to take active and regular roles in discussion and demonstrate comprehension of the reading and lecture materials. Participation will be closely monitored by the instructor. Students that do not show a good understanding of the materials will get a '0' grade in the participation.
Announcements and Discussion Board. We will use Piazza to make announcements as well as to discuss lectures and assignments. Online discussion is encouraged and it contributes to your participation grade.
Course Staff. You can reach the instructor and TA by their email. The instructor will reply to your email within 24–48 hours. To get a timely response, don't postpone sending your email to the last minute (e.g., few hours before a deadline).
Late Submission Policy. Late submissions will not be graded.
This policy is observed for project, assignments and paper summaries unless
(1) there is an excused absence (e.g., illness with sick note, emergency) and
(2) student made arrangements with the instructor prior to the deadline.
Academic Honesty and Conduct Policies. This course will follow SFU Academic Honesty and Student Conduct policies (S10). You can obtain a copy of these policies here.
Please do not cheat! The instructor expects honesty in the completion of project, assignments, paper summaries and quizzes. The instructor does not tolerate violations of academic integrity, and carefully monitors for instances of such offenses. In the case of a discovery of a violation, the instructor will assign 'F' grade and refer the student to the appropriate University/School bodies for further action.
Discussion of projects and assignments are encouraged. However, students are forbidden to copy anything (e.g., source code, text) off the Internet or other students to complete a project, assignment, or paper summary.
Ethics Policy and Code of Ethics. The goal of this course is to learn how to protect systems and build defensive mechanisms. To achieve this goal, you will learn various techniques that may be used to attack many existing systems. Attacks discussed in this class are illegal to execute.
In order to receive a non-zero grade in this course, you must sign the CMPT 479/980 ethics form by 11:59pm on January 17, 2020. Late forms will not be accepted. The form is available here.