Acknowledgement

Much of the instruction materials, resources and workflows presented in this course have been designed, maintained and curated by Professor Thierry Sans and previous TAs.

Course Objectives

This course seeks to develop students who:

  1. are well-positioned to discuss the major aspects of Computer Security at an informal and semi-formal level, and have acquired the ability to critically analyze arguments.

  2. demonstrate a breadth of knowledge in the many topics of Computer Security, and understand its relevance and potential for an ever increasing number of applications.

  3. cultivate the foundational skills together with an attitude of career-long learning to remain current as the technologies of Computer Security change and evolve.

  4. show insight into the practical issues of securing computer systems and are aware of the ethical and legal responsibilities that come with this knowledge.

Learning outcomes

Upon successful completion of this course, students will:

  1. have internalized the fundamental notions of threat, vulnerability, attack and countermeasure.
  2. be able to identify the security goals of an information system, point out contradictory goals and suggest compromises.
  3. have a theoretical understanding of the principles underlying cryptography and cryptanalysis and have a technical understanding of the main cryptographic concepts and technologies available today, including symmetric and asymmetric encryption, hashing, and digital signatures.
  4. understand the purpose of security protocols and be witness to the difficulties of their verification.
  5. understand the threats and vulnerabilities that are specific of a networked environment, and explain countermeasures including firewalls and intrusion detection systems.
  6. have an understanding for the vulnerabilities brought about by modern web-based application and services, and discuss countermeasures.
  7. understand how malicious code functions, what the vulnerabilities that make propagation possible, and what methods and practices are available for mitigation

Prerequisite

No assumptions are made about prior exposure to security-related ideas. Some mathematical topics will be covered (finite fields, modular arithmetic, number theory), but not in as much depth as in the MATC16 Cryptography course. These topics are necessary for a proper understanding of modern cryptography, which today is centered around difficult mathematical problems that cannot be solved by brute force computing power, but instead can be solved only with access to a trap-door (key). No assumptions are made about your math background; all the required concepts will be introduced as needed in the course.

This course requires a good understanding of the x86 computer architecture (CSCB58) ans good C/UNIX system programming skills (CSCB09).

Course Staff

We encourage you to post questions regarding course materials and assignments on Piazza. However, if you need extended support, the course staff will hold office hours.

Office Hours
Location
Contact
Kc Udonsi
Thu 17:00-18:00
Fri 17:00-18:00
IC-402
Zoom
Piazza only (no email)
Meixuan Lu
Tue 12:00-13:00
IC 402
meixvan.lu@mail.utoronto.ca
Tahmid Haque
Wed 14:00-15:00
IC 402
tahmid.haque@mail.utoronto.ca
Michelle Kee
Mon 14:00-15:00
IC 402
michelle.kee@mail.utoronto.ca
Yuanyuan Li
Fri 11:00-12:00
IC 402
tuanzi.li@mail.utoronto.ca

Course Timing

Time
Location
Instructor
LEC01
Thu 11:00-13:00
IC-220
Kc Udonsi
PRA01
Mon 10:00-11:00
BV-473
Tahmid Haque
PRA02
Tue 10:00-11:00
BV-473
Michelle Kee
PRA03
Tue 16:00-17:00
BV-473
Meixuan Lu
PRA04
Thu 09:00-10:00
BV-473
Yuanyuan Li
TUT01
Tue 18:00-19:00
BV-264
Tahmid Haque
TUT02
Tue 13:00-14:00
SW-311
Michelle Kee
TUT03
Fri 13:00-14:00
HLB-106
Yuanyuan Li
TUT04
Thu 14:00-15:00
HW-402
Meixuan Lu

Course Information

  • The course website and its Github repository

    One of the nice things about using Github for the course website is that you can contribute to the course website. If you see something on the course website that should be fixed, or want to improve the UI, please feel free to submit a pull request.

  • The Piazza discussion Board

    The discussion board is the best place to ask technical questions, and general questions about the course, assignments and labs. For personal issues, please use private posts. I try to respond by the end of the next day. However, due to volume, it may take longer, especially on weekends.

  • Recommended books

    Although there are no required textbooks, you may choose to review the following textbooks for additional information discussed during the course. Access to these books are not a requirement to succeed in the course.

    • Title: Gray Hat Hacking: The Ethical Hacker’s Handbook, Sixth Edition

      Author(s): By Allen Harper, Ryan Linn, Stephen Sims, Michael Baucom, Huascar Tejeda, Daniel Fernandez, Moses Frost

      Publisher: McGraw Hill

      Edition: 6th Edition

      ISBN-10: 1264268947

      ISBN-13: 9781264268948

    • Title: Applied Cryptography: Protocols, Algorithms and Source Code in C,

      Author(s): Bruce Schneier

      Publisher: Wiley

      Edition: 20th Anniversary Edition

      ISBN-13: 978-1-119-09672-6

    • Title: Real-World Bug Hunting A Field Guide to Web Hacking

      Author(s): Peter Yaworski

      Publisher: No Starch Press

      Edition: 1st Edition

      ISBN-13: 978-1-59327-861-8

    • Title: Computer Security: Art and Science

      Author(s): Matt Bishop

      Publisher: Pearson

      Edition: 2nd Edition

      ISBN-13: 9780321712332

    A copy of each book will eventually be available at the library for no more than 3-day loan.

  • The anonymous feedback form

    If you have feedback about the course, you can send an anonymous feedback to the course instructor (you also have the option of including your name). Since the sender cannot be determined, comments sent through the feedback form are considered public, and they may receive a response at the beginning of class or on the discussion board.

Marking Scheme

The numeric marks of CTF challenges, quizzes and final exam will be used to compute a composite numeric score that will determine your final letter grade for the course. The weighting of course work is set as:

Weight
CTF challenges
60%
Midterm Exam
15%
Final Exam
25%

If your final mark is higher than midterm exam score, the midterm mark will be dropped and its weight will be added to the final exam. Moreover, there will not be any makeup midterm if you miss the midterm exam (whatever the reason).

A mark of at least 40% on the final exam is required to pass the course. If you receive less than 40% on the final exam you automatically fail the course, regardless of how well you have done on the CTF challenges or the midterm exam.

Submission Policy

Electronic copy must be submitted for all assignments, except where explicitly listed as optional for an assignment component. For assignment written work (non-programming), you may submit your document in PDF only.

No late submissions will be accepted for any course work, and no make-up assignments will be provided for missed/poorly completed work. It is your responsibility to ensure that all work is completed on time and to the best of your ability.

If an emergency arises that prevents you from being able to complete any piece of work, or attend an exam, contact one of the instructors immediately. You will need to have a properly completed Illness Verification Form signed by a registered doctor in order to be given special consideration.

Re-mark Policy

If a piece of work has been mis-marked or if you believe the rubric used to evaluate the work is not appropriate, you may request a re-mark. For a re-mark to succeed, you must clearly and concisely express what you believe was mis-marked. To request a re-mark, please contact your TA. Requests must be submitted within 1 week of the marks being returned.

Academic Integrity

You are expected to comply with the Code of Behaviour on Academic Matters.

Assignment solutions must be prepared individually, except where an assignment handout or FAQ explicitly allows working with a partner. Note that working with a partner may be restricted to just part of an assignment, such as programming task, whereas the rest of the assignment must be solved by an individual.

You may discuss assignments with other students, for example to clarify the requirements of an assignment, to work through examples that help you understand the technology used for an assignment, or to learn how to configure your system to run a supporting piece of software used in an assignment. However, collaboration at the level of answering written questions or designing and writing code, is strictly forbidden. Written problems and programming assignments must be answered, designed and coded by you alone, using the text, your own notes, and other texts and Web sources as aids.

Do not let other students look at your assignment solutions, since this can lead to copying. Remember you are in violation of the UTSC Academic Code whether you copy someone else’s work or allow someone else to copy your work. These rules are meant to ensure that all students understand their solutions well enough to prepare the solutions themselves. If challenged you must be able to reproduce and explain your work.

You are not allowed to look at solutions available online and you are not allowed to make your solution publicly available online as well, even after the class term.

The course staff reserves the right to use code and text analysis tools to compare your submission with others to verify that no improper collaboration has occurred.

Failure to comply with these guidelines is a serious academic offence. In past academic offense cases, the Associate Dean has imposed penalties for code violations that range from a mark of zero on plagiarized assignments to academic suspension from the University.

You will be exposed to various unethical and sometimes illegal uses of technology in the course. The fact that we cover this material should not be misconstrued as tacit approval to undertake such activities except with the explicit informed consent of all involved parties.

The existence and knowledge of a security hole is not an excuse to exploit that vulnerability.

At issue are not just your ethics as a Computer Science professional but also University policy and provincial/federal law. In past years, isolated students in this course have made poor judgements, and as a consequence have had their computer accounts suspended, and put at risk the entire class’s opportunity to apply certain of the technologies covered.

Do not put yourself in the position of being the one who triggers restrictions on what technologies can be investigated in this course. If at any time you are unsure of whether you should undertake an computer security activity related to the course (other than the assignments and tutorial activities), please confirm your intent with the instructor or TA beforehand.

Accessibility Needs

The University of Toronto is committed to accessibility. If you require accommodations for a disability, or have any accessibility concerns about the course, the classroom or course materials, please contact Accessibility Services as soon as possible: disability.services@utoronto.ca or http://studentlife.utoronto.ca/accessibility