CPEN 442, Fall 2016
Introduction to Computer Security


Course Description

CPEN 442, "Introduction to Computer Security," is a fourth year undergraduate elective course that introduces students to the subject of computer security from the technical point of view. The purpose of this course is to help students in learning the principles of computer and information security in general and of designing secure systems in particular.

The students are expected to learn:


When*: Tuesday and Thursday, from 12:30 to 1:50 PM; September 6 to November 29, 2018.

Where*: ANGU 343


All announcements for the course are made during sessions and on Piazza site of the course. It's expected that all students check discussion topics at least every business day.

* -- subject to change, see the course's entry in the calendar


Grading will be done according to the following break-down:

Grade %
Quiz 0 (5 points will be given only to those who get 75% on quiz #0). 5
In-class quizzes on TopHat
Mid-term examination 10
Final examination
Term project proposal presentation & write-up (G)*
Term project presentation at the mini-conference (G)
Term project report (G)  

Pre-final draft of the report, which contains all part of the report required, according to the project type: design, analysis, implementation.

Final report (all the sections, according to the project type: design, analysis, implementation)
Project video clip (G) 4
Home assignments and labs (both group and individual)


* group elements of the final mark are indicated with (G)

If the mean final mark for the cohort is less than 75%, the final mark of each student in the cohort will be pro-rated so that the mean final mark will be 75%.

Course Staff


Dr. Konstantin Beznosov. Office hours: see course calendar, KAIS 4047.

Teaching Assistants

Masoud Mehrabi Koushki, Ph.D. student: office hours, see course calendar, location TBD.

Borke Obada, Ph.D. student: no office hours.

Learning Objectives

Core Learning Objectives

On completion of this course, students are expected to be able to:

  1. Articulate the principles of computer and information security,
  2. Describe similarities and differences among various symmetric and public key
    cryptographic techniques,
  3. Explain discretionary owner-based, mandatory lattice-based, and role-based access
    control models,
  4. Describe main types of security policies,
  5. Articulate the principles of security design,
  6. Articulate the defense methods against malicious logic.


Entry Requirements


You should be an undergraduate student in your 4th year or a graduate student, in order to take this course. To be succesful in the course, you should at least have strong programming and operating systems background.


In order to pass the course, each student must complete the following modules:
  1. Term Project

    Students will be responsible for a final project. You should work in groups of 4 students. There should be no more than one graduate student in each group. Contribution of each student to the term project will be evaluated by the other team members via iPeer.

    The nature and the topic of the project is your choice, although it needs the approval of the teaching staff. There will be a number of security analysis projects with UBC IT or industry. Also, for inspiration, you might want to look at the list of potential project topics found at the page of the term project module. Also, projects done by students in the previous years might help you to figure out the best scope and the technical level of your project. We will generally approve interesting topics about network, computer, or software security.

    Your group will need to present the project proposal and submit a two-page written proposal with an initial bibliography (please see the course calendar for exact deadline information). It is highly advisable to get going early; we will gladly accept proposals before the deadline. This assignment gives us a chance to review and approve your project proposal, and to suggest references that you may have overlooked.

    We also encourage you to arrange a short meeting with the course staff to discuss what you want to do for the project. See the course calendar for the deadline for such a meeting.

    One or two whole days will be devoted to short presentations of each term project. You will submit a written report on your project and a video clip.

  2. Home and labs assignments

    The are will be several problem sets posted about one week before the corresponding due dates. Solutions will be posted with corrected homework—hopefully within a week of the submission deadlines.

    Most assignments are to be submitted through Turnitin.

    There will be both individual and group problem sets. You are to work on group problem sets and term projects in same groups. One problem set will be turned in by each group, and one grade will be given for each assignment. You must work in groups; assignments turned in by individuals or pairs will not be accepted. Be sure that you understand and approve the solutions turned in to each problem. Get your group organized as soon as you can, and email the composition of your group to the teaching staff. Contribution of each student to the group assignments will be evaluated by the other team members via iPeer.

    If you have trouble finding a group, contact the staff. To prevent your group from falling apart, make sure everyone participates and that you all communicate on a regular basis. If you have a problem with a group-mate, talk to him/her first. If you are unable to make a compromise or your group does fall apart, talk to the staff.

    Late Turn in, Marking, and Make-Up Policies:

    1.One assignment with worst mark will NOT be used for calculating the assignment portion of your final mark in the course.
    2. No late assignments are accepted.
    3. No make-up assignments will be given for those who missed them.

  3. Presentation of the term projects (mini-conference)

    Each group will present their term project to the rest of the class during a mini-conference at the end of the course. A tutorial on successful presentations will be held (see the course calendar for the date).

  4. Quizzes

    There will be quizzes in most classes. Quizzes will test your knowledge of material from lectures, home assignments, and readings. See the course calendar for the quiz dates.

    Quizzes Marking and Make-Up Policy:

    1. To make up for missed or poorly taken quizzes, up to 20% of your quiz mark will be added to the quiz portion of your final mark in the course.
    2. No make-up quizzes will be given.

  5. Midterm and Final Examinations

    There will be one mid-term and one final closed-book examinations. See the course calendar for the mid-term examination date. The date of the final examination will be set and announced by the UBC services. It's the student's responsibility to know the date, time, and location of the final examination.

  6. Sessions

    Sessions will be a mix of lectures, fliped-lectures, Q&A, discussions, group and individual activities. You are highly encouraged to participate actively since this will improve your understanding and retention of the material. Attendance is mandatory and might be recorded using TopHat attendance poll. It is your responsibility to be aware of any announcements made during sessions and to know the material presented and discussed at the sessions.

  7. Participation

    Every student is expected to participate actively in the sessions and/or online discussions carried on between sessions on the discussion group of the course.

  8. Studying Before and After the Classes

    Each student is expected to study all required material for each class. There will be also optional study material for some sessions, which will help you to gain dipper and/or broader understanding of a particular topic.

Academic Integrity

All students are expected to engage in all course activities within the norms of academic integrity. You can find more information about academic integrity and plagiarism at the web page of the UBC's Academic Integrity Resource Centre. A description of disciplinary measures for academic misconduct can be found here.

Required Textbooks

  1. Mark Stamp, Information Security : Principles and Practice, Second Edition, Wiley-Interscience, 2011.
  2. Anderson, Ross. Security Engineering -- A Guide to Building Dependable Distributed Systems. John Wiley & Sons, 2008, Second Edition. See free chapters from this book online.