September |
Week # |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
1 |
3 |
4
UBC-wide orientation. No classes. |
5 |
6
- Course overview
- Bootcamp in Computer Security
|
7 |
2 |
10
|
11
Before the class:
- Refresh your knowledge of modular arithmetics (e.g., modular multiplication, multiplicative inverse), combinatorics, and elementary statistics.
- Study buffer overflow vulnerabilities and countermeasures:
- General Introduction [pptx][pdf][YouTube]
- Part I - Basic Buffer Overflows [pptx][pdf][YouTube]
- Part II - Real Buffer Overflows [pptx][pdf][YouTube]
- Part III - Countermeasures [pptx][pdf][YouTube]
In the class:
- Quiz on Buffer Overflow, module arithmetics, combinatorics, and statistics.
- Bootcamp in Computer Security
|
12
|
13
Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-C.
Before the class:
- Make sure to set up the Top Hat app on your smartphone, get a student account, and join this course.
- Study Bootcamp in Computer Security up to but not including slide on
"Steps of Improving Security" (arouind 42).
In the class:.
- TopHat quiz on Bootcamp in Computer Security up to but not including slide on
"Steps of Improving Security" (arouind 42).
- Finishing Bootcamp in Computer Security
|
14 |
3 |
17
|
18
Before the class:
- Study Bootcamp in Computer Security up to and including Design
Principle 4.
- Study Introduction and Threat Models (from minute #5:40 to 50) (notes)
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Finishing Bootcamp in Computer Security
|
19 |
20
Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-F.
Before the class
- Study Bootcamp in Computer Security
- Study Chapter 1 from Anderson.
In the class:
- TopHat quiz on the material presented in the previous class (if any) and to be studied before this class.
- Discussing problems related to the material studied for the class.
- Design principles followed by iOS security
|
21
|
4 |
24
|
25
No class. Independent work on term paper proposal. |
26 |
27
No office hours this week.
No class. Independent work on term paper proposal. |
28
|
|
October |
Week # |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
5 |
1
Instructor office hours, 1 PM - 2 PM, KAIS 4047. Check-in with students with first names starting with A-I. |
2
Before the class
- Study Cryptography 101: Goals, Basics, Substitution Ciphers
- Study all micro-modules of ancient cryptography and then study and pracrtice all parts of Ciphers module
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discuss problems on the material studies for the class.
- Discuss Adversary Models
|
3
|
4
Term paper proposal presentations. |
5
Term paper proposals due to Kosta via turnitin.com by 9 PM. |
6 |
8
|
9
Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-L.
Before the class:
- Study Random Oracle model and its versions for hash functions, block ciphers, and stream ciphers by reading Anderson: Sections 5.1-5.3.
- Study introduction to modern cryptography, videos 1, 2, 3.
- Study introduction into stream ciphers, videos 1, 2, 3.
- Study random number generators video 1.
- Study block ciphers Introduction video.
- Study AES
- videos 1 and 2.
- AES demos.
- Watch a narrated demo of AES.
- Optionally, study videos AES Parts 3-15 from applied crypto playlist.
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of problems on the application of the studied material.
|
10 |
11
Before the class:
- Study modes of operations for block ciphers:
- By watching videos ECB & CBC, CBC, CFB, CTR, and
- By reading Anderson's Section 5.5.
- Study Asymmetric Crypto Primitives by reading Anderson's Section 5.7.
- Study Diffie-Hellman key exchange protocol with this very affordable videos.
- Study key establishement video lectures by Stamp: 9.1-9.2, 9.3, 9.3.1, 9.3.2-9.3.3, 9.3.4-9.3.5, 9.3.6, 9.4, 9.6 (from 9:30).
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of problems on the application of the studied material.
|
12 |
7 |
15
|
16
Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-O.
Before the class:
- Study real-world security protocols, as presented by by Stamp: 10.1-10.2, 10.3, 10.3.1-10.3.3, 10.5-10.5.1, 10.5.2-10.5.3, 10.6.1-10.6.3, 10.6.2-10.6.5, 10.7-10.7.1, 10.7.2-10.7.3, 10.7.4-10.8.
- Watch WEP vs. WPA explanation.
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of the material studied for this class.
|
17 |
18
Before the class:
- Study N. Unger et al., "SoK: Secure Messaging," in IEEE Symposium on Security and Privacy (SP), San Jose, CA, 2015, pp. 232-249.
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of the material studied for this class.
|
19
|
8
|
22 |
23
Before the class:
- Study these How BitCoin works under the hood.
- Study J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll and E. W. Felten, "SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies," Security and Privacy (SP), 2015 IEEE Symposium on, San Jose, CA, 2015, pp. 104-121.
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of the material studied for this class.
|
24 |
25
Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-R.
Before the class:
- Study MIT's video lecture on User Authentication (notes).
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of the material studied for this class.
|
26 |
November |
Week # |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
9
|
October 29 |
October 30
Before the class:
- Study "The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes." IEEE Symposium on Security and Privacy (2012): pp. 553–567.
During the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of the material studied for this class.
|
October 31 |
November 1
Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-U.
Before the class:
Study video lectures on usable security:
- Lecture 1: Introduction.
- Lecture 2: Design.
- Lecture 3: Evaluating usable security design.
During the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of the material studied for this class.
|
2 |
10 |
5 |
6
Before the class:
- Study video lectures on usable security:
- Lecture 4: Guidelines for Secure Interaction Design.
- Lecture 5: Usable Authentication.
- TED Talk "What's wrong with your pa$$w0rd?"
- Study sections 1-3.1 of "Usable Security: History, Themes, and Challenges"
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of the material studied for this class.
|
7 |
8
Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-Z.
Before the class:
- Sections 3.2-5 of "Usable Security: History, Themes, and Challenges"
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of the material studied for this class.
|
9
Term paper prefinal drafts due 9 PM. |
11 |
12 |
13
Before the class:
- Study Low Level Vulnerabilities and Exploits (from 25m50s to the
end) (50 minutes total).
- Study Countemeasures to Buffer Overflow and Other Code Injection and Manipulation Attacks (1h40m).
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of the material studied for this class.
|
14 |
15
Instructor office hours, 11 AM - 12 PM, KAIS 4047.
Before the class:
- Study Security for the Web (1h42m).
- Study OWASP Top 10 Most Critical Web Application Security Risks (2017 edition).
In the class:
- TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
- Discussion of the material studied for this class.
|
16 |
12 |
19 |
20
Before the class:
- Study video lecture on Designing and Building Secure Software (2h10m).
- Study video lecture on Penetration Testing (1h47m).
During the class:
- Top Hat Quiz on the study material for the class.
- Discussion of the study material.
|
21 |
22
Instructor office hours, 11 AM - 12 PM, KAIS 4047.
Before the class:
Study video lectures on the economics of cybersecurity:
Part 1: Basics
- A brief history,
- Introduction to economics,
- The economics of information goods,
- Security from an economic perspective,
During the class:
- Top Hat Quiz on the study material for the class.
- Discussion of the study material.
|
23
|
13 |
26 |
27
Before the class:
Study video lectures on the economics of cybersecurity (continued):
Part 2: Security Metrics
- What to measure?
- Measuring security levels,
- Metrics in practice,
- Metrics from incident data,
Part 3: Security Investment and Risk Management
- Information security strategy,
- Information security investment,
- Risk management,
- Operational security management.
Part 4: Market Failures
- Market failures,
- case study 1: Information sharing in incident response,
- case study 2: payment card security,
- Policy interventions,
During the class:
- Top Hat Quiz on the study material for the class.
- Discussion of the study material.
|
28 |
29
Instructor office hours, 11 AM - 12 PM, KAIS 4047.
Before the class:
Study video lectures on the economics of cybersecurity (continued):
Part 5: Behavioural research into security & Policy Implications
- Prospect Theory,
- Heuristics and social persuasion,
- Consumer behaviour and deception,
- Security economics and policy,
- Behavioural economics of privacy.
During the class:
- Top Hat Quiz on the study material for the class.
- Discussion of the study material.
|
30 |
December |
Week # |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
14 |
3
|
4
Mini-conference 9:00-18:00, KAIS 2020/2030. |
5
Term papers due 21:00 |
6
Instructor office hours, 3 PM - 4 PM, KAIS 4047.
Self-assessment of course participation due 23:59. |
7 |
15 |
10
|
11 |
12
Final examination 3:30-6:00 PM. |
13
|
14 |
16 |
17 |
18 |
19 |
20 |
21 |
17 |
24 |
25 |
26 |
27 |
28 |
|