CPEN 542 Calendar

Last updated on December 5, 2018

The course calendar is subject to change without notice. Always check the calendar before planning your coursework.

ATTENTION: This calendar is being regularly updated.

If necessary, consult the following for the calendar:

regular session day no session day self and online studying due student presentations exam

 

September
Week # Monday Tuesday Wednesday Thursday Friday
1 3

4

UBC-wide orientation. No classes.

 5

6

  1. Course overview
  2. Bootcamp in Computer Security
 7
2

10

 

 

11

Before the class:

  1. Refresh your knowledge of modular arithmetics (e.g., modular multiplication, multiplicative inverse), combinatorics, and elementary statistics.
  2. Study buffer overflow vulnerabilities and countermeasures:
    1. General Introduction  [pptx][pdf][YouTube]
    2. Part I - Basic Buffer Overflows [pptx][pdf][YouTube]
    3. Part II - Real Buffer Overflows [pptx][pdf][YouTube]
    4. Part III - Countermeasures [pptx][pdf][YouTube]

In the class:

  1. Quiz on Buffer Overflow, module arithmetics, combinatorics, and statistics.
  2. Bootcamp in Computer Security

12

 

13

Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-C.

Before the class:

  1. Make sure to set up the Top Hat app on your smartphone, get a student account, and join this course.
  2. Study Bootcamp in Computer Security up to but not including slide on "Steps of Improving Security" (arouind 42).

In the class:.

  1. TopHat quiz on Bootcamp in Computer Security up to but not including slide on "Steps of Improving Security" (arouind 42).
  2. Finishing Bootcamp in Computer Security

14
3

17

 

 

18

Before the class:

  1. Study Bootcamp in Computer Security up to and including Design
    2. Principle 4.
  2. Study Introduction and Threat Models (from minute #5:40 to 50) (notes)

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Finishing Bootcamp in Computer Security

19

20

Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-F.

Before the class

  1. Study Bootcamp in Computer Security
  2. Study Chapter 1 from Anderson.

In the class:

  1. TopHat quiz on the material presented in the previous class (if any) and to be studied before this class.
  2. Discussing problems related to the material studied for the class.
    1. Design principles followed by iOS security

21

 

4

24

 

 

25

No class. Independent work on term paper proposal.

 26

27

No office hours this week.

No class. Independent work on term paper proposal.

28

 

 

October
Week # Monday Tuesday Wednesday Thursday Friday
5

1

Instructor office hours, 1 PM - 2 PM, KAIS 4047. Check-in with students with first names starting with A-I.

2

Before the class

  1. Study Cryptography 101: Goals, Basics, Substitution Ciphers
  2. Study all micro-modules of ancient cryptography and then study and pracrtice all parts of Ciphers module

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discuss problems on the material studies for the class.
  3. Discuss Adversary Models

 

 

 

3

 

4

Term paper proposal presentations.

5

Term paper proposals due to Kosta via turnitin.com by 9 PM.
6

8

9

Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-L.

Before the class:

  1. Study Random Oracle model and its versions for hash functions, block ciphers, and stream ciphers by reading Anderson: Sections 5.1-5.3.
  2. Study introduction to modern cryptography, videos 1, 2, 3.
  3. Study introduction into stream ciphers, videos 1, 2, 3.
  4. Study random number generators video 1.
  5. Study block ciphers Introduction video.
  6. Study AES
    1. videos 1 and 2.
    2. AES demos.
    3. Watch a narrated demo of AES.
  7. Optionally, study videos AES Parts 3-15 from applied crypto playlist.

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of problems on the application of the studied material.

10

11

Before the class:

  1. Study modes of operations for block ciphers: 
    1. By watching videos ECB & CBCCBCCFBCTR, and
    2. By reading Anderson's Section 5.5.
  2. Study Asymmetric Crypto Primitives by reading Anderson's Section 5.7.
  3. Study Diffie-Hellman key exchange protocol with this very affordable videos.
  4. Study key establishement video lectures by Stamp: 9.1-9.29.39.3.19.3.2-9.3.39.3.4-9.3.59.3.69.49.6 (from 9:30).

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of problems on the application of the studied material.

12
7

15

 

 

 

16

Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-O.

Before the class:

  1. Study real-world security protocols, as presented by by Stamp: 10.1-10.210.310.3.1-10.3.310.5-10.5.110.5.2-10.5.310.6.1-10.6.310.6.2-10.6.510.7-10.7.110.7.2-10.7.310.7.4-10.8.
  2. Watch WEP vs. WPA explanation.

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of the material studied for this class.

17

18

Before the class:

  1. Study N. Unger et al., "SoK: Secure Messaging," in IEEE Symposium on Security and Privacy (SP), San Jose, CA, 2015, pp. 232-249.

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of the material studied for this class.

19

 
8

22

23

Before the class:

  1. Study these How BitCoin works under the hood.
  2. Study J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll and E. W. Felten, "SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies," Security and Privacy (SP), 2015 IEEE Symposium on, San Jose, CA, 2015, pp. 104-121.

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of the material studied for this class.

 

24

25

Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-R.

Before the class:

  1. Study MIT's video lecture on User Authentication (notes).

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of the material studied for this class.

 

26

 

November
Week # Monday Tuesday Wednesday Thursday Friday
9

October 29

October 30

Before the class:

  1. Study "The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes." IEEE Symposium on Security and Privacy (2012): pp. 553–567.

During the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of the material studied for this class.

October 31

November 1

Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-U.

Before the class:

Study video lectures on usable security:

  1. Lecture 1: Introduction.
  2. Lecture 2: Design.
  3. Lecture 3: Evaluating usable security design.

During the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of the material studied for this class.

 

 

 

2
10

5

6

Before the class:

  1. Study video lectures on usable security:
    1. Lecture 4: Guidelines for Secure Interaction Design.
    2. Lecture 5: Usable Authentication.
    3. TED Talk "What's wrong with your pa$$w0rd?"
  2. Study sections 1-3.1 of "Usable Security: History, Themes, and Challenges"

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of the material studied for this class.

 

7

8

Instructor office hours, 11 AM - 12 PM, KAIS 4047. Check-in with students with first names starting with A-Z.

Before the class:

  1. Sections 3.2-5 of "Usable Security: History, Themes, and Challenges"

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of the material studied for this class.

9

Term paper prefinal drafts due 9 PM.
11

12

13

Before the class:

  1. Study Low Level Vulnerabilities and Exploits (from 25m50s to the end) (50 minutes total).
  2. Study Countemeasures to Buffer Overflow and Other Code Injection and Manipulation Attacks (1h40m).

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of the material studied for this class.

 

14

15

Instructor office hours, 11 AM - 12 PM, KAIS 4047.

Before the class:

  1. Study Security for the Web (1h42m).
  2. Study OWASP Top 10 Most Critical Web Application Security Risks (2017 edition).

In the class:

  1. TopHat quiz on the material to presented in the previous class (if any) and to be studied before this class.
  2. Discussion of the material studied for this class.

 

 

16
12

19

20

Before the class:

  1. Study video lecture on Designing and Building Secure Software (2h10m).
  2. Study video lecture on Penetration Testing (1h47m).

During the class:

  1. Top Hat Quiz on the study material for the class.
  2. Discussion of the study material.

21

22

Instructor office hours, 11 AM - 12 PM, KAIS 4047.

Before the class:

Study video lectures on the economics of cybersecurity:

Part 1: Basics

  1. A brief history,
  2. Introduction to economics,
  3. The economics of information goods,
  4. Security from an economic perspective,

During the class:

  1. Top Hat Quiz on the study material for the class.
  2. Discussion of the study material.

23

 
13 26

27

Before the class:

Study video lectures on the economics of cybersecurity (continued):

Part 2: Security Metrics

  1. What to measure?
  2. Measuring security levels,
  3. Metrics in practice,
  4. Metrics from incident data,

Part 3: Security Investment and Risk Management

  1. Information security strategy,
  2. Information security investment,
  3. Risk management,
  4. Operational security management.

Part 4: Market Failures

  1. Market failures,
  2. case study 1: Information sharing in incident response,
  3. case study 2: payment card security,
  4. Policy interventions,

During the class:

  1. Top Hat Quiz on the study material for the class.
  2. Discussion of the study material.

 

 28

29

Instructor office hours, 11 AM - 12 PM, KAIS 4047.

Before the class:

Study video lectures on the economics of cybersecurity (continued):

Part 5: Behavioural research into security & Policy Implications

  1. Prospect Theory,
  2. Heuristics and social persuasion,
  3. Consumer behaviour and deception,
  4. Security economics and policy,
  5. Behavioural economics of privacy.

During the class:

  1. Top Hat Quiz on the study material for the class.
  2. Discussion of the study material.
 30

 

December
Week # Monday Tuesday Wednesday Thursday Friday
14

3

 

4

Mini-conference 9:00-18:00, KAIS 2020/2030.

5

 

Term papers due 21:00

6

Instructor office hours, 3 PM - 4 PM, KAIS 4047.

Self-assessment of course participation due 23:59.

7
15

10

 

11

12

Final examination 3:30-6:00 PM.

13

 

 

14

 
16

17

18

19

20

21
17 24

25

26

 27

28

 


© 2003-2012 Konstantin Beznosov