COMP 4108 (Winter 2014): Computer Systems Security

Preliminary course outline, subject to change (other course outlines); last updated March 25, 2014.
Course website (for updates):

Course description (from official calendar): Introduction to information security in computer and communications systems, including network, operating systems, web and software security. Passwords, authentication applications, privacy, data integrity, anonymity, secure email, IP security, security infrastructures, firewalls, viruses, intrusion detection, network attacks. Lectures three hours a week. Prerequisites: one of COMP 3203 (Principles of Computer Networks) or SYSC 4602 (Computer Communications); and one of COMP 3000 (Operating Systems), SYSC 3001 (Operating Systems and Databases), SYSC 4001 (Operating Systems). Otherwise requires written instructor permission.

Instructor: P. Van Oorschot (Office Hrs: Tues 3-4, Wed 1-2, 5173HP)
TA: Adam Skillen (Office Hrs: Tues 11:30-12:30, Wed 10-11, 1170HP)
Lectures 4:00-5:30pm Tues+Thurs, 501SA (Southam Hall, Carleton).
Jan.7-Apr.8, 2014 excluding Feb.17-21 (winter break).

Textbook: Stallings and Brown, Computer Security: Principles and Practice, 2/e (blue cover, 2011); see also companion web site for additional online resources. You are strongly recommended to get access to a physical or electronic copy before the first class. Students seeking resources supplementary to the offical textbook may consider Gollman (2011) and other books on this list.

30%: Test 1 (Feb.4, in class).
30%: Test 2 (Mar.18, in class)
30%: Hands-on assignments (Labs 1-4 = 5% each; Lab 5 = 10%, due Apr.8). Students should regularly check the COMP4108 lab page for details and due dates for these programming-based assignments. Lab 1 available Jan.14, due Jan.28. Please email your student number to the course TA, askillen(at), to get your individual lab account userid/password (some of the lab page content is password-protected; the userid+password for that will be provided in class).
10%: Reading Responses (3) - see explanation below.
Bonus marks available: see below (under week 13).

Lab Access: Access to computing labs in Herzberg (HP) requires a Carleton University Campus Card, and is based on the courses you are registered in and the School's lab policy/lab schedule. We expect that lab assignments should also be possible by remote access using generic computing equipment.

Explanation of Reading Responses. For each specified research paper, a one-page, hard-copy critque must be handed it at the start of the specified class, followed by class discussion of the paper. The response is to include a 2-3 sentence overview of the paper rephrased in your own words, plus three brief criticisms of the reading (perceived shortcomings, points you disagree with, or suggestions for improvement). Support your criticisms as best possible within the available space.

Course objectives: to understand fundamental principles of computer security; to become aware of factors enabling computer systems to be exploited by attackers, and corresponding protection techniques and mechanisms; to understand practical threats and carry out simple security analysis useful in software and system development; to gain familiarity with basic concepts in systems security, with emphasis on authentication and operating systems security.

Attendance and Additional Information. Topics covered will be largely based on chapters in the course textbook, occasionally supplemented by additional material from the instructor as presented during individual classes; reading responses also require participation in the class. Students are thus expected to attend all classes, and are responsible for all items discussed in class.

=== University Policies (start) ===
Student Academic Integrity Policy. Every student should be familiar with the Carleton University student academic integrity policy. A student found in violation of academic integrity standards may be awarded penalties which range from a reprimand to receiving a grade of F in the course or even being expelled from the program or University. Some examples of offences are: plagiarism and unauthorized co-operation or collaboration. Information on this policy may be found in the Undergraduate Calendar.
Plagiarism. As defined by Senate, "plagiarism is presenting, whether intentional or not, the ideas, expression of ideas or work of others as one's own". Reported offences will be reviewed by the office of the Dean of Science.
Unauthorized Co-operation or Collaboration. Senate policy states that "to ensure fairness and equity in assessment of term work, students shall not co-operate or collaborate in the completion of an academic assignment, in whole or in part, when the instructor has indicated that the assignment is to be completed on an individual basis". Please refer to the course outline statement or the instructor concerning this issue. COMP 4108 addendum: Beyond any other standard university policies, any student submitting work including uncited portions originating from someone else, is subject to a mark of negative 100% on the entire work item. For example, if an assignment is worth 10%, the 10% is lost plus an additional 10% penalty, making the best possible course mark 80%. Both students may be penalized if the infraction involves copying from another student. Each student must write up submitted work individually unless explicitly allowed otherwise per official instructions (e.g., in group-based assignments).
Academic Accommodations for Students with Disabilities. The Paul Menton Centre for Students with Disabilities (PMC) provides services to students with Learning Disabilities (LD), psychiatric/mental health disabilities, Attention Deficit Hyperactivity Disorder (ADHD), Autism Spectrum Disorders (ASD), chronic medical conditions, and impairments in mobility, hearing, and vision. If you have a disability requiring academic accommodations in this course, please contact PMC at 613-520-6608 or for a formal evaluation. If you are already registered with the PMC, contact your PMC coordinator to send your course instructor your Letter of Accommodation at the beginning of the term, and no later than two weeks before the first in-class scheduled test or exam requiring accommodation (if applicable). After requesting accommodation from PMC, meet with your course instructor to ensure accommodation arrangements are made. Please consult the PMC website for the deadline to request accommodations for the formally-scheduled exam (if applicable) at
Religious Obligation: Write to the course instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to software and system developmest. For more details visit the Equity Services website:
Pregnancy Obligation: Write to the course instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details visit the Equity Services website:
Medical Certificate: The official medical certificate (form) accepted by Carleton University for the deferral of final examinations or assignments in undergraduate courses can be accessed from:
=== University Policies (end) ===

Topics Outline. Topics studied are drawn from those in the course description and textbook, supplemented as noted above. Details will be noted on the course website as the term progresses, updated on an ongoing basis. Outline of topics: Send comments to: paulv (insert @ here)