Syllabus

Course Title and Description

CPEN 442, “Introduction to Cybersecurity,” is a fourth year undergraduate elective course that introduces students to the subject of cybersecurity from the technical, economic, and human points of view. The purpose of this course is to help students in learning the principles of cybersecurity in general and of designing secure systems in particular.

For the course description and pre/co-requisites, see the entry for CPEN courses in UBC Academic Calendar.

Registration restrictions: see the course entry in the UBC Course Schedule.

Announcements: All announcements for the course are made during sessions and on Piazza site of the course. It’s expected that all students check discussion topics every working day.

Contact Information

For all enquiries, contact teaching staff of the course by sending a private message to the teaching staff on Piazza site of the course.

Course Instructor

Prof. Konstantin Beznosov, Ph.D., PEng. Office hours: online,  see course calendar for times.

Teaching Assistants

Masoud Mehrabi Koushki, Ph.D. candidate. Office hours: online, see course calendar for times.

Borke Obada, Ph.D. candidate. No office hours.

Course Structure, Activities, and Assessment

In order to pass the course, each student must complete the following modules:

  1. Term Project

    Students will be responsible for a final project. You should work in groups of 4 students. There should be no more than one graduate student in each group. Contribution of each student to the term project will be evaluated by the other team members via iPeer, and prorated accordingly to the scores given by the other teammates.

    The nature and the topic of the project is your choice, although it needs the approval of the teaching staff. There will be a number of security analysis projects with UBC IT or industry. Also, for inspiration, you might want to look at the list of potential project topics found at the page of the term project module. Also, projects done by students in the previous years might help you to figure out the best scope and the technical level of your project. We will generally approve interesting topics about network, computer, or software security.

    Your group will need to present the project proposal and submit a two-page written proposal with an initial bibliography (please see the course calendar for exact deadline information). It is highly advisable to get going early; we will gladly accept proposals before the deadline. This assignment gives us a chance to review and approve your project proposal, and to suggest references that you may have overlooked.

    We also encourage you to arrange a short meeting with the course staff to discuss what you want to do for the project. See the course calendar for the deadline for such a meeting.

    One or two whole days will be devoted to short presentations of each term project. You will submit a written report on your project and a video clip.

  2. Home and labs assignments

    The are will be several problem sets posted about one week before the corresponding due dates. Most assignments are to be submitted through Canvas.

    There will be both individual and group problem sets. You are to work on group problem sets and term projects in same groups. One problem set will be turned in by each group, and one grade will be given for each assignment. You must work in groups; assignments turned in by individuals or pairs will not be accepted. Be sure that you understand and approve the solutions turned in to each problem. Get your group organized as soon as you can, and email the composition of your group to the teaching staff. Contribution of each student to the group assignments will be evaluated by the other team members via iPeer.

    If you have trouble finding a group, contact the staff. To prevent your group from falling apart, make sure everyone participates and that you all communicate on a regular basis. If you have a problem with a group-mate, talk to him/her first. If you are unable to make a compromise or your group does fall apart, talk to the staff.

    Labs/Tutorials (location and times) are for the students (1) to learn in more details some of the material that will help them in their home assignments, (2) to ask one of the TAs clarification questions about home assignments and term projects, as well as the course content, and (3) to meet their term project team.

  3. Presentation of the term projects (mini-conference)

    Each group will present their term project to the rest of the class during a mini-conference at the end of the course. A tutorial on successful presentations will be held (see the course calendar for the date).

  4. Quizzes

    In-class quizzes: There will be quizzes in most class sessions. Quizzes will test your knowledge of the study material. See the course calendar for the quiz dates. In-class quizzes will be given during the first or last 10 minutes of the class. As such, students who start the quiz late, will have whatever time left before the quiz gets unpublished 10 minutes after the start. This policy aims to to avoid situations when a student starts their quiz when almost everyone else has finished the quiz and now the whole class has to wait for that late student.

    Only for in-person classes
    : To do in-class quizzes, each student will need to have (1) laptop compatible with Respondus Lockdown Browser, (2) this Lockdown Browser installed on their laptop, and (3) logged into the course on Canvas. It’s the responsibility of each student to be ready for the quiz at the beginning of each class.

    Entrance Quiz:
    This quiz is given on the second session of the course and it helps students to assess their own skills and required knowledge in relation to the expectations for the course. The quiz tests (1) students’ knowledge that they are expected to learn in prerequisite courses, and (2) their ability to study course material. Those students who score 75% or more on the quiz, will receive full credit for the quiz. Other students will receive no credit for the quiz.

  5. Midterm and Final Examinations

    There will be one mid-term and one final open-book examinations. See the course calendar for the mid-term examination date. The date of the final examination will be set and announced by the UBC services. It’s the student’s responsibility to know the date, time, and location of the final examination.

  6. Sessions

    When: Tuesday and Thursday, from 2:00 PM to 3:20 PM; September 10 to December 3, 2020.
    Where: online.

    Sessions will be a mix of lectures, flipped-classroom, Q&A, discussions, group and individual activities. You are highly encouraged to participate actively since this will improve your understanding and retention of the material. Attendance is mandatory and might be recorded. It is your responsibility to be aware of any announcements made during sessions and to know the material presented and discussed at the sessions.

  7. Participation

    Every student is expected to participate actively in the sessions and/or online discussions carried on between sessions on the discussion group of the course.

  8. Self-Study Before and After the Class Sessions

    Each student is expected to study all required material for each class. There will be also optional study material for some sessions, which will help you to gain deeper and/or broader understanding of a particular topic.

Grading

Grading will be done according to the following break-down:

Module
Grade %
Entrance Quiz (5 points will be given only to those who get 75% or more on this quiz). 5
In-class participation
6
In-class quizzes
15
Mid-term examination 7
Final examination
14
Term project proposal presentation & write-up (G)*
5
Term project presentation at the mini-conference (G)
5
Term project report (G)

Pre-final draft of the report, which contains all part of the report required, according to the project type: design, analysis, implementation.

7

Final report (all the sections, according to the project type: design, analysis, implementation)

14
Project video clip (G) 4
Home assignments and labs (both group and individual)
18

* group elements of the final mark are indicated with (G)

If the mean final mark for the cohort is less than 75%, the final mark of each student in the cohort will be pro-rated so that the mean final mark will be 75%.

Students in those term project groups that win best and second-best prizes for their work on the projects (see mini-conference page for the details) will receive bonus marks.

Grading of Group Work

Individual marks for group work (e.g., group homework assignments, project proposals, project presentations, and project reports) is based on the group mark G (given by the teaching staff) and the teammates’ evaluations of individual student’s contribution (given by the team mates). Teammates’ evaluations are provided through iPeer. The course calendar lists deadlines for submitting these evaluations. These deadlines are usually few hours after the submission deadline. Late submissions of the evaluations on iPeer are not accepted. If a student did not submit their evaluations of the teammates, individual marks of each student in the corresponding team are calculated as if that student assessed equally the contributions of their teammates. Based on the teammates’ evaluations of individual student’s contribution, each student S gets such a contribution coefficient Cs that¬† (C1+C2+C3+C4)/4 == 1. The individual mark of student s is Is == G*Cs. Therefore, if no student from the team has submitted an evaluation on iPeer, each student gets mark Is==G.

Course Content

For the list of topics to be covered in the course and their schedule, see the course calendar.

Course Learning Outcomes

On completion of this course, students are expected to be able to:

  1. Describe the main areas of cybersecurity,
  2. Describe similarities and differences among various symmetric and public key
    cryptographic techniques,
  3. Explain and compare main access control models,
  4. Describe main types of security policies,
  5. Articulate the principles of designing secure systems,
  6. Articulate the defense methods against malicious logic,
  7. Explain economic factors that influence security of systems and IT infrastructures,
  8. Reason about human and social factors influencing the security of systems,
  9. Explain the types of vulnerabilities that are commonly exploited for compromising software systems, and the corresponding countermeasures.

Study Materials

All study materials can be purchased in (online and offline) bookstores.

  1. Mark Stamp, Information Security : Principles and Practice, Second Edition, Wiley-Interscience, 2011. This textbook is also available online through UBC Library here (CWL is required).
  2. (recommended) Anderson, Ross. Security Engineering — A Guide to Building Dependable Distributed Systems. John Wiley & Sons, 2008, Second Edition. See free chapters from this book online.
  3. (recommended. Some of the assigned reading will be from this book) Paul C. van Oorschot, Computer Security and the Internet: Tools and Jewels, 2020, Springer. 365 pages plus frontmatter. See free chapters from this book online.

Course Policies

Quizzes Policy

  1. All quizzes are open-book and must be taken in the class. Each student is required to have a laptop or some other devices suitable for taking a quiz via Canvas.
    Only for in-person offerings of the course: If a student fails attendance check during or right after/before the quiz, the student will receive no credits for that particular quiz.
  2. In-class quizzes will be given during the first or last 10 minutes of the class. As such, students who start the quiz late, will have whatever time left before the quiz gets unpublished 10 minutes after the start. This policy aims to to avoid situations when a student starts their quiz when almost everyone else has finished the quiz, and now the whole class has to wait for that late student.
  3. No make-up quizzes will be given, irrespectively of the reason for missing the quiz. Instead, each student will get up to 20% extra of the quiz mark for the final mark in the course.
  4. Those students who score 75% of more on the Entrance Quiz, will receive full credit for the quiz. Other students will receive no credit for the Entrance Quiz.

Assignments Policy

  1. One assignment with worst mark will NOT be used for calculating the assignment portion of your final mark in the course.
  2. No make-up assignments will be given for those who missed them. irrespectively of the reason for missing the exam/quiz.

Late Submission Policies

Unless specified otherwise, late submissions of assignments, proposals, reports and other work are accepted and the following penalty scheme is applied to late submissions, irrespectively of the reason for the late submission: The mark for a late submission is reduced by 5% for each late hour or any portion of it. ABSOLUTELY NO EXCEPTIONS WHATSOEVER!

Examples:

  • a work submitted 1m late will get mark of 95%, at most.
  • a work submitted 1h15m late will get mark of 90%, at most.
  • a work submitted 9h1m late will get mark of 50%, at most.
  • a work submitted 15h5m late will get mark of 10%, at most.

Examinations Policies

  1. Both mid-term and final examinations are open-book.
  2. No make-up mid-term exam will be given, irrespectively of the reason for missing the exam.
  3. If a student misses mid-term examination, their mid-term mark will be the same (percentage wise) as their final examination mark.
  4. If a student misses final examination, their final exam mark will be 0 and they will fail the course, unless UBC Administration grants this student deferred examination option.

Academic Integrity

All students are expected to engage in all course activities within the norms of academic integrity. It is the responsibility of each student to know about academic integrity and plagiarism by studying materials of the UBC’s Academic Integrity Resource Centre. A description of disciplinary measures for academic misconduct can be found here.

University Policies

UBC provides resources to support student learning and to maintain healthy lifestyles but recognizes that sometimes crises arise and so there are additional resources to access including those for survivors of sexual violence. UBC values respect for the person and ideas of all members of the academic community. Harassment and discrimination are not tolerated nor is suppression of academic freedom. UBC provides appropriate accommodation for students with disabilities and for religious, spiritual and cultural observances. UBC values academic honesty and students are expected to acknowledge the ideas generated by others and to uphold the highest academic standards in all of their actions. Details of the policies and how to access support are available here.

Statement From UBC Provost About Academic Freedom and Online Course Offerings

During this pandemic, the shift to online learning has greatly altered teaching and studying at UBC, including changes to health and safety considerations. Keep in mind that some UBC courses might cover topics that are censored or considered illegal by non-Canadian governments. This may include, but is not limited to, human rights, representative government, defamation, obscenity, gender or sexuality, and historical or current geopolitical controversies. If you are a student living abroad, you will be subject to the laws of your local jurisdiction, and your local authorities might limit your access to course material or take punitive action against you. UBC is strongly committed to academic freedom, but has no control over foreign authorities (please read an articulation of the values of the University conveyed in the Senate Statement on Academic Freedom). Thus, we recognize that students will have legitimate reason to exercise caution in studying certain subjects. If you have concerns regarding your personal situation, consider postponing taking a course with manifest risks, until you are back on campus or reach out to your academic advisor to find substitute courses. For further information and support, please read UBC position on the Freedom of Expression.