In this course we look at Security Engineering, the engineering principles behind designing and maintaining security. We look at selected case studies and the principles behind security models. We cover theory and then we look at how it is applied in current security practice. We'll pay particular attention to systems which fail. This course involves analysis, critical thinking, and design. A cunning and devious mind will help also.
This course provides a broad introduction to security engineering in general, and to computer security in particular. This includes scenarios such as:
This course provides an introduction to modern security design and is suitable for students with an interest in security. Most of the topics do not require any specific technical or computing background. We concentrate on analytical skills and an engineering approach to security design.
A number of other courses at UNSW cover topics that are complimentary to those in this course:
The list of topics covered in this course Security Engineering is available in the course schedule. This is likely to change somewhat from year to year to keep the coverage interesting and up-to-date. As you will see security has recently been and remains a rapidly changing field. The field is too big to cover everything in one subject but by the end you will have an overview of the major topics in contemporary security, a good understanding of the current state of play, and have started to think like a security engineer.
Our intention is to make this a highly enjoyable course. The field is a great deal of fun with puzzles, cunning, cloak-and-dagger antics and a never ending supply of great stories. However it will not be an easy course - you are expected to master the underlying theory *and* to be able to apply it to real world situations. That's a lot to learn and we expect you to work hard and learn it in your own time.
After completing this subject, you should be able to:
This course contains a number of core and elective topics. (The lecture topics are core, the seminar topics elective). You don't need to be able to program or have any specific technical background to be able to do the course. Some of the electives will require programming and familiarity with programming concepts such as stack frames and TCP/IP. Non-technical students can select other topics. In a few cases we refer to basic concepts from probability theory. Some of the topics involve working with cryptographic protocols require a little knowledge of algebra and modular arithmetic. A course in Discrete Maths is sufficient background for these mathematical topics.
Doing COMP3331/9331 (networks) and COMP3231/9201 (operating systems) in advance will help you in a number of the elective topics in this subject so do them if you can. We haven't made them compulsory prerequisites however as you only need to know a portion of the material they cover.
In general less background is ok PROVIDED THAT you are keen and prepared to teach yourself the things that you have missed in the electives you are interested in. Talk to your tutor if you have any questions about this.
Our teaching objectives for this course are to have students doing continuous independent research and learning in their own time throughout the entire session. This is not a course where you can do little work throughout session and then cram for the final exam. You will need to be active in your learning each week.
There is weekly homework consisting of readings and a tutorial to discuss the readings, researching and writing regular analytic reports, and practical homework exercises.
Topics are introduced in lectures. You will need to do further work after the lecture to master the topics.
The major assessment item is the group project (=seminar presentation and report). You will need to meet regularly with your group and start to plan and prepare your project well in advance. We do not chase you up on this - you will need to manage your own time.
The final mark will be composed of the following
In this subject the purpose of lectures is to introduce you to the concepts covered, show where they fit in the overall scheme of things and provide motivating examples to help you understand them. They will not be comprehensive. You will need to do additional work outside of lecture time to master the subject.
Lecture notes are available via the subject wiki. These are only in point form and do not contain detail. They are designed to be printed out just before the lecture to provide a framework for your note taking, and for jogging your memory afterwards.
Note that as the published notes only provide an outline of the material we cover, they are not an effective replacement for attending lectures or for making your own notes. You will need to attend lectures and make your own detailed lecture notes to do this subject effectively. You are expected to do private reading after the lecture.
I want those last points to be very clear. You will need to attend lectures, take notes, and do additional study in order to master this subject. You will NOT be able to skip lectures and print out the lecture slides during stuvac and be able to pass the subject.
Tutorials start in week 2. You will have booked your tutorial time online when you enrolled. Check times shortly before the course starts even if you selected a time at the start of the year since available times may have subsequently changed.
Each tutorial involves some reading, which you must do before attending the tutorial. In your tutorial you will discuss the reading for that week. The reading will be announced by the Friday before the tutorial. Bring some rough notes of your thoughts on the reading along with you and the readings themselves where that might be useful.
There will also be some tutorial questions to help you practise your analytical skills. The questions will usually be released shortly before the tutorial, bring a printout of the questions along with you to the tutorial with you.
There are participation marks for effective participation. Some questions in the final exam will be related to the tutorial questions and readings and discussion topics.
Your tutorial time is also an important opportunity to find out from your tutor what they expect from you in your written reports and to ask for their thoughts and mentoring advice for your seminar preparation.
If you are having groupwork problems you should attempt to fix these and raise it with your tutor at the earliest possible moment. We want you to work actively to fix your groupwork problems, not to remain unhappily silent and then complain about it afterwards when it is too late to improve the situation.
By default, everyone in your group will get the same mark. Part of effective groupwork is managing your group. If someone in your group is not participating or pulling their weight then it is up to the group to work out ways to fix this. Only in extreme cases, at the total discretion of your tutor, will the marks be not distributed evenly. Effective groups identify and attempt to resolve groupwork problems early. If you first alert your tutor to a groupwork problem after the due date then there can be no adjustment. If you alert them up to one week before the due date up to 25% of the mark can be redistributed. If you alert them two weeks in advance and then you attempt to solve the problem and then you alert them again one week in advance then up to 50% can be redistributed. And likewise up to 75% and 100% for up to 3 and up to 4 weeks in advance.
Make sure you organise your group work in your group's private part of the forum or on private pages of the class wiki as postings there will be the evidence used for assessing the degree of participation etc in cases of dispute. If it isn't in the wiki or forum we can't (and won't attempt to) verify who did how much work.
Lectures will introduce you to the core content of this subject, and the extended content is covered in weekly seminars. Seminars start in week 3, Student groups seminars start in week 3.
Seminars are prepared and presented by groups of around 4 students. Groups are expected to carefully research their topic and in their seminar give a clear and detailed explanation of it to the remainder of the class. Each seminar lasts 25 minutes, including some time (5 minutes) at the end for questions and answers. The seminar group also produces supporting material on the wiki.
Seminar groups will be formed within tutorial classes. You tutor will tell you your group in your first tutorial. Scheduling information for the various seminars is given in the course Schedule. if you ask them to you tutor will mentor you and give you advice about how your presentation and lab is looking. Make sure you keep them informed of your progress and seek feedback from them regularly. This is your responsibility not theirs.
The seminar is assessed as groupwork and all members of a group (except in highly unusual circumstances) are awarded the same mark. The entire class votes on the quality of each seminar and the corresponding material. We consider this feedback when we award the seminar mark (eg each year so far we have awarded a mark equal to the class voting score to 80% or more of the groups).
If you need help email or speak to your tutor in the first instance. If you need help with the subject material you may also ask on the forum where another student or tutor may be able to provide help.
If your tutor can't help you with an admin matter email meyden@cse.unsw.edu.au and take care to include ``COMP3441'' in the message header.
In a previous session in this course we penalised over 50% of student submissions for plagiarism! Penalties ranged from 0 for the assignment to 0Fail for the entire subject. Many students did not appear to understand what is regarded as plagiarism. This was no defense. Before submitting any work you should read and understand the following very useful guide by the Learning Centre How Not To Plagiarise (see Lecture 1).
All work submitted for assessment must be entirely your own work. We regard unacknowledged copying of material, in whole or part, as an extremely serious offence.
In this subject submission of any work derived from another person, or solely or jointly written by and or with someone else, without clear and explicit acknowledgement, will at the very least result in automatic failure for the subject and a mark of zero for the subject. Note this includes including unreferenced work from books, the internet, etc.
Do not provide or show your assessable work to any other person. Allowing another student to copy from you will, at the very least, result in zero for that assessment. If you knowingly provide or show your assessment work to another person for any reason, and work derived from it is subsequently submitted you will be penalized, even if the work was submitted without your knowledge or consent. This will apply even if your work is submitted by a third party unknown to you. You should keep your work private until submissions have closed.
If you are unsure about whether certain activities would constitute plagiarism ask us before engaging in them(!)
Copying without consent, severe, or second offences will result in automatic failure, exclusion from the university, and possibly other academic discipline. These are not idle threats, we search the internet and use plagiarism detection software and a range of search engines to hunt for non-original work.
See also the latest version of the Unix Primer and the Yellow Form and the faculty and university plagiarism policies for additional information. If the penalties set out on this page, the Unix Primer, the Yellow Form, the school, faculty, or university plagiarism policies differ for any situation, the more severe penalty applies.
Note that we have experienced cases of plagiarism where the code has been copied from printouts or floppy disks/CDs/USB sticks that have been lost in the lab or stolen from the computer or printer. Generally it is your responsibility to prevent other students from accessing your files, but if you lose work in this way, email your tutor immediately, so that the guilty party in any subsequent plagiarism issues can be determined.
Late Penalties of 10% per working day late will be applied to work submitted after a deadline. That is, your grade will be calculated as MAX(0,Grade - (No_days_late*full_marks/10)).
When you submit work via the wiki, it will be timestamped, and the assessor of your work will take that timestamp into account in determining a late penalty. Therefore any changes that you make after the deadline will be treated as a late submission.
We may sometimes release student material for other students to see. In this case you will be asked for an appropriate authorization and given an opportunity to anonymize the material if you so wish, as well as to provide us with publication copyrights.
Cameras are not permitted in the theatre. Video recordings of lectures are not permitted to be made. Sound recordings are not permitted to be made without express written permission from the lecturer. In all cases any recordings must only be for single personal use and not distributed or made publicly available.
Students whose exam performance is affected by serious and un-foreseeable events outside their control can apply at the student centre for special consideration. If special consideration is granted you will be able to sit the supplementary exam.
Special consideration does not mean we adjust your marks, it means that we permit you to sit the supplementary examination. If you apply for special consideration after the cut-off date set by the university or after the supplementary exam has been held then it will not be granted. Furthermore, special consideration will only be granted when each and every other component of the course (eg tutes, wiki, labs, seminar) has been attempted and satisfactorily completed (passed).
A supplementary examination will be held soon after the results have been released. If you think that you may be eligible for the Supplementary Examination, make sure you are available around that time. Be careful not to plan any overseas travel at that time. If you can't attend the sup exam you will not be offered a second chance.
It is your responsibility to check your email, the CSE website, and to contact the CSE school office for details of Supplementary Examinations. If you think there is any chance you might be eligible for a Supplementary Exam then you should prepare for it. Requests such as "I didn't find out until the day before the sup exam that I could sit the sup exam, so I need more time to study" or "I have to go overseas at that time and I have already purchased the tickets so can you write and administer a special sup sup exam just for me" will not be granted.
You can inspect the current state of your mark record by using the command
3441 classrun -sturec
Check your record frequently and make sure you contact us promptly if you do not agree with it.
All marks must be finalised by the end of stuvac. If you think there is a problem with any of your marks (eg wiki, tutorial, reports, homework, seminar) then you need to advise us by emailing meyden@cse.unsw.edu.au within two weeks of the mark being released, and, in all cases before the end of stuvac. No marks will be changed after the end of stuvac.
This subject has a "Good Faith Policy". This means we expect you to act in good faith at all times. We expect you to be a good citizen. To not invade, alter or damage the property of others including the university, invade the privacy of others, break any laws or regulations, annoy other people, deprive others of access to resources, breach or weaken the security of any system, or do or omit to do anything else which you know or suspect we would not be happy about. Furthermore you are not to do anything which appears OK by a loophole or a strict interpretation of "the letter of the law" but which is not consistent with the spirit. You must not act in any way so as to bring disrepute to the reputation of the teaching staff, fellow students, the subject, the school, the university, or the profession.
If you are unsure, ask!
If, in our sole discretion, we feel you have violated the Good Faith Policy you will be awarded 0 Fail for the subject. Further penalties may apply also depending on the nature and severity of the violation. Students who have violated the Good Faith Policy will not be permitted to re-enroll in future offerings of the subject.
Students who are found (or who have previously been found) guilty of academic or computer related misconduct or any other activity which casts doubt on their ability or willingness to comply with the Good Faith Policy will be disenrolled and will be not permitted to re-enroll in future offerings of the subject. If you have ever been found guilty of such an activity you must disclose it to the lecturer in writing immediately.
Important notices related to this course may be displayed on the subject home page from time to time. It is your responsibility to check this page regularly. The URL is: http://www.cse.unsw.edu.au/~cs3441/.
Sometimes urgent information may also be sent to you by email. Make sure you pay careful attention to any email you receive. All official email will be sent to your cse email address. If you prefer to read your mail at some other address you will need to redirect your mail, for example by using mlalias. Ask your tutor if you need help doing this.
Additional information will be provided in the subject Forum and elsewhere on the 3441 site as the session progresses. Lecture notes and supporting material will be made available via the subject wiki. You should explore the course web site, and read the stopPress, wiki, forums, and this page regularly for updates.
After the 2006 offering of the course we conducted a pretty extensive post mortem (whose data and results we published to the students from that session). As a result of that post mortem we have reduced the course face to face time, merged tutes and labs, scrapped the scrapbook, and adjusted numerous other things in the way the course is run.
There was no 2007 offering. In 2008 we gathered feedback at the end of the course in the usual manner plus several students took to trouble to write fairly detailed letters outlining their experiences with the course and making some very helpful suggestions. The main problem identified by these sources of feedback was that students needed more feedback and guidance in what we mean by analysis and how to produce effective written reports. As a result of this feedback we are running weekly tutorials this year which will focus on analysis and discussing regular written reports. Students also requested more time to complete the practical exercises (called labs in 2008) so this year they are due the following Tuesday rather than the Friday before that.
In a more general way we realised that the course needed to be split into a number of different courses if we were to retain the level of depth we have been providing and which students give strong feedback that they like. This year we have split off much of the hands on lab work into a companion course COMP9447 Security Engineering Workshop which has the luxury of being able to focus on this in even greater depth than previous offerings of 3441. This change has allowed us to give a more detailed coverage of security engineering in comp3441, and also to remove the technical prerequisites and throw the course open to students in other schools and faculties with an interest in designing or analysing systems with security requirements.
We have also somewhat reduced the workload for the course, going from 6 contact hours per week to 5, reducing the size of the weekly practical work and the requirements for seminar groups, and having the practical exercises shared across the whole seminar group which should at least halve that workload.
With a change of lecturer for the 2010 edition, fine details of the subject content have been reviewed during session 1 2010, and further revisions are expected to be made. While appropriate texts for the perspective that we take on the field have been slow to emerge, the field is maturing and there are now some good books, so one of the changes for 2011 is the introduction of a set text.