COMP5618: Applied Cybersecurity (2017 - Semester 2)
|Unit:||COMP5618: Applied Cybersecurity (6 CP)|
|Faculty/School:||School of Information Technologies|
Dr Holz, Ralph
|Session options:||Semester 2|
|Versions for this Unit:|
|Site(s) for this Unit:||
|Pre-Requisites:||[Special permission by the School of IT].|
|Brief Handbook Description:||Digital technologies permeate every part of our lives. The internet has created a more open society, allowing us to create, share and access information and knowledge freely. As more of the services we rely on are digitised and available to use over the web, the more our identity, productivity, access to information, connectivity, social connections and financial well-being depends on information security. Consequently, a deep understanding of both offensive and defensive security techniques is fast becoming essential knowledge for a career in computing.
This course will provide in-depth knowledge of offensive security that will prepare the student for work in any technical field where they will are responsible for the development or maintenance of sensitive systems. The course begins by introducing the basic tools used by hackers, before highlighting the common weaknesses- and mitigations- for various levels of the technology stack, such as web applications, operating systems and corporate networks. Finally, students are provided practical insights into careers in information security in the areas of attack detection, prevention and defence. Students will develop the skills necessary to both gain access to test computers and to defend test networks from attack.
|Assumed Knowledge:||ELEC5616 OR INFO2315. with a CR+ grade|
|Additional Notes:||This unit has a maximum enrolment size of 24 students.|
|Department Permission||Department permission is required for enrollment in this session.|
|Tutor/s:||there will be some guest lecturers and tutors from the local IT industry (e.g. Commonwealth Bank and Atlasssian)|
|T&L Activities:||Students will participate in weekly three-hour lab sessions that include 30-60 minutes of lecture material interspersed with practical exercises. During each lab tutorial, academic papers will be distributed that relate to the following week’s topics. At the beginning of each lab, the paper from the previous week will be reviewed by the tutor, before a practical example relating to the topic will be performed by the students.
This course includes a ‘Capture The Flag’ (CTF) competition whereby students will attempt to gain access to various computers to collect a piece of privileged information and submit it for additional marks.
Students will be provided access to a live-boot persistent Kali Linux USB drive to be used as their ‘attacking’ system, and a network-based host which they use to practice defence..
Attributes listed here represent the key course goals (see Course Map tab) designated for this unit. The list below describes how these attributes are developed through practice in the unit. See Learning Outcomes and Assessment tabs for details of how these attributes are assessed.
|Attribute Development Method||Attribute Developed|
|Designing system security measures as part of the second assignment||Design (Level 4)|
|Lectures and labs on security concepts at various system levels; practical assignment on penetration testing and defence||Engineering/IT Specialisation (Level 4)|
|System security analysis as part of the penetration testing assignment||Maths/Science Methods and Tools (Level 4)|
|Research and review of a paper on a real-world security incident||Information Seeking (Level 4)|
|Presentation of the analysis of the incident review paper and final oral examination||Communication (Level 4)|
|Assignment on security defence; lab work with secure code warrior||Professional Conduct (Level 4)|
For explanation of attributes and levels see Engineering & IT Graduate Outcomes Table.
Learning outcomes are the key abilities and knowledge that will be assessed in this unit. They are listed according to the course goal supported by each. See Assessment Tab for details how each outcome is assessed.Communication (Level 4)
This course features several practical exercises throughout the semester. The preparation and configuration of these weekly tasks is assessed with the Participation mark of this unit.
On multiple weeks of the semester, penetration testing tasks are given out as part of a `capture the flag`-style competition which in combination are marked as the Penetration Testing assignment. In Week 10, students will also be tasked to secure a given system to defend against some penetration tests (Penetration Defence assignment). In Week 7, students have to review an security incident use case provided in paper form.
Throughout the whole semester, students will have access to the `Secure Code Warrior` which consists of a series of online exercises about security issues and code review, which can be worked on as homework.
The Security Incident Paper Review will include to write a short summary essay about a real-world security incident and to give a brief overview presentation about this incident to the class.
The final exam in the examination period will be an oral exam on all aspects of the course, but in particular focussing on the understanding of the students of the covered security technologies and measures.
|Policies & Procedures:||IMPORTANT: School policy relating to Academic Dishonesty and Plagiarism.
In assessing a piece of submitted work, the School of IT may reproduce it entirely, may provide a copy to another member of faculty, and/or to an external plagiarism checking service or in-house computer program and may also maintain a copy of the assignment for future checking purposes and/or allow an external service to do so.
See the policies page of the faculty website at http://sydney.edu.au/engineering/student-policies/ for information regarding university policies and local provisions and procedures within the Faculty of Engineering and Information Technologies.
|Online Course Content:||Slides and reading material will be available online on the unit`s Learning site, and on the `Resources` page of the unit`s discussion site on Piazza at: http://piazza.com/sydney.edu.au/semester22017/comp5618|
Note that the "Weeks" referred to in this Schedule are those of the official university semester calendar https://web.timetable.usyd.edu.au/calendar.jsp
|Week 1||Reading: Introduction and Basic tools (readings)|
|Week 2||Lecture/Tutorial: Getting Started and Web Applications 1: The Software Stack|
|Week 3||Lecture/Tutorial: Web Applications 2: Common Threads and Vulnerabilities|
|Week 4||Lecture/Tutorial: Mobile Applications: iOS|
|Week 5||Lecture/Tutorial: Mobile Applications: Android|
|Week 6||Lecture/Tutorial: Operating Systems: Windows|
|Week 7||Lecture/Tutorial: Operating Systems: Linux|
|Assessment Due: Security Incident Paper Review|
|Week 8||Lecture/Tutorial: Infrastructure 1: The Cloud and Virtualisation|
Lecture/Tutorial: Infrastructure 2: Commonly Targeted Services
Semester break between Week 9 and Week 10.
|Week 10||Lecture/Tutorial: Physical & Social Security Threads|
|Assessment Due: Assignment 2: Penetration Defence|
|Week 11||Lecture/Tutorial: Incidence Report|
|Week 12||Lecture/Tutorial: The Industry and Security for the Internet of Things|
|Week 13||Lecture: UoS Review|
|Assessment Due: Assignment 1: Penetration Testing|
|Exam Period||Assessment Due: Final (Oral) Examination|
The following is a list of courses which have added this Unit to their structure.
This unit contributes to the achievement of the following course goals:
|Communication (Level 4)||Yes||3%|
|Professional Conduct (Level 4)||Yes||24%|
|Information Seeking (Level 4)||Yes||2%|
|Maths/Science Methods and Tools (Level 4)||Yes||26.25%|
|Engineering/IT Specialisation (Level 4)||Yes||24.25%|
|Design (Level 4)||Yes||20.5%|
These goals are selected from Engineering & IT Graduate Outcomes Table which defines overall goals for courses where this unit is primarily offered. See Engineering & IT Graduate Outcomes Table for details of the attributes and levels to be developed in the course as a whole. Percentage figures alongside each course goal provide a rough indication of their relative weighting in assessment for this unit. Note that not all goals are necessarily part of assessment. Some may be more about practice activity. See Learning outcomes for details of what is assessed in relation to each goal and Assessment for details of how the outcome is assessed. See Attributes for details of practice provided for each goal.