Note: This unit version is currently under review and is subject to change!

COMP5618: Applied Cybersecurity (2019 - Semester 2)

Download UoS Outline

Unit: COMP5618: Applied Cybersecurity (6 CP)
Mode: Normal-Day
On Offer: Yes
Level: Postgraduate
Faculty/School: School of Computer Science
Unit Coordinator/s: Seneviratne, Suranga
Session options: Semester 2
Versions for this Unit:
Site(s) for this Unit:
Campus: Camperdown/Darlington
Pre-Requisites: None.
Brief Handbook Description: Digital technologies permeate every part of our lives. The internet has created a more open society, allowing us to create, share and access information and knowledge freely. As more of the services we rely on are digitised and available to use over the web, the more our identity, productivity, access to information, connectivity, social connections and financial well-being depends on information security. Consequently, a deep understanding of both offensive and defensive security techniques is fast becoming essential knowledge for a career in computing.

This course will provide in-depth knowledge of offensive security that will prepare the student for work in any technical field where they will are responsible for the development or maintenance of sensitive systems. The course begins by introducing the basic tools used by hackers, before highlighting the common weaknesses- and mitigations- for various levels of the technology stack, such as web applications, operating systems and corporate networks. Finally, students are provided practical insights into careers in information security in the areas of attack detection, prevention and defence. Students will develop the skills necessary to both gain access to test computers and to defend test networks from attack.
Assumed Knowledge: ELEC5616 OR INFO3616 OR INFO2315. with a CR+ grade
Additional Notes: This unit has a maximum enrolment size of 24 students.
Department Permission Department permission is required for enrollment in this session.
Lecturer/s: Seneviratne, Suranga
Timetable: COMP5618 Timetable
Time Commitment:
# Activity Name Hours per Week Sessions per Week Weeks per Semester
1 Lecture 1.00 1 13
2 Laboratory 2.00 1 12
3 Independent Study 5.00 1 13
4 Project Work - own time 2.00 1 12
T&L Activities: Students will participate in weekly three-hour lab sessions that include 30-60 minutes of lecture material interspersed with practical exercises. During each lab tutorial, academic papers will be distributed that relate to the following week’s topics. At the beginning of each lab, the paper from the previous week will be reviewed by the tutor, before a practical example relating to the topic will be performed by the students.

This course includes a ‘Mobile Capture The Flag’ (CTF) competition whereby students will attempt to reverse engineer various mobile app codes.

Students will be provided access to a live-boot persistent Kali Linux USB drive to be used as their ‘attacking’ system, and a network-based host which they use to practice defence..

Learning outcomes are the key abilities and knowledge that will be assessed in this unit. They are listed according to the course goal supported by each. See Assessment Tab for details how each outcome is assessed.

Unassigned Outcomes
1. Ability to present and discuss a security incident with security experts
2. Understanding of security measures to defend against malicious technical attacks levelled against connected systems.
3. Experience with the implementation of infrastructure to detect and defend against network-based attacks.
4. Ability to research information on security issues from the literature and to analyse a security incident use case
5. Practical knowledge of penetration testing via hands-on experience with standard industry tools.
6. Understanding of audit trails and the ability to identify where those should be implemented for use in incident response.
7. Understanding of the software infrastructure for modern web-based, mobile, and cloud-hosted applications.
8. General knowledge of ethical and legal aspects of IT security and data privacy.
9. Ability to recognise and resolve weaknesses in commonly-used systems.
Assessment Methods:
# Name Group Weight Due Week Outcomes
1 Practical Lab Participation No 10.00 Multiple Weeks 2, 3, 5, 6, 7, 9,
2 Assignment 3: Mobile CTF No 15.00 Week 13 2, 5, 7, 9,
3 Assignment 2: Penetration Defence No 15.00 Week 10 3, 5, 6, 9,
4 Assignment 1 - Security Incident Paper Review No 10.00 Week 7 1, 2, 4, 5, 7, 8, 9,
5 In-class Test - Secure Code Warrior No 10.00 Week 12 2, 6, 7, 9,
6 Final (Oral) Examination No 40.00 Exam Period 2, 3, 5, 6, 7, 8, 9,
Assessment Description: This course features several practical exercises throughout the semester. The preparation and configuration of these weekly tasks is assessed with the Participation mark of this unit.

On multiple weeks of the semester, reverse engineering tasks are given out as part of a `mobile capture the flag`-style competition. In Week 10, students will also be tasked to secure a given system to defend against some penetration tests (Penetration Defence assignment). In Week 7, students have to review an security incident use case provided in paper form.

Throughout the whole semester, students will have access to the `Secure Code Warrior` which consists of a series of online exercises about security issues and code review, which can be worked on as homework.

The Security Incident Paper Review will include to write a short summary essay about a real-world security incident and to give a brief overview presentation about this incident to the class.

Penalties for lateness: 5% per day according to the Clause 7A of the assessment procedures.

E.g. An assignment that would normally get 9/10 and is 2 days late loses 10% of the full 10 marks,i.e. new mark = 8/10

An assignment that would normally get 5/10 and is 5 days late loses 25% of the full 10 marks, i.e. new mark = 2.5/10

Assignments more than 10 days late get 0.

The final exam in the examination period will be an oral exam on all aspects of the course, but in particular focussing on the understanding of the students of the covered security technologies and measures.
Grading:
Grade Type Description
Standards Based Assessment Final grades in this unit are awarded at levels of HD for High Distinction, DI (previously D) for Distinction, CR for Credit, PS (previously P) for Pass and FA (previously F) for Fail as defined by University of Sydney Assessment Policy. Details of the Assessment Policy are available on the Policies website at http://sydney.edu.au/policies . Standards for grades in individual assessment tasks and the summative method for obtaining a final mark in the unit will be set out in a marking guide supplied by the unit coordinator.
Minimum Pass Requirement It is a policy of the School of Computer Science that in order to pass this unit, a student must achieve at least 40% in the written examination. For subjects without a final exam, the 40% minimum requirement applies to the corresponding major assessment component specified by the lecturer. A student must also achieve an overall final mark of 50 or more. Any student not meeting these requirements may be given a maximum final mark of no more than 45 regardless of their average.
Policies & Procedures: IMPORTANT: School policy relating to Academic Dishonesty and Plagiarism.

In assessing a piece of submitted work, the School of Computer Science may reproduce it entirely, may provide a copy to another member of faculty, and/or to an external plagiarism checking service or in-house computer program and may also maintain a copy of the assignment for future checking purposes and/or allow an external service to do so.

Other policies

See the policies page of the faculty website at http://sydney.edu.au/engineering/student-policies/ for information regarding university policies and local provisions and procedures within the Faculty of Engineering and Information Technologies.
Online Course Content: Slides and reading material will be available online on the unit Canvas web page.

Note that the "Weeks" referred to in this Schedule are those of the official university semester calendar https://web.timetable.usyd.edu.au/calendar.jsp

Week Description
Week 1 Lecture/Tutorial: Ethics, Environment & Tools
Week 2 Lecture/Tutorial: Networking & Infrastructure
Week 3 Lecture/Tutorial: Networking - Traversal
Week 4 Lecture/Tutorial: Windows Security
Week 5 Lecture/Tutorial: Mobile Security - Static analysis & Reverse Engineering
Week 6 Lecture/Tutorial: Mobile Security - Dynamic Analysis
Week 7 Lecture/Tutorial: Web Applications - Common Vulnerabilities and Threats
Assessment Due: Assignment 1 - Security Incident Paper Review
Week 8 Lecture/Tutorial: Web Vulnerability Scanners
Week 9 Lecture/Tutorial: Student Presentations
Week 10 Lecture/Tutorial: Linux Security
Assessment Due: Assignment 2: Penetration Defence
Week 11 Lecture/Tutorial: Wireless Security
Week 12 Lecture/Tutorial: Guest Lecture (Topic TBD)
Assessment Due: In-class Test - Secure Code Warrior
Week 13 Lecture: Digital Forensics & UoS Review
Assessment Due: Assignment 3: Mobile CTF
Exam Period Assessment Due: Final (Oral) Examination

Course Relations

The following is a list of courses which have added this Unit to their structure.

Course Year(s) Offered
Graduate Certificate in Information Technology 2017, 2018, 2019, 2020
Graduate Certificate in Information Technology Management 2017, 2018, 2019, 2020
Graduate Diploma in Computing 2015, 2016, 2017, 2018, 2019, 2020
Graduate Diploma in Information Technology 2017, 2018, 2019, 2020
Graduate Diploma in Information Technology Management 2017, 2018, 2019, 2020
Master of Information Technology 2017, 2018, 2019, 2020
Master of Information Technology Management 2017, 2018, 2019, 2020
Master of IT/Master of IT Management 2017, 2018, 2019, 2020

Course Goals

This unit contributes to the achievement of the following course goals:

Attribute Practiced Assessed
(6) Communication and Inquiry/ Research (Level 4) No 0%
(8) Professional Effectiveness and Ethical Conduct (Level 4) No 0%
(5) Interdisciplinary, Inclusiveness, Influence (Level 4) No 0%
(4) Design (Level 4) No 0%
(2) Engineering/ IT Specialisation (Level 4) No 0%
(3) Problem Solving and Inventiveness (Level 4) No 0%
(1) Maths/ Science Methods and Tools (Level 4) No 0%

These goals are selected from Engineering & IT Graduate Outcomes Table 2018 which defines overall goals for courses where this unit is primarily offered. See Engineering & IT Graduate Outcomes Table 2018 for details of the attributes and levels to be developed in the course as a whole. Percentage figures alongside each course goal provide a rough indication of their relative weighting in assessment for this unit. Note that not all goals are necessarily part of assessment. Some may be more about practice activity. See Learning outcomes for details of what is assessed in relation to each goal and Assessment for details of how the outcome is assessed. See Attributes for details of practice provided for each goal.