| Instructor(s) | Yousra Aafer, Navid Nasr Esfahani |
| Office Location | DC 3522 (Y. Aafer), DC 3332 (N. Nasr Esfahani) |
| Office Hours | 12:00pm–1:00pm on Wednesdays in the instructor virtual meeting room (details in Piazza) or by appointment. |
| yousra.aafer@uwaterloo.ca, nnasresf/@uwaterloo.ca |
Lectures: Pre-recorded lectures will be posted to LEARN each Monday. More details on LEARN.
Iteractive Session:
Piazza:
The interactive session is an augmentation to the lectures (which are recordings from the previous term). Its attendance is voluntary and optional. The session will be recorded and its recording will be made available via LEARN. The interactive session is an experiment in a flipped classroom. The session will start with a brief recap, contain exercises and allow students to ask questions. Questions may also be posted before the session on Piazza. The interactive sessions are an experiment due to the online nature of the course and strong student participation is encouraged.
This syllabus is a guideline for the course and not a contract. As such, its terms may be altered when doing so is, in the opinion of the instructor(s), in the best interests of the class.
Paul van Oorschot, Computer Security and the Internet: Tools and Jewels, Springer, 2020, ISBN: 978-3-030-33648-6 (hardcopy), 978-3-030-33649-3 (eBook) https://people.scs.carleton.ca/~paulv/toolsjewels.html
This text book is freely available for download from the author's web page.
Charles P. Pfleeger, Shari Lawrence Pfleeger, and Jonathan Margulies, Security in Computing, 5th edition, Prentice-Hall, 2015, ISBN 0-13-408504-3 http://www.informit.com/store/security-in-computing-9780134085043
This textbook is also available in an online edition; a limited number of people from uWaterloo can be using the online edition at one time. If you are off-campus, you can use the library's proxy service to access the book's proxied URL.
This course provides an introduction to security and privacy issues in various aspects of computing, including programs, operating systems, networks, databases, and Internet applications. It examines causes of security and privacy breaches, and gives methods to help prevent them.
Students completing this course should be better able to produce programs that can defend against active attacks, and not just against random bugs.
Third or fourth year CS students (CS 458), or first year CS graduate students (CS 658)
CS 350 (Operating Systems). Familiarity with C.
It is expected that you will have read the appropriate sections of the textbook(s) before class. Additional readings may be assigned, and will appear on Learn; readings marked as mandatory contain required material for the course and must be read before the date of the corresponding lecture.
Grades will be calculated as follows:
The first three assignments contain both written and programming exercises and cover the new material in the course since the previous assignment. The final assignment is written-only but covers material from the whole term. If the weighted average of your score in the final assignment is below 50%, you cannot pass the course.
Assignments are to be submitted electronically with the "submit" command, and are due at 3:00 pm Eastern Time on their respective due dates. Assignments submitted by other means will not be accepted. Students should make sure early on that the "submit" command works for them. Students should check whether their submitted files correspond to the ones that they intend to submit using the "-print" option of the "submit" command. We may run submissions through MOSS to detect code similarity. Assignment comments and marks will be returned using an online system.
Due dates are posted on the Piazza course site. Late submissions for final Assignments 1, 2 or 3, will be accepted only up to 48 hours after the original due date. There is no penalty for accepted late submissions. Assignments can be submitted multiple times -- the last one will be used for marking. There is no late submission for any milestones of Assignments 1, 2 or 3 and the final submission of Assignment 4. Course personnel will not normally give assistance for assignments after their original due dates. You must notify your instructor(s) well before the due date of any severe, long-lasting problems that prevent you from completing an assignment on time. The 48 hours grace period does not apply to the due dates for the CS 658 proposal and research survey paper; no lates will be accepted for them.
Self-tests are meant to help you keep up with the material, and gauge your grasp of it (at a basic level) on an ongoing basis. The availability and deadline information will be posted on LEARN. You can attempt each self-test as often as you like during its availability period; your last grade on each self-test will be the one recorded (although course personnel can see every attempt). Late self-tests cannot be made up for any reason, including students signing up for the class late.
It is your responsibility to keep up with all course-related information posted to LEARN, the course Piazza site, and the course website.
If you have an assignment that you would like to have reappraised, please follow the instructions given on Piazza to submit your request. Include a clear justification for your claims. The appeals deadline is one week after the respective graded item is first made available. If your appeal is concerned with a simple calculation error, please see the TA(s) during their office hours.
Please direct all communication to the discussion forums in Piazza. For personal matters, a question that might reveal part of a solution, etc., also ask a question in the Piazza discussion forum, but make it visible only to instructor(s). Assignment forums on Piazza are moderated. This way your question posted to a forum can be read only by the instructor(s) and the TAs. The instructor(s) or TAs may make a question public if they decide that it is of general interest. Please use regular email only as a last resort, and then it must be from your uwaterloo.ca email address.
Important course information will generally be posted to Piazza, but may also be sent to your uwaterloo.ca email address. It is your responsibility to monitor all of these channels.
Students registered in CS 658 must write a research survey paper on a topic related to computer security or privacy. Your topic must be approved in advance by the instructor(s). In writing your paper, you must become familiar with the research literature relevant to your topic. Your focus should be on academic venues, such as USENIX Security, ACM CCS, IEEE Symposium on Security and Privacy, or the NDSS Symposium. Your paper should be a summary of past and current work on your topic, as well as an overview of known open problems and potential future directions in the area. You should provide a concise summary of work, emphasizing major accomplishments, rather than a detailed accounting of individual pieces of research activity. Your paper should be formatted in the two-column ACM proceedings format, using one of the ACM SIG Proceedings Templates, and should not be longer than six pages. The ACM templates include headings for "Categories and Subject Descriptors," "General Terms," and "Keywords", which you do not need to use. The research paper will account for 20% of your overall mark with the other 80% following the proportions of the CS 458 formula. You must email a one-page proposal to the instructors by February 5th. It is recommended but not required that you discuss the proposal with the instructors) first. Additional milestones for the completion of the paper may be set. The final version is due on April 2nd. See Keshav's How to Read a Paper for advice on reading a research paper and doing a literature survey.
In this course, you will be exposed to information about security problems and vulnerabilities with computing systems and networks. To be clear, you are not to use this or any other similar information to test the security of, break into, compromise, or otherwise attack, any system or network without the express consent of the owner. In particular, you will comply with all applicable laws and UW policies, including, but not limited to, the following:
Violations will be treated severely, and with zero tolerance.
Students are encouraged to talk to one another, to the TAs, to the instructor(s), or to anyone else about any of the assignments. Any assistance, though, must be limited to discussion of the problem and sketching general approaches to a solution. Each student must write his or her own solutions, including code and documentation if appropriate, for the assignments. Consulting another student's solution is prohibited, and submitted solutions may not be copied from any source. In particular, submitting assignments copied in whole or in part from assignment submissions to a previous offering of this course, or from any offering of any other course, is forbidden, even if a student is resubmitting his or her own work. These and any other forms of collaboration on assignments constitute cheating. If you have any questions about whether some activity constitutes cheating, please ask the instructor(s).
The general Faculty and University policy:
Academic Integrity: In order to maintain a culture of academic integrity, members of the University of Waterloo community are expected to promote honesty, trust, fairness, respect and responsibility. Check the Office of Academic Integrity's website for more information.
All members of the UW community are expected to hold to the highest standard of academic integrity in their studies, teaching, and research. This site explains why academic integrity is important and how students can avoid academic misconduct. It also identifies resources available on campus for students and faculty to help achieve academic integrity in — and out — of the classroom.
Grievance: A student who believes that a decision affecting some aspect of his/her university life has been unfair or unreasonable may have grounds for initiating a grievance. Read Policy 70 — Student Petitions and Grievances, Section 4. When in doubt please be certain to contact the department's administrative assistant who will provide further assistance.
Discipline: A student is expected to know what constitutes academic integrity, to avoid committing academic offenses, and to take responsibility for his/her actions. A student who is unsure whether an action constitutes an offense, or who needs help in learning how to avoid offenses (e.g., plagiarism, cheating) or about "rules" for group work/collaboration should seek guidance from the course professor, academic advisor, or the Undergraduate Associate Dean. For information on categories of offenses and types of penalties, students should refer to Policy 71 — Student Discipline. For typical penalties, check Guidelines for the Assessment of Penalties.
Avoiding Academic Offenses Most students are unaware of the line between acceptable and unacceptable academic behaviour, especially when discussing assignments with classmates and using the work of other students. For information on commonly misunderstood academic offenses and how to avoid them, students should refer to the Faculty of Mathematics Cheating and Student Academic Discipline Policy.
Appeals: A decision made or a penalty imposed under Policy 70, Student Petitions and Grievances (other than a petition) or Policy 71, Student Discipline may be appealed if there is a ground. A student who believes he/she has a ground for an appeal should refer to Policy 72 — Student Appeals.
It is our intent that students from all diverse backgrounds and perspectives be well served by this course, and that students' learning needs be addressed both in and out of class. We recognize the immense value of the diversity in identities, perspectives, and contributions that students bring, and the benefit it has on our educational environment. Your suggestions are encouraged and appreciated. Please let us know ways to improve the effectiveness of the course for you personally or for other students or student groups. In particular:
AccessAbility Services, located in Needles Hall North, Room 1401, collaborates with all academic departments to arrange appropriate accommodations for students with disabilities without compromising the academic integrity of the curriculum. If you require academic accommodations to lessen the impact of your disability, please register with AccessAbility at the beginning of each academic term.
The Faculty of Math encourages students to seek out mental health support if needed.
On-campus Resources:
Off-campus Resources: