SYSC 4810

Introduction to Network and Software Security

Calendar description
Fundamental concepts, terminologies, and theories of computer security; principles
underlying common security controls; various types of threats and attacks on networks
and software systems, how they work, and controls for dealing with them; security risk
assessment and management; legal and ethical aspects of computer security.
Includes: Experiential Learning Activity
Lectures three hours a week, problem analysis one and a half hours a week.
http://calendar.carleton.ca/undergrad/courses/SYSC/

Prerequisites
Fourth-year status in Communications, Computer Systems or Software Engineering.
Precludes additional credit for COMP 4108.

Prior knowledge
Students should have knowledge of:
• Basic number theory (e.g., prime numbers)
• Numeral systems (e.g., binary, decimal, hexadecimal)
• Basic set theory
• Computer organization (e.g., execution stacks)
• TCP/IP networking concepts
• Programming skills (in C)

Course objectives
Concerns related to the security of modern computer systems and networks, and the
information that they use, store, and communicate, are becoming more commonplace in
our daily lives. Systems today are comprised of broad and heterogeneous
communication networks with many interacting software and hardware components that
can be spread across a variety of application domains, each with their own security
concerns with varying implications and priorities. For example, smartphones, wearable
health-monitoring devices, GPS navigation devices, automobiles, energy grid services,
and even home appliances like washers and dryers now come with Internet connections
by which data from and about the user goes to places where users have little visibility or
control. On one hand, users want the convenience and benefits that added connectivity
brings, while on the other hand, they are growing increasingly worried about the threat
and impact of suffering massive losses of their personal data and information. Computer
security brings these two threads together as technology races forward with “smart"
products that all too often omit the basic controls that can prevent or limit security
attacks and failures.
This course examines the fundamentals of network and software security, and explores
the central problems that confront security designers and administrators including
defining the threats to computer and network systems, evaluating the relative risks of
these threats, and developing effective countermeasures and controls.
The course is intended to cover a broad spectrum of network and software security
fundamentals, while striking a balance between theory and practice. It will provide
students with the foundation and skills needed to become security-conscious engineers.

List of topics
• Security Concepts: Confidentiality, Integrity, Availability, Threats, Attacks, Assets.
• Fundamental Security Design Principles.
• Attack Surfaces and Attack Trees.
• Security Strategies, Policies, and Implementations: Prevention, Detection,
Recovery.
• Cryptography: Symmetric vs. Asymmetric, Hashing, Digital Signatures, Key
Management.
• User Authentication: Passwords, Tokens, Biometrics.
• Access Control Principles: Subjects, Objects, Access Rights, Role-Based vs.
Attribute-Based.
• Trusted Computing and Multilevel Security.
• Malicious Software: Viruses, Worms, Trojans, Bots, Spam, Phishing, Backdoors,
Rootkits.
• Intrusion Detection, Firewalls, and Intrusion Prevention Systems.
• Internet Security Protocols and Standards: SSL, TLS, HTTPS, IPSec.
• Internet Authentication Applications: Kerberos, Certificates, Public-Key
Infrastructure.
• Wireless Network Security and Mobile Device Security.
• Software Security: Buffer Overflows, Handling Inputs/Outputs, Secure
Programming.
• System Security: Operating Systems, Cloud, IoT Security.
• Security Management, Risk Assessment, and Threat Modeling.
• Security Controls, Plans, and Procedures.
• Security Evaluation and Assurance.
• Legal and Ethical Aspects.

Learning outcomes
By the end of this course, students should know and understand:
 • Fundamental concepts, terminologies, principles, and theories of network and
software security.
• Primary aspects of a comprehensive security strategy.
• Basic principles underlying the main cryptographic concepts and technologies
available today, including symmetric and asymmetric encryption, hashing, and
digital signatures.
• Security policies (such as authentication, integrity, and confidentiality), as well as
protocols to implement such policies.
• Various types of security threats and attacks on networks and software systems,
how they work, and controls for dealing with them.
• Relevant personnel, legal, and ethical issues related to network and software
security.
By the end of this course, students should be able to:
• Identify the types of threats and attacks that apply to different categories of
computer and network assets.
• Identify suitable countermeasures and security controls for dealing with specific
types of threats and attacks.
• Analyze and specify security properties of simple computing systems.
• Implement and use basic security tools to enhance network and software
security.
• Develop basic security enhancements in stand-alone applications.

Graduate Attributes (GAs)

The Canadian Engineering Accreditation Board requires graduates of engineering
programs to possess 12 attributes at the time of graduation. Activities related to the
learning outcomes listed above are measured throughout the course and are part of the
department’s continual improvement process. Graduate attribute measurements will not
be taken into consideration in determining a student’s grade in the course. For more
information, please visit: https://engineerscanada.ca/.
Graduate Attribute Learning
outcome(s)
1.8.S Knowledge Base: Developed: Software engineering 1-6
2.1: Problem Analysis: Developed: Problem Definition 7
2.2: Problem Analysis: Developed: Approach to the Problem 8
4.4: Design: Developed: Design solution(s) 9-11
7.1: Communication Skills: Developed: Instructions

Accreditation Units (AUs)

For more information about Accreditation Units, please visit:
https://engineerscanada.ca/.
The course has a total of 46 AUs, divided into:
• Engineering Science: 60%
 • Engineering Design: 40%

Special Information for Pandemic Measures

It is important to remember that COVID is still present in Ottawa. The situation can
change at any time and the risks of new variants and outbreaks are very real. There
are a number of actions you can take to lower your risk and the risk you pose to those
around you including being vaccinated, wearing a mask, staying home when you’re
sick, washing your hands and maintaining proper respiratory and cough etiquette.
Feeling sick? Remaining vigilant and not attending work or school when sick or with
symptoms is critically important. If you feel ill or exhibit COVID-19 symptoms do not
come to class or campus. If you feel ill or exhibit symptoms while on campus or in class,
please leave campus immediately. In all situations, you must follow Carleton’s symptom
reporting protocols.
Masks: Carleton has paused the COVID-19 Mask Policy, but continues to strongly
recommend masking when indoors, particularly if physical distancing cannot be
maintained. It may become necessary to quickly reinstate the mask requirement if
pandemic circumstances were to change.
Vaccines: Further, while proof of vaccination is no longer required as of May 1 to attend
campus or in-person activity, it may become necessary for the University to bring back
proof of vaccination requirements on short notice if the situation and public health
advice changes. Students are strongly encouraged to get a full course of vaccination,
including booster doses as soon as they are eligible, and submit their booster dose
information in cuScreen as soon as possible. Please note that Carleton cannot
guarantee that it will be able to offer virtual or hybrid learning options for those who are
unable to attend the campus.
All members of the Carleton community are required to follow requirements and
guidelines regarding health and safety which may change from time to time. For the
most recent information about Carleton’s COVID-19 response and health and safety
requirements please see the University’s COVID-19 website and review the Frequently
Asked Questions (FAQs). Should you have additional questions after reviewing, please
contact [email protected].
Self-Declaration Process in Effect for Fall 2022 Term
Since the beginning of the COVID-19 pandemic, Carleton has temporarily suspended
the need for doctor’s notes or medical certificates for academic accommodation
requests related to COVID-19. This decision was made in recognition of the fact that
alternate course delivery and assessment methods present unique challenges and that
it continues to be more difficult than usual for students to see a doctor and obtain
documentation.
As we all continue to navigate ongoing disruptions caused by the public health crisis, we
are extending this process for the Fall 2022 Term.
In place of a doctor’s note or medical certificate, students will be advised to complete
the self-declaration form available on the Registrar’s Office website to request academic
accommodation for missed course work including exams and assignments. Students
will also be encouraged to connect directly with their instructors to discuss required
accommodations arising from the COVID-19 situation.

Instructor and TA Contact

Dr. Jason Jaskolka Teaching Assistants (TAs)
Office: Canal Building 6206 • TBD and posted on Brightspace
Extension: 1873
Email: [email protected]
Drop-In Hours: TBD and posted on Brightspace

Dates, Times, and Locations

This offering of SYSC 4810A will be in-person with synchronous delivery. Recordings
will not be available. The lectures and problem analysis sessions will take place each
week at the following times.
Lectures: Wednesdays 4:05PM–5:25PM
Fridays 4:05PM–5:25PM
Problem Analysis: Fridays 11:35AM–12:55PM (A01)
Wednesdays 2:35PM–3:55PM (A02)
Wednesdays 10:05AM–11:25AM (A04)
Students should consult Brightspace for the locations of the lectures and problem
analysis sessions.

Textbook
The following textbook is strongly recommended and is available at the Carleton
bookstore.
1. William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 4th
Edition, Pearson, 2018. ISBN: 978-0-134-79410-5
Note: This course may not always follow the textbook closely.
Additional References & Resources
Throughout this course, the following useful references and resources may also be
used:
1. Matt Bishop, Computer Security: Art and Science, 2nd Edition, Addison-Wesley
Professional, 2019. ISBN: 978-0-321-71233-2
2. Wenliang Du, Computer Security: A Hands-on Approach, CreateSpace Independent
Publishing Platform, 2017. ISBN: 978-1-548-36794-7
3. William Stallings, Cryptography and Network Security: Principles and Practice, 7th
Edition, Pearson, 2017. ISBN: 978-0-134-44428-4
4. William Stallings, Network Security Essentials: Applications and Standards, 6th
Edition, Pearson, 2017. ISBN: 978-0-134-52733-8
5. Chuck Easttom, Computer Security Fundamentals, 3rd Edition, Pearson IT
Certification, 2016. ISBN: 978-0-134-47058-0
6. Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies, Security in
Computing, 5th Edition, Prentice Hall, 2015. ISBN: 978-0-134-08505-0

Course Webpage
The course announcements, course syllabus, lecture slides used in class, assignments,
and any material needed or used in the problem analysis or lab sessions, can be found
on Brightspace. It is the student’s responsibility to be aware of the information on
Brightspace, and to check regularly for announcements.

Email Correspondence
In order to ensure that you receive a timely response to emails that are sent to the
instructor or TAs, please include [SYSC 4810A] in the Subject, as emails will be
filtered using this identifier.
Students are expected to show and maintain a high-level of professionalism in all email
correspondence. This means that emails should include a proper salutation and sign-
off/signature, and should refrain from using slang, texting abbreviations and acronyms,
and emojis/emoticons.
Note that email is not the best medium for technical questions. Technical questions
submitted by email will be answered at the beginning of the next lecture.

Evaluation and Grading Scheme

Assignments 40%
Surprise Quizzes 0-10%
Final Exam 50-60%
TOTAL 100%

Breakdown of Course Requirements

Problem Analysis
There will be a weekly problem analysis session involving a short ungraded
assignment with practice and study questions that are intended to check your
understanding of the course material. The problem analysis assignments will be posted
on Brightspace at the start of each module. The solutions to the problem analysis
assignments will be taken up and discussed in the corresponding session. Students are
warned that the solutions to the problem analysis assignments will not be posted
on Brightspace. The problem analysis assignments form a very important part of this
course and your attendance and participation at the problem analysis sessions is
expected. Doing the problem analysis assignments (by yourself) and asking questions
during the problem analysis sessions is an excellent way for you to learn the course
material and prepare for the quizzes and final examination.
Assignments
There will be one (1) ungraded assignment and four (4) graded assignments. The
graded assignments correspond to course modules 2–5. Each graded assignment is
worth 10% of the final grade. Assignments will be posted on Brightspace and will be due
on the following dates:
Module Assignment # Posted Date Due Date
1 September 7, 2022 September 25, 2022
2 September 18, 2022 October 9, 2022
3 October 2, 2022 October 31, 2022
4 October 16, 2022 November 13, 2022
5 November 6, 2022 November 27, 2022
The assignment solutions are due by 11:59PM on the due date. Students must submit
their assignment solutions on Brightspace. Students are permitted to discuss general
aspects of the assignments with other students in the class, but each person should
hand in their own work. Students may consult outside sources, such as textbooks, but
any use of any source must be documented/cited in the assignment solutions. Late
assignments will be graded with a late penalty of 20% of the full grade per day up to 48
hours past the deadline, except for reasons accepted by the Academic Regulations of
the University.
The assignments will be graded by the TAs. Any request for regrading must be first
directed to the TA that has graded your assignment. If after having talked to the TA you
still believe that you deserve a higher grade, then you can contact the instructor. When
the instructor regrades an assignment, all of the assignment solutions will be regraded.
Surprise Quizzes
During the term, the instructor can give up to six (6) surprise quizzes. The quizzes will
be administered online via Brightspace and will be password-protected. To initiate a
surprise quiz, the instructor will announce the password for the quiz during the in-person
lecture time and it will be the responsibility of the students to record the password
to be able to complete the quiz. Students will have 24 hours from the end of the
lecture where the quiz was initiated to start their quiz on Brightspace. Once started,
students will have 15 minutes to complete the online quiz.
If the class writes one quiz during the term, it counts for 2% of the final grade. If the
class writes more than one quiz, the quiz with the lowest grade does not count, while
each of the others count for 2% of the final grade. There will be no deferred quizzes.
Final Exam
The final examination will be scheduled by the Registrar’s office in the usual way. It will
be three (3) hours in duration and will cover the material from the lectures, problem
analyses, assignments, and the required textbook. The final exam counts for (60 −
#QuizzesThatCount ∗ 2)% of the final grade. For example, if the class writes 4 quizzes,
only 3 quizzes count, and the final exam will be worth (60 − 6) = 54%. The final
examination is for evaluation purposes only and will not be returned to students. You
will be able to make arrangements with the instructor or with the department office to
see your marked final examination after the final grades have been made available.

Tentative Week-by-Week Breakdown

Weeks Module
1-2 1: Overview of Computer Security
• Security Concepts: Confidentiality, Integrity, Availability, Threats, Attacks, Assets
• Fundamental Security Design Principles
• Attack Surfaces and Attack Trees
• Security Strategies, Policies, and Implementations: Prevention, Detection, Recovery
3-4 2: Cryptographic Tools
• Cryptography: Symmetric vs. Asymmetric, Block vs. Stream Ciphers, Algorithms
• Message Integrity: Message Authentication Codes, Hashing
• Digital Signatures
• Key Management: Key Exchange, Key Distribution
5-6 3: User Authentication and Access Control
• User Authentication: Passwords, Tokens, Biometrics
• Access Control Principles: Subjects, Objects, Rights, Role-Based vs. Attribute-Based
• Multilevel Security
7-8 4: Network Security
• Intrusion Detection, Firewalls, and Intrusion Prevention Systems
• Internet Security Protocols and Standards: SSL, TLS, HTTPS, IPSec
• Internet Authentication Applications: Kerberos, Certificates, Public-Key Infrastructure
• Wireless Network Security and Mobile Device Security
9-10 5: Software and System Security
• Software Security: Buffer Overflows, Handling Inputs/Outputs, Secure Programming
• System Security: Operating Systems, Cloud, IoT Security
• Malicious Software: Viruses, Worms, Trojans, Bots, Spam, Phishing, Backdoors,
Rootkits
11-12 6: Security Management
• Security Management, Risk Assessment, and Threat Modeling
• Security Controls, Plans, and Procedures
• Security Evaluation and Assurance
• Legal and Ethical Aspects

Important Information
Instructor Expectations, Policies, and Notes
1. A regrading request of an assignment, lab, quiz, or exam will be considered by the
instructor only if it is made within the two weeks that follow the return date of the
majority of the concerned assignment, lab, quiz, or exam.
2. The instructor reserves the right to assign extra grades for extra work done by willing
students. However, the work subject to extra grades will be advertised during the
lectures to provide the opportunity to all students.
3. No responsibility for loss of assignments or labs can be assumed by either the
instructor or the TAs. Keep copies of your own assignments and labs.
4. Students are responsible for ensuring that their assignments are submitted correctly
and without corruption.
5. The lectures will not necessarily follow the order in which the topics are presented in
the detailed course outline. Regular class attendance is required.
6. Significant study, reading, and group discussions outside of class are required.
Looking at, or only reading the slides that are provided may not be enough to achieve
the level of understanding required for the assignments and exams.
7. Students are expected to show professional behaviour. This includes being on-time
for lecture, lab, and/or problem analysis sessions, meeting assignment deadlines, and
maintaining a suitable level of professionalism in oral and written (email)
correspondence with the instructor and TAs.
8. Students that are having difficulty with the course content are expected to seek help
early. Students are encouraged to ask questions in class and/or seek help during the
instructor’s office hours.
9. Suggestions on how to improve the course and the instructor’s teaching
methods are always welcomed.

General regulations
Attendance: Students are expected to attend all lectures and lab periods. The
University requires students to have a conflict-free timetable. For more information, see
the current Undergraduate Calendar, Academic Regulations of the University, Section
2.1.3, Course Selection and Registration and Section 2.1.7, Deregistration.

Health and Safety: Every student should have a copy of our Health and Safety Manual.
A PDF copy of this manual is available online: http://sce.carleton.ca/courses/health-and-
safety.pdf

Deferred Term Work: Students who claim illness, injury or other extraordinary
circumstances beyond their control as a reason for missed term work are held
responsible for immediately informing the instructor concerned and for making alternate
arrangements with the instructor and in all cases, this must occur no later than three
(3.0) working days after the term work was due. The alternate arrangement must be
made before the last day of classes in the term as published in the academic schedule.
Instructors may, at their discretion, require students to provide medical documentation
to support requests for accommodation for missed course work including exams and
assignments. As per the Provost’s message of August 27, 2021, for the Fall 2021 term,
students have been instructed to complete the Medical Self-Declaration form available
on the Registrar’s Office website rather than seeking to obtain a doctor’s note or
medical certificate. Instructions for the Winter 2022 term will be communicated by the
Provost’s office.
For more information, see the current Undergraduate Calendar, Academic Regulations
of the University, Section 4.4, Deferred Term Work.

Appeal of Grades: The processes for dealing with questions or concerns regarding
grades assigned during the term and final grades is described in the Undergraduate
Calendar, Academic Regulations of the University, Section 3.3.4, Informal Appeal of
Grade and Section 3.3.5 Formal Appeal of Grade.

Academic Integrity: Students should be aware of their obligations with regards to

academic integrity. Please review the information about academic integrity at:
https://carleton.ca/registrar/academic-integrity/. This site also contains a link to the
complete Academic Integrity Policy that was approved by the University's Senate.

Plagiarism: The University Academic Integrity Policy defines plagiarism as “presenting,

whether intentionally or not, the ideas, expression of ideas or work of others as one’s
own.” This includes reproducing or paraphrasing portions of someone else’s published
or unpublished material, regardless of the source, and presenting these as one’s own
without proper citation or reference to the original source. Examples of sources from
which the ideas, expressions of ideas or works of others may be drawn from include but
are not limited to: books, articles, papers, literary compositions and phrases,
performance compositions, chemical compounds, artworks, laboratory reports, research
results, calculations and the results of calculations, diagrams, constructions, computer
reports, computer code/software, material on the internet and/or conversations.
Examples of plagiarism include, but are not limited to:
• any submission prepared in whole or in part, by someone else;
• using ideas or direct, verbatim quotations, paraphrased material, algorithms,
formulae, scientific or mathematical concepts, or ideas without appropriate
acknowledgment in any academic assignment;
• using another’s data or research findings without appropriate acknowledgement;
• submitting a computer program developed in whole or in part by someone else,
with or without modifications, as one’s own; and
• failing to acknowledge sources through the use of proper citations when using
another’s work and/or failing to use quotations marks.

Academic Accommodations

Carleton University is committed to providing access to the educational experience in

order to promote academic accessibility for all individuals.
Academic accommodation refers to educational practices, systems and support
mechanisms designed to accommodate diversity and difference. The purpose of
accommodation is to enable students to perform the essential requirements of their
academic programs. At no time does academic accommodation undermine or
compromise the learning objectives that are established by the academic authorities of
the University.
Requests for Academic Accommodation
You may need special arrangements to meet your academic obligations during the
term. For an accommodation request, the processes are as follows:
- Addressing Human Rights Concerns: The University and all members of the
University community share responsibility for ensuring that the University’s
educational, work and living environments are free from discrimination and
harassment. Should you have concerns about harassment or discrimination
relating to your age, ancestry, citizenship, colour, creed (religion), disability,
ethnic origin, family status, gender expression, gender identity, marital status,
place of origin, race, sex (including pregnancy), or sexual orientation, please
contact the Department of Equity and Inclusive
Communities at [email protected].
- Pregnancy Obligation: Please contact your instructor with any requests for
academic accommodation during the first two weeks of class, or as soon as
possible after the need for accommodation is known to exist. For more details,
please review the Student Guide to Academic Accommodation (PDF, 2.1 MB)
- Religious Obligation: Please contact your instructor with any requests for
academic accommodation during the first two weeks of class, or as soon as
possible after the need for accommodation is known to exist. For more details,
please review the Student Guide to Academic Accomdoation (PDF, 2.1 MB)
- Academic Accommodations for Students with Disabilities: If you have a
documented disability requiring academic accommodations in this course, please
contact the Paul Menton Centre for Students with Disabilities (PMC) at 613-520-
6608 or [email protected] for a formal evaluation or contact your PMC
coordinator to send your instructor your Letter of Accommodation at the
beginning of the term. You must also contact the PMC no later than two weeks
before the first in-class scheduled test or exam requiring accommodation (if
applicable). Requests made within two weeks will be reviewed on a case-by-
case basis. After requesting accommodation from PMC, meet with your
instructor as soon as possible to ensure accommodation arrangements are
made. For more details, visit the Paul Menton Centre website.
- Survivors of Sexual Violence: As a community, Carleton University is
committed to maintaining a positive learning, working and living environment
where sexual violence will not be tolerated, and where survivors are supported
through academic accommodations as per Carleton’s Sexual Violence Policy.
For more information about the services available at the university and to obtain
information about sexual violence and/or support, visit the Equity and Inclusive
Communities website.
- Accommodation for Student Activities: Carleton University recognizes the
substantial benefits, both to the individual student and for the university, that
 result from a student participating in activities beyond the classroom experience.
Reasonable accommodation must be provided to students who compete or
perform at the national or international level. Please contact your instructor with
any requests for academic accommodation during the first two weeks of class, or
as soon as possible after the need for accommodation is known to exist. For
more details, see the Senate Policy on Accommodation for Student Activities
(PDF, 25KB).
Copyright on Course Materials: The materials created for this course (including the
course outline and any slides, posted notes, labs, project, assignments, quizzes, exams
and solutions) are intended for personal use and may not be reproduced or redistributed
or posted on any web site without prior written permission from the author(s).