UQ Students should read the Disclaimer & Warning
Note: This page dates from 2005, and is kept for historical purposes.
The University of Queensland
School of Information Technology and Electrical Engineering
Semester 2, 2004
COMP3502 – Information Security
COMP7506 – Information Security
Course Profile
Version
This is version 2.1 of the COMP3502 course profile, dated 20 July 2004.
Change Log
2.1: Updated UQ phone number, fixed broken bibliography link, minor HTML styling,
fixed typo, fixed calendar dates.
2.0: Major update. New learning outcomes, contact details, textbook, graduate
attributes, learning activities, and assessment activities.
1. Course Summary
| Course Code(s): | COMP3502 and COMP7506 |
| Unit Value: | #2 |
| Contact Hours: | 3 hours per week (2L1T) |
| Purpose: | COMP3502 and COMP7506 introduce the field of information security. |
2. Teaching Staff
| Course Coordinator: Associate Professor John Yesberg | |
| Office: | 78-306 |
| Phone: | (07) 3332 7664 (DSTO) or 3365 2883 (UQ). I will rarely be available at the UQ phone - I recommend the DSTO number. |
| Email: | jdy[at]itee.uq.edu.au. Note that although I may reply from my DSTO email, it is to students' advantage if further replies are still addressed to the UQ account, so that it is available from my UQ office. |
| Consultation: | In person, after lectures and Monday afternoon tutorial, or by appointment (preferably use email to make an appointment). There will be extensive opportunities for consultation during the Swot-Vac week prior to exams. Note that Dr Yesberg works primarily for the Defence Science and Technology Organisation, which has given permission for him to teach this course. |
| Tutor: Tim Cederman-Heysom (To be confirmed) | |
3. Course Goals
The goal of the course is to introduce the field of information security. Upon successful completion of the course, students should be able to:
- explain and apply the vocabulary used in the field;
- explain and analyse mechanisms that provide the key security services of authentication and access control, including passwords, biometrics, and cryptography;
- explain and apply techniques from risk management, probability theory, including information theory and entropy, to analyse security systems;
- locate, interpret, and critically judge academic and other literature in the field;
- explain ethical and legal considerations that apply to the learning and practice of information security;
- explain the adversarial nature of security, and the asymmetric nature of offensive and defensive roles; and
- describe some of the threats and countermeasures in a range of computing applications.
3.1 Assumed Background
This course does not have any compulsory prerequisite courses. Students will require a general computing background, consistent with having completed two years of a bachelor's degree in Computer Science or Information Technology.
There is no programming required, although one of the options for Assignment 2 will be a programming task. The only permissible programming languages for this task are Java, C, and C++.
Prerequisite courses: none.
Recommended (not compulsory): COMP2301 or COMS2000 or 3200 or CS229 or
233 or 332 or 334 or 336 or E3429
Corequisite courses: none.
Recommended (not compulsory): COMP3300 or COMS3200 or CS309 or 336
Incompatible courses: COMM3905 or CO392 or ID360
4. Resources
4.1 Textbook
I have prepared a COMP3502/7506 course reader which contains both the lecture notes and extracts from some of the references that you are required to obtain. It will be available from Print On Demand. (I have not been able to find any textbooks which adequately and cost-effectively cover the content for this course.) There are some reference books, which you can find in the library, which may be useful for some parts of the course. Details are on the COMP3502 bibliography page.4.2 Handouts
General ITEE policy is not to distribute paper handouts, but to make them available on the web. Students have the choice to print them if appropriate.
4.3 Computing Facilities
An accounts will be created on the ITEE network for each student. The account will have Internet access.4.4 Distribution of Notices
Notices will generally be distributed by email, and on the course newsgroup (see below).
4.5 Web
The course web site is available at http://www.itee.uq.edu.au/~comp3502. The course web site will contain:
- Lecture notes
- Bibliography
- Tutorial questions and answers
- Assignment questions and answers
- Results information
4.6 Newsgroup
The course newsgroup is uq.itee.comp3502. This group is available on both the University and School news servers (news.uq.edu.au and news.itee.uq.edu.au). Students are required to monitor the newsgroup at least weekly.
Students are free to post questions (and answers!) to the newsgroup. Copies of announcements will also be posted to the newsgroup. The teaching staff will monitor the newsgroup.
5. Learning Activities
| Readings | A portion of the course reader will be assigned for each week. Students will be expected to have read the material prior to that week's lecture and tutorial. | |||||||||||||||
| Lectures | Lectures will be on Mondays, 2pm-4pm, in 63-358. In lectures, we will explore the topic from the reading in further detail and sometimes from alternative points of view. There will be some opportunities for small-group activities during the lectures. | |||||||||||||||
| Tutorials | Tutorials are scheduled as shown in the following table. (Note that SI-net
is the authoritative source for timetable information, and that there are
no tutorials in the first week.)
|
|||||||||||||||
| Cryptographer's Workbench | The Cryptographer's Workbench is an online tutorial-style system which will help students learn about various aspects of cryptography. Students will be lead through a sequence of steps designed to teach security aspects of cryptography. After initial demonstrations during the lectures, this will be an unsupervised activity, which can be done at the student's own pace on any computer connected to the network. | |||||||||||||||
| Assignments | Students will be required to survey recent literature from the Internet
and from peer-reviewed journals to prepare essays. The first assignment will cover issues relating to ethics and evidence. Students will be given a set of topics from which to choose for their second assignment. |
|||||||||||||||
| Peer Assessment | Students will be required to assess each other's tutorial question sheet submissions and results from the Cryptographer's Workbench. Seeing and judging other students' answers and explanations is a valuable learning activity. |
6. Assessment Activities
| Tutorial Sheets | Selected questions on each of the tutorial sheets will need to be answered
and submitted for marking. The questions will be marked by other students.
Students will be provided with comments in feedback from their peers. The
peer assessment will not count towards a final grade. Some of the submitted questions will also be marked by lecturer and tutors. These questions will count towards the student's final grade. Students will not know beforehand which questions will count towards the grade, and will therefore attempt all submitted questions as though they counted. |
| Cryptographer's Workbench | The Cryptographer's Workbench is effectively an on-line tutorial, and
it will be assessed in the same way as the other tutorials. Peers will assess,
and give feedback on answers that are submitted (electronically). Some of
these answers will also be marked by the lecturer and tutors, and count towards
the final grade. Students are encouraged to work together on Cryptographer's Workbench activities, but explanations in answers should not be copied word-for-word from colleagues. Note that each student will have slightly different questions, and so the answers will not all be identical. |
| Peer Assessment | Students will be required to mark other students' work. It is a compulsory activity, and students who do not assess the necessary work will not be able to achieve a grade higher than 4. There will be no numeric mark or feedback given on students' assessment of others' work. |
| Assignments | Two (primarily) essay-style assignments will be set. These will be marked
by the lecturer and tutors, and the marks will count towards the final grade. Hard-copy assignments will be submitted to the submission box on level 1 of building 78. Your assignment submission must be accompanied by a signed coversheet declaring that the submission is your original work. Assignments will be returned to the boxes across the hallway from the submission boxes. |
| Midsemester Exam | This will be a brief (25 minutes) test comprising 20 multiple-choice questions
at the beginning of the lecture. Students will be required to bring a HB/2B
pencil to this class. This test will cover everything that has been covered in the lectures, readings, and tutorials prior to the test. |
| Final Exam | The final exam will have two parts. The first part will be closed-book,
and have multiple choice questions. It will last approximately 30 minutes,
after which the answer sheets will be collected. HB or 2B pencils will be
required for this part. The second part will be open-book, and require short and medium answers. There will be no essays. Students will have up to three hours (although it is anticipated that most students will finish in less than two hours). The final exam will cover material from the whole course. |
6.1 Feedback
All items of assessment (except the final exam) will have "formative" and "diagnostic" characteristics. That is, students will learn by doing the activity, and the feedback will help students and teachers work out how effective the learning is.The results of "summative" assessment (ie. assessment that counts towards the final grade) will be recorded in a database, and made available (but password-protected for privacy) for students to check on-line.
Students are required to ensure that the mark in the database corresponds to that of any hard copy within two weeks of the hard copy being returned.
6.2 Late Submission
Late submissions will not be accepted. Students with a genuine excuse (eg. medical certificate) may apply for a concession which will result in the weighting of that assignment being set to zero, and the others' weights increased proportionately.
6.3 Academic Merit, Plagiarism, Collusion and Other Misconduct
The School and the wider academic community in general takes academic integrity and respect for other persons and property very seriously. In particular, the following behaviour is unacceptable:
- Submission of plagiarised work, i.e. work that contains content copied from an unacknowledged source.
- Submission of work without academic merit, i.e. work that adds little or nothing to material available from reference sources such as textbooks, websites, etc., even where this is appropriately acknowledged.
- Engaging in collusive behaviour, i.e. inappropriate working together with other students where individual work is required, or working with people outside your team where team work is required.
- Copying work done by other students.
- Failing to adhere to the School's regulations concerning behaviour in laboratories, in particular occupational health and safety regulations.
Penalties for engaging in unacceptable behaviour can range from cash fines
or loss of grades in a subject, through to expulsion from the University.
You are required to read and understand the School Statement on Misconduct,
available on the ITEE website at: http://www.itee.uq.edu.au/about/student-misconduct.jsp
If you have any questions concerning this statement, please contact your
lecturer in the first instance.
6.4 Determination of Final Grade
The final percentage is calculated as a weighted sum of the various pieces of assessment. The "nominal" weights for the items are:
- 15%: Tutorial and Cryptographer's Workbench Questions
- 15%: Assignment 1
- 15%: Assignment 2
- 10%: Mid-semester test
- 45%: Final exam
However, the weighting of a student's worst piece of assessment will be reduced by 10 percentage points (ie. from 10% to 0%, from 15% to 5%, or from 45% to 35%). Also, the weighting of the student's best piece of assessment will be increased by 10 percentage points (ie. from 10% to 20%, 15% to 25%, or 45% to 55%). This will mitigate the effects of a "bad day" due to a student being unwell or similar complaint.
To be eligible for a grade of 5 or higher, at least 4 of the 5 pieces of assessment
will have to have marks greater than 50%.
To be eligible for a grade of 6 or higher, at least 4 of the 5 pieces of
assessment will have to have marks greater than 60%.
To be eligible for a grade of 7, at least 4 of the 5 pieces of assessment
will have to have marks greater than 70%.
This requirement means that a single "bad day" cannot prevent a student from
achieving a high grade.
The final percentage will be converted to a grade as indicated in the following table. If the distribution of results suggests that a slight downward modification of the cutoff marks would result in fairer grades, this may be applied. (Note that this operation can only be of benefit to students; it cannot reduce the grade.)
| Final Percentage | Grade |
|---|---|
| 85--100 | 7 |
| 75--85 | 6 |
| 65-75 | 5 |
| 50--65 | 4 |
| 45--50 | 3 |
| 20--45 | 2 |
| 0--20 | 1 |
The weighting modification will automatically give each student some assistance if they perform poorly in one piece of assessment. Calculations of a final percentage will be made to several decimal places. Students cannot expect to rely on any "rounding" effects.
Note that in accordance with the ITEE policy on misconduct, work of "no academic merit" will be given a mark of zero.
7. Topics and Schedule
The table below is an indicative outline of the topics for each week during the semester. The method for teaching the course will be different from last year. The timing and sequencing may be modified during the semester.| Week Number |
Monday's Date |
Lecture Topic | Tutorial | Assessment |
|---|---|---|---|---|
| 1 | 26 July | Introduction. Terminology. Revision of mathematical foundations. Risk Management. | No tutorial | |
| 2 | 2 Aug | Authentication. | Sheet 1 | Assignment 1 out. |
| 3 | 9 Aug | Access Control. | Sheet 2 | Assignment 2 out. Tut 1 Questions Due |
| 4 | 16 Aug | Security policies and models. | Sheet 3 | Tut 2 Questions Due Tut 1 Marks Due |
| 5 | 23 Aug | Symmetric cryptography. | Sheet 4 | Assignment 1 due Tut 3 Questions due Tut 2 Marks due |
| 6 | 30 Aug | Block ciphers. | Workbench 1 | Tut 4 Questions Tut 3 Marks due |
| 7 | 6 Sept | Information theory and entropy. | Workbench 2 | Assignment 1 back. Workbench 1 due. Tut 4 Marks due. |
| 8 | 13 Sept | Public key cryptography. | Workbench 3 | Mid-semester test. Workbench 2 due Workbench 1 Marks due |
| 9 | 20 Sept | Security protocols. | Sheet 8 | Workbench 3 due Workbench 2 Marks due |
| 27 Sept | Mid-semester break. | |||
| 10 | 4 Oct | Database security. | Sheet 9 | Tut 8 Questions due Workbench 3 Marks due |
| 11 | 11 Oct | Malicious code. | Sheet 10 | Assignment 2 due. Tut 9 Questions due Tut 8 Marks due |
| 12 | 18 Oct | Firewalls. Intrusion detection. | Sheet 11 | Tut 10 Questions due. Tut 9 Marks due. |
| 13 | 25 Oct | Catch up and revision. | Sheet 12 | Assignment 2 back. Tut 10 Marks due. |
| Swot Vac | 1 Nov | One or two days during this week will be allocated to answering students' questions and re-presenting explanations of complex topics on demand. | ||
8. Outcome Cross Referencing
Assessment to Learning Objectives
| Learning Outcome | Tutorial Sheets | Cryptographer's Workbench | Peer Assessment | Assignments | Midsemester Exam | Final Exam |
| Explain and apply the vocabulary | X | X | X | X | X | X |
| Explain and analyse mechanisms | X | X | X | X | X | X |
| Risk management, probability theory, information theory and entropy | X | X | X | X | X | X |
| Locate, interpret, and critically judge literature | X | X | ||||
| Explain ethical and legal considerations | X | X | X | X | ||
| Explain the adversarial nature of security | X | X | X | X | X | X |
| Describe some of the threats and countermeasures | X | X | X | X | X | X |
Gradutate Attributes
The University of Queensland has defined a set of graduate attributes to specify broad core knowledge and skills associated with all undergraduate programs ( http://www.uq.edu.au/hupp/contents/view.asp?s1=3&s2=20&s3=5). The following table identifies the assessment through which achievement of these graduate attributes will be demonstrated:
| Learning Outcome | Tutorial Sheets | Cryptographer's Workbench | Peer Assessment | Assignments | Midsemester Exam | Final Exam |
| In-depth knowledge of the field of study | X | X | X | X | X | X |
| Effective communication | X | X | X | X | X | |
| Independence and creativity | X | X | X | X | ||
| Critical judgement | X | X | X | |||
| Ethical and social understanding | X | X | X | X | X |
9. Support for Students with a Disability
Any student with a disability who may require alternative academic arrangements in the course is encouraged to seek advice at the commencement of the semester from a Disability Adviser at Student Support Services.