UQ Students should read the Disclaimer & Warning

Note: This page dates from 2005, and is kept for historical purposes.

The University of Queensland
School of Information Technology and Electrical Engineering
Semester 2, 2004

COMP3502 – Information Security
COMP7506 – Information Security

Course Profile


This is version 2.1 of the COMP3502 course profile, dated 20 July 2004.

Change Log

2.1: Updated UQ phone number, fixed broken bibliography link, minor HTML styling, fixed typo, fixed calendar dates.
2.0: Major update. New learning outcomes, contact details, textbook, graduate attributes, learning activities, and assessment activities.

1. Course Summary

Course Code(s): COMP3502 and COMP7506
Unit Value: #2
Contact Hours: 3 hours per week (2L1T)
Purpose: COMP3502 and COMP7506 introduce the field of information security.

2. Teaching Staff

Course Coordinator: Associate Professor John Yesberg
Office: 78-306
Phone: (07) 3332 7664 (DSTO) or 3365 2883 (UQ). I will rarely be available at the UQ phone - I recommend the DSTO number.
Email: jdy[at]itee.uq.edu.au. Note that although I may reply from my DSTO email, it is to students' advantage if further replies are still addressed to the UQ account, so that it is available from my UQ office.
Consultation: In person, after lectures and Monday afternoon tutorial, or by appointment (preferably use email to make an appointment). There will be extensive opportunities for consultation during the Swot-Vac week prior to exams. Note that Dr Yesberg works primarily for the Defence Science and Technology Organisation, which has given permission for him to teach this course.
Tutor: Tim Cederman-Heysom (To be confirmed)

3. Course Goals

The goal of the course is to introduce the field of information security. Upon successful completion of the course, students should be able to:

  1. explain and apply the vocabulary used in the field;
  2. explain and analyse mechanisms that provide the key security services of authentication and access control, including passwords, biometrics, and cryptography;
  3. explain and apply techniques from risk management, probability theory, including information theory and entropy, to analyse security systems;
  4. locate, interpret, and critically judge academic and other literature in the field;
  5. explain ethical and legal considerations that apply to the learning and practice of information security;
  6. explain the adversarial nature of security, and the asymmetric nature of offensive and defensive roles; and
  7. describe some of the threats and countermeasures in a range of computing applications.

3.1 Assumed Background

This course does not have any compulsory prerequisite courses. Students will require a general computing background, consistent with having completed two years of a bachelor's degree in Computer Science or Information Technology.

There is no programming required, although one of the options for Assignment 2 will be a programming task. The only permissible programming languages for this task are Java, C, and C++.

Prerequisite courses: none.
Recommended (not compulsory):  COMP2301 or COMS2000 or 3200 or CS229 or 233 or 332 or 334 or 336 or E3429

Corequisite courses: none.
Recommended (not compulsory):  COMP3300 or COMS3200 or CS309 or 336

Incompatible courses:  COMM3905 or CO392 or ID360

4. Resources

4.1 Textbook

I have prepared a COMP3502/7506 course reader which contains both the lecture notes and extracts from some of the references that you are required to obtain. It will be available from Print On Demand. (I have not been able to find any textbooks which adequately and cost-effectively cover the content for this course.) There are some reference books, which you can find in the library, which may be useful for some parts of the course. Details are on the COMP3502 bibliography page.

4.2 Handouts

General ITEE policy is not to distribute paper handouts, but to make them available on the web. Students have the choice to print them if appropriate.

4.3 Computing Facilities

An accounts will be created on the ITEE network for each student. The account will have Internet access.

4.4 Distribution of Notices

Notices will generally be distributed by email, and on the course newsgroup (see below).

4.5 Web

The course web site is available at http://www.itee.uq.edu.au/~comp3502. The course web site will contain:

4.6 Newsgroup

The course newsgroup is uq.itee.comp3502. This group is available on both the University and School news servers (news.uq.edu.au and news.itee.uq.edu.au). Students are required to monitor the newsgroup at least weekly.

Students are free to post questions (and answers!) to the newsgroup. Copies of announcements will also be posted to the newsgroup. The teaching staff will monitor the newsgroup.

5. Learning Activities

Readings A portion of the course reader will be assigned for each week. Students will be expected to have read the material prior to that week's lecture and tutorial.
Lectures Lectures will be on Mondays, 2pm-4pm, in 63-358. In lectures, we will explore the topic from the reading in further detail and sometimes from alternative points of view. There will be some opportunities for small-group activities during the lectures.
Tutorials Tutorials are scheduled as shown in the following table. (Note that SI-net is the authoritative source for timetable information, and that there are no tutorials in the first week.)
Ta Tb Tc Td Te
Mon 4pm Mon 5pm Wed 10am Fri 12pm Fri 1pm
78-224 78-344 01-E301 51-207 51-207
Students are expected to sign up for one of these tutorials. There will be a tutorial question sheet for each tutorial. Students are expected to have attempted the questions before attending the tutorial. Tutorials are interactive opportunities to amplify and reinforce learning.
Cryptographer's Workbench The Cryptographer's Workbench is an online tutorial-style system which will help students learn about various aspects of cryptography. Students will be lead through a sequence of steps designed to teach security aspects of cryptography. After initial demonstrations during the lectures, this will be an unsupervised activity, which can be done at the student's own pace on any computer connected to the network.
Assignments Students will be required to survey recent literature from the Internet and from peer-reviewed journals to prepare essays.
The first assignment will cover issues relating to ethics and evidence.
Students will be given a set of topics from which to choose for their second assignment.
Peer Assessment Students will be required to assess each other's tutorial question sheet submissions and results from the Cryptographer's Workbench. Seeing and judging other students' answers and explanations is a valuable learning activity.
Attendance. You are not required to attend any of the teaching sessions (except those in which an assessment activity is taking place), however, you are strongly encouraged to do so. The lectures, tutorials and pracs have been specifically designed to aid your learning of the course material. Failure to attend a session may result in you being disadvantaged. It is up to you to find out what happened at any class session that you miss.

6. Assessment Activities

Tutorial Sheets Selected questions on each of the tutorial sheets will need to be answered and submitted for marking. The questions will be marked by other students. Students will be provided with comments in feedback from their peers. The peer assessment will not count towards a final grade.
Some of the submitted questions will also be marked by lecturer and tutors. These questions will count towards the student's final grade. Students will not know beforehand which questions will count towards the grade, and will therefore attempt all submitted questions as though they counted.
Cryptographer's Workbench The Cryptographer's Workbench is effectively an on-line tutorial, and it will be assessed in the same way as the other tutorials. Peers will assess, and give feedback on answers that are submitted (electronically). Some of these answers will also be marked by the lecturer and tutors, and count towards the final grade.
Students are encouraged to work together on Cryptographer's Workbench activities, but explanations in answers should not be copied word-for-word from colleagues. Note that each student will have slightly different questions, and so the answers will not all be identical.
Peer Assessment Students will be required to mark other students' work. It is a compulsory activity, and students who do not assess the necessary work will not be able to achieve a grade higher than 4. There will be no numeric mark or feedback given on students' assessment of others' work.
Assignments Two (primarily) essay-style assignments will be set. These will be marked by the lecturer and tutors, and the marks will count towards the final grade.
Hard-copy assignments will be submitted to the submission box on level 1 of building 78. Your assignment submission must be accompanied by a signed coversheet declaring that the submission is your original work. Assignments will be returned to the boxes across the hallway from the submission boxes.
Midsemester Exam This will be a brief (25 minutes) test comprising 20 multiple-choice questions at the beginning of the lecture. Students will be required to bring a HB/2B pencil to this class.
This test will cover everything that has been covered in the lectures, readings, and tutorials prior to the test.
Final Exam The final exam will have two parts. The first part will be closed-book, and have multiple choice questions. It will last approximately 30 minutes, after which the answer sheets will be collected. HB or 2B pencils will be required for this part.
The second part will be open-book, and require short and medium answers. There will be no essays. Students will have up to three hours (although it is anticipated that most students will finish in less than two hours). The final exam will cover material from the whole course.

6.1 Feedback

All items of assessment (except the final exam) will have "formative" and "diagnostic" characteristics. That is, students will learn by doing the activity, and the feedback will help students and teachers work out how effective the learning is.
The results of "summative" assessment (ie. assessment that counts towards the final grade) will be recorded in a database, and made available (but password-protected for privacy) for students to check on-line.
Students are required to ensure that the mark in the database corresponds to that of any hard copy within two weeks of the hard copy being returned.

6.2 Late Submission

Late submissions will not be accepted. Students with a genuine excuse (eg. medical certificate) may apply for a concession which will result in the weighting of that assignment being set to zero, and the others' weights increased proportionately.

6.3 Academic Merit, Plagiarism, Collusion and Other Misconduct

The School and the wider academic community in general takes academic integrity and respect for other persons and property very seriously. In particular, the following behaviour is unacceptable:

Penalties for engaging in unacceptable behaviour can range from cash fines or loss of grades in a subject, through to expulsion from the University.

You are required to read and understand the School Statement on Misconduct, available on the ITEE website at: http://www.itee.uq.edu.au/about/student-misconduct.jsp

If you have any questions concerning this statement, please contact your lecturer in the first instance.

6.4 Determination of Final Grade

The final percentage is calculated as a weighted sum of the various pieces of assessment. The "nominal" weights for the items are:

However, the weighting of a student's worst piece of assessment will be reduced by 10 percentage points (ie. from 10% to 0%, from 15% to 5%, or from 45% to 35%). Also, the weighting of the student's best piece of assessment will be increased by 10 percentage points (ie. from 10% to 20%, 15% to 25%, or 45% to 55%). This will mitigate the effects of a "bad day" due to a student being unwell or similar complaint.

To be eligible for a grade of 5 or higher, at least 4 of the 5 pieces of assessment will have to have marks greater than 50%.
To be eligible for a grade of 6 or higher, at least 4 of the 5 pieces of assessment will have to have marks greater than 60%.
To be eligible for a grade of 7, at least 4 of the 5 pieces of assessment will have to have marks greater than 70%.
This requirement means that a single "bad day" cannot prevent a student from achieving a high grade.

The final percentage will be converted to a grade as indicated in the following table. If the distribution of results suggests that a slight downward modification of the cutoff marks would result in fairer grades, this may be applied. (Note that this operation can only be of benefit to students; it cannot reduce the grade.)

Final Percentage Grade 
75--85 6
65-75 5
50--65 4
45--50 3
20--45 2
0--20 1

The weighting modification will automatically give each student some assistance if they perform poorly in one piece of assessment. Calculations of a final percentage will be made to several decimal places. Students cannot expect to rely on any "rounding" effects.

Note that in accordance with the ITEE policy on misconduct, work of "no academic merit" will be given a mark of zero.

7. Topics and Schedule

The table below is an indicative outline of the topics for each week during the semester. The method for teaching the course will be different from last year. The timing and sequencing may be modified during the semester.
Lecture Topic Tutorial     Assessment    
1 26 July Introduction. Terminology. Revision of mathematical foundations. Risk Management. No tutorial
2 2 Aug Authentication. Sheet 1 Assignment 1 out.
3 9 Aug Access Control. Sheet 2 Assignment 2 out.
Tut 1 Questions Due
4 16 Aug Security policies and models. Sheet 3 Tut 2 Questions Due
Tut 1 Marks Due
5 23 Aug Symmetric cryptography. Sheet 4 Assignment 1 due
Tut 3 Questions due
Tut 2 Marks due
6 30 Aug Block ciphers. Workbench 1 Tut 4 Questions
Tut 3 Marks due
7 6 Sept Information theory and entropy. Workbench 2 Assignment 1 back.
Workbench 1 due.
Tut 4 Marks due.
8 13 Sept Public key cryptography. Workbench 3 Mid-semester test.
Workbench 2 due
Workbench 1 Marks due
9 20 Sept Security protocols. Sheet 8 Workbench 3 due
Workbench 2 Marks due
27 Sept Mid-semester break.
10 4 Oct Database security. Sheet 9 Tut 8 Questions due
Workbench 3 Marks due
11 11 Oct Malicious code. Sheet 10 Assignment 2 due.
Tut 9 Questions due
Tut 8 Marks due
12 18 Oct Firewalls. Intrusion detection. Sheet 11 Tut 10 Questions due.
Tut 9 Marks due.
13 25 Oct Catch up and revision. Sheet 12 Assignment 2 back.
Tut 10 Marks due.
Swot Vac 1 Nov One or two days during this week will be allocated to answering students' questions and re-presenting explanations of complex topics on demand.

8. Outcome Cross Referencing

Assessment to Learning Objectives

Learning Outcome Tutorial Sheets Cryptographer's Workbench Peer Assessment Assignments Midsemester Exam Final Exam
Explain and apply the vocabulary X X X X X X
Explain and analyse mechanisms X X X X X X
Risk management, probability theory, information theory and entropy X X X X X X
Locate, interpret, and critically judge literature X X
Explain ethical and legal considerations X X X X
Explain the adversarial nature of security X X X X X X
Describe some of the threats and countermeasures X X X X X X

Gradutate Attributes

The University of Queensland has defined a set of graduate attributes to specify broad core knowledge and skills associated with all undergraduate programs ( http://www.uq.edu.au/hupp/contents/view.asp?s1=3&s2=20&s3=5). The following table identifies the assessment through which achievement of these graduate attributes will be demonstrated:

Learning Outcome Tutorial Sheets Cryptographer's Workbench Peer Assessment Assignments Midsemester Exam Final Exam
In-depth knowledge of the field of study X X X X X X
Effective communication X X X X X
Independence and creativity X X X X
Critical judgement X X X
Ethical and social understanding X X X X X

9. Support for Students with a Disability

Any student with a disability who may require alternative academic arrangements in the course is encouraged to seek advice at the commencement of the semester from a Disability Adviser at Student Support Services.