| Course code | ENGG5105 |
| Course title | Computer and Network Security 電腦系統與網絡安全 |
| Course description | This course aims to introduce important topics in computer and network security from an applied perspective. Topics include: (i) applied cryptography (e.g., cryptographic primitives, programming with OpenSSL), (ii) network security (e.g., unauthorized accesses, large-scale network attacks, firewall & intrusion detection systems), (iii) web security (e.g., HTTP session management and web attacks), and (iv) system security (e.g., buffer overflow, passwords, file system security). The course also discusses latest applied security topics depending on the current research trends. Advisory: Students are expected to have taken CSCI3150 or ESTR3102, and CSCI4430 or CENG4430 or IERG3310 本科旨在從應用角度介紹有關計算機和網絡安全的重要課題。主題包括:(一)應用密碼學(如密碼學原型、OpenSSL編程),(二)網絡安全(如未經授權訪問、大規模網絡攻擊、防火牆和入侵檢測系統),(三)萬維網安全(如HTTP連接管理和萬維網攻擊),(四)系統安全(如緩衝溢出、密碼、檔案系統的安全性)。本科也會按目前研究趨勢討論最新的應用安全課題。 建議:學生應曾修讀CSCI3150或ESTR3102,及CSCI4430或CENG4430或IERG3310。 |
| Unit(s) | 3 |
| Course level | Postgraduate |
| Exclusion | CMSC5726 or CSCI5470 |
| Semester | 1 or 2 |
| Grading basis | Graded |
| Grade Descriptors | A/A-: EXCELLENT – exceptionally good performance and far exceeding expectation in all or most of the course learning outcomes; demonstration of superior understanding of the subject matter, the ability to analyze problems and apply extensive knowledge, and skillful use of concepts and materials to derive proper solutions. B+/B/B-: GOOD – good performance in all course learning outcomes and exceeding expectation in some of them; demonstration of good understanding of the subject matter and the ability to use proper concepts and materials to solve most of the problems encountered. C+/C/C-: FAIR – adequate performance and meeting expectation in all course learning outcomes; demonstration of adequate understanding of the subject matter and the ability to solve simple problems. D+/D: MARGINAL – performance barely meets the expectation in the essential course learning outcomes; demonstration of partial understanding of the subject matter and the ability to solve simple problems. F: FAILURE – performance does not meet the expectation in the essential course learning outcomes; demonstration of serious deficiencies and the need to retake the course. |
| Learning outcomes | At the end of the course of studies, students will have acquired the ability to 1. identify programs that are vulnerable to buffer overflow attacks. 2. analyse network logs to identify network-related attacks based on IP spoofing, TCP exploit, arp-spoofing, and man-in-the-middle attacks. 3. set up a firewall properly. 4. protect information based on encryptions and authentications. |
| Assessment (for reference only) |
Essay test or exam: 50% Others: 50% |
| Recommended Reading List | 1. Aleph One, “Smashing the Stack for Fun and Profit”, Phrack 49, Volume Seven, Issue Forty-Nine, File 14 of 16, 1996. 2. Scott Fluhrer, Itsik Mantin, and Adi Shamir, “Weaknesses in the Key Scheduling Algorithm of RC4”, 8th Annual Workshop on Selected Areas in cryptography, 2001. 3. Brecht Claerhout, “A short overview of IP spoofing: Part I”, This paper can be found in many web archives, but does not seem to be published formally, 2001. 4. Charlie Kaufman, Radia Perlman and Mike Speciner. “Network Security – Private Communication in a Public World, 2nd Edition, Prentice Hall, 2002 5. Ed Skoudis and Tom Liston, “Counter Hack Reloaded”, 2nd edition, Prentice Hall, 2010 6. William Stallings, “Cryptography and Network Security”, 5th Edition, Prentice Hall, 2010 |
| CSCIN programme learning outcomes | Course mapping |
| Upon completion of their studies, students will be able to: | |
| 1. identify, formulate, and solve computer science problems (K/S); | T |
| 2. design, implement, test, and evaluate a computer system, component, or algorithm to meet desired needs (K/S); |
|
| 3. receive the broad education necessary to understand the impact of computer science solutions in a global and societal context (K/V); | T |
| 4. communicate effectively (S/V); |
|
| 5. succeed in research or industry related to computer science (K/S/V); |
T |
| 6. have solid knowledge in computer science and engineering, including programming and languages, algorithms, theory, databases, etc. (K/S); | TP |
| 7. integrate well into and contribute to the local society and the global community related to computer science (K/S/V); | |
| 8. practise high standard of professional ethics (V); | T |
| 9. draw on and integrate knowledge from many related areas (K/S/V); |
T |
| Remarks: K = Knowledge outcomes; S = Skills outcomes; V = Values and attitude outcomes; T = Teach; P = Practice; M = Measured | |