Outline

Overview

Digital technologies permeate every part of our lives. The internet has created a more open society, allowing us to create, share and access information and knowledge freely. As more of the services we rely on are digitised and available to use over the web, the more our identity, productivity, access to information, connectivity, social connections and financial well-being depends on information security. Consequently, a deep understanding of both offensive and defensive security techniques is fast becoming essential knowledge for a career in computing. This course will provide in-depth knowledge of offensive security that will prepare the student for work in any technical field where they will are responsible for the development or maintenance of sensitive systems. The course begins by introducing the basic tools used by hackers, before highlighting the common weaknesses- and mitigations- for various levels of the technology stack, such as web applications, operating systems and corporate networks. Finally, students are provided practical insights into careers in information security in the areas of attack detection, prevention and defence. Students will develop the skills necessary to both gain access to test computers and to defend test networks from attack.

Unit details and rules

Academic unit	Computer Science
Credit points	6
Prerequisites ?	None
Corequisites ?	None
Prohibitions ?	COMP4618
Assumed knowledge ?	(ELEC5616 OR INFO2315 OR INFO2222) with a grade of Credit or greater
Available to study abroad and exchange students	Yes

Teaching staff

Coordinator	Ahmad Azab, ahmad.azab@sydney.edu.au
Tutor(s)	Iwan Budiman, iwan.budiman@sydney.edu.au
	Vadi Sai Sakthivel, vadi.sakthivel@sydney.edu.au
	Michael Ma, yongpei.ma@sydney.edu.au

Assessment

The census date for this unit availability is 2 September 2024

Details
Criteria

Type	Description	Weight	Due	Length
Supervised exam ?	Final examination The final examination is a two hours supervised exam.	50%	Formal exam period	2 hours
Outcomes assessed:
Participation	Practical lab participation and task completion Task completion and submit short video demonstrations in Canvas.	10%	Multiple weeks	n/a
Outcomes assessed:
Assignment	Assignment 1 - security incident paper review Submitting a security incident paper review report in Canvas.	10%	Week 07 Due date: 15 Sep 2024 at 23:59	n/a
Outcomes assessed:
Assignment	Assignment 2 - penetration defence Completion of assignment tasks and submitting a report in Canvas.	15%	Week 10 Due date: 13 Oct 2024 at 23:59	n/a
Outcomes assessed:
Assignment	Assignment 3 - mobile CTF Completion of assignment tasks and submitting a report in Canvas.	15%	Week 12 Due date: 27 Oct 2024 at 23:59	n/a
Outcomes assessed:

Assessment summary

Tutorial Task Completion (10%): Each week, the tutorial will contain a task related to security design, penetration testing, reverse engineering etc., and it needs to be completed and submitted as a short video in Canvas.

Defensive System Review (15%): The students will be given a system with a web application, and the goal is it find its security vulnerabilities and make a report including recommendations.

Mobile CTF (15%): The assessment involves finding vulnerabilities in mobile applications through reverse engineering and submitting a report.

Security incident paper review (10%): Students will write a summary essay about a real-world security incident and give the class a brief overview of this incident.

Final examination (50%): A written exam on all aspects of the course, focussing on the students’ understanding of the covered security technologies and measures.

Detailed information for each assessment can be found on Canvas.

Assessment criteria

The University awards common result grades, set out in the Coursework Policy 2014 (Schedule 1).

As a general guide, a high distinction indicates work of an exceptional standard, a distinction a very high standard, a credit a good standard, and a pass an acceptable standard.

Result name	Mark range	Description
High distinction	85 - 100
Distinction	75 - 84
Credit	65 - 74
Pass	50 - 64
Fail	0 - 49	When you don’t meet the learning outcomes of the unit to a satisfactory standard. It is a policy of the School of Computer Science that in order to pass this unit, a student must achieve at least 40% in the written examination. For subjects without a final exam, the 40% minimum requirement applies to the corresponding major assessment component specified by the lecturer. A student must also achieve an overall final mark of 50 or more. Any student not meeting these requirements may be given a maximum final mark of no more than 45 regardless of their average.

For more information see guide to grades.

Late submission

In accordance with University policy, these penalties apply when written work is submitted after 11:59pm on the due date:

Deduction of 5% of the maximum mark for each calendar day after the due date.
After ten calendar days late, a mark of zero will be awarded.

This unit has an exception to the standard University policy or supplementary information has been provided by the unit coordinator. This information is displayed below:

As per the university policy. Details will be advertised in the class and each assessment.

Academic integrity

The Current Student website provides information on academic integrity and the resources available to all students. The University expects students and staff to act ethically and honestly and will treat all allegations of academic integrity breaches seriously.

We use similarity detection software to detect potential instances of plagiarism or other forms of academic integrity breach. If such matches indicate evidence of plagiarism or other forms of academic integrity breaches, your teacher is required to report your work for further investigation.

Use of generative artificial intelligence (AI) and automated writing tools

You may only use generative AI and automated writing tools in assessment tasks if you are permitted to by your unit coordinator. If you do use these tools, you must acknowledge this in your work, either in a footnote or an acknowledgement section. The assessment instructions or unit outline will give guidance of the types of tools that are permitted and how the tools should be used.

Your final submitted work must be your own, original work. You must acknowledge any use of generative AI tools that have been used in the assessment, and any material that forms part of your submission must be appropriately referenced. For guidance on how to acknowledge the use of AI, please refer to the AI in Education Canvas site.

The unapproved use of these tools or unacknowledged use will be considered a breach of the Academic Integrity Policy and penalties may apply.

Studiosity is permitted unless otherwise indicated by the unit coordinator. The use of this service must be acknowledged in your submission as detailed on the Learning Hub’s Canvas page.

Outside assessment tasks, generative AI tools may be used to support your learning. The AI in Education Canvas site contains a number of productive ways that students are using AI to improve their learning.

Learning support

Simple extensions

If you encounter a problem submitting your work on time, you may be able to apply for an extension of five calendar days through a simple extension.  The application process will be different depending on the type of assessment and extensions cannot be granted for some assessment types like exams.

Special consideration

If exceptional circumstances mean you can’t complete an assessment, you need consideration for a longer period of time, or if you have essential commitments which impact your performance in an assessment, you may be eligible for special consideration or special arrangements.

Special consideration applications will not be affected by a simple extension application.

Using AI responsibly

Co-created with students, AI in Education includes lots of helpful examples of how students use generative AI tools to support their learning. It explains how generative AI works, the different tools available and how to use them responsibly and productively.

Support for students

The Support for Students Policy 2023 reflects the University’s commitment to supporting students in their academic journey and making the University safe for students. It is important that you read and understand this policy so that you are familiar with the range of support services available to you and understand how to engage with them.

The University uses email as its primary source of communication with students who need support under the Support for Students Policy 2023. Make sure you check your University email regularly and respond to any communications received from the University.

Learning resources and detailed information about weekly assessment and learning activities can be accessed via Canvas. It is essential that you visit your unit of study Canvas site to ensure you are up to date with all of your tasks.

If you are having difficulties completing your studies, or are feeling unsure about your progress, we are here to help. You can access the support services offered by the University at any time:

Support and Services (including health and wellbeing services, financial support and learning support)
Course planning and administration
Meet with an Academic Adviser

Weekly schedule

WK	Topic	Learning activity
Week 01	Ethics, environment, and tools	Lecture (1 hr)
Week 01	Introduction to Vbox and Kali Linux	Tutorial (2 hr)
Week 02	Networking and infrastructure	Lecture (1 hr)
Week 02	Network Traversal	Tutorial (2 hr)
Week 03	Networking - traversal	Lecture (1 hr)
Week 03	pfSense	Tutorial (2 hr)
Week 04	Web applications - common vulnerabilities and threats	Lecture (1 hr)
Week 04	Web application firewall	Tutorial (2 hr)
Week 05	Web vulnerability scanners	Lecture (1 hr)
Week 05	Vulnerabilities in web applications.	Tutorial (2 hr)
Week 06	Linux security	Lecture (1 hr)
Week 06	Privilege escalation attack	Tutorial (2 hr)
Week 07	Practical Vulnerability Scanning and Exploitation	Lecture (1 hr)
Week 07	Hack the Box	Tutorial (2 hr)
Week 08	Mobile security - static analysis and reverse engineering	Lecture (1 hr)
Week 08	Assignment 1 Presentation	Tutorial (2 hr)
Week 09	Mobile security - dynamic analysis	Lecture (1 hr)
Week 09	Static analysis of mobile apps	Tutorial (2 hr)
Week 10	Cryptography and Hashes	Lecture (1 hr)
Week 10	Dynamic analysis of mobile apps	Tutorial (2 hr)
Week 11	Guest lecture (Topic TBD)	Lecture (1 hr)
Week 11	Crypto solving	Tutorial (2 hr)
Week 12	Digital Forensics	Lecture (1 hr)
Week 12	Digital forensics	Tutorial (2 hr)
Week 13	UoS Summary	Lecture (1 hr)
Week 13	Revision and Q&A	Tutorial (2 hr)

Attendance and class requirements

Study commitment: Students will participate in weekly lectures (1 hour each) and weekly labs/ tutorials (2 hours each). Each lab will cover practical aspects of cybersecurity where students try to do security configurations or pen-testing of various IT systems and setups. This course includes a ‘mobile capture the flag’ (CTF) competition whereby students will attempt to reverse engineer different mobile app codes. Students will need access to a live-boot persistent Kali Linux USB drive (or a virtual machine) to be used as their ‘attacking’ system and a network-based host, which they use to practice defence.

Study commitment

Typically, there is a minimum expectation of 1.5-2 hours of student effort per week per credit point for units of study offered over a full semester. For a 6 credit point unit, this equates to roughly 120-150 hours of student effort in total.

Learning outcomes

Learning outcomes are what students know, understand and are able to do on completion of a unit of study. They are aligned with the University's graduate qualities and are assessed as part of the curriculum.

Outcomes
Graduate qualities

At the completion of this unit, you should be able to:

LO1. present and discuss a security incident with security experts
LO2. understand security measures to defend against malicious technical attacks leveled against connected systems
LO3. understand the implementation of infrastructure to detect and defend against network-based attacks
LO4. research information on security issues from the literature, and analyse a security incident use case
LO5. demonstrate practical knowledge of penetration testing via hands-on experience with standard industry tools
LO6. understand audit trails and identify where those should be implemented for use in incident response
LO7. understand the software infrastructure for modern web-based, mobile, and cloud-hosted applications
LO8. demonstrate knowledge of ethical and legal aspects of IT security and data privacy
LO9. recognise and resolve weaknesses in commonly-used systems.

Graduate qualities

The graduate qualities are the qualities and skills that all University of Sydney graduates must demonstrate on successful completion of an award course. As a future Sydney graduate, the set of qualities have been designed to equip you for the contemporary world.

GQ1	Depth of disciplinary expertise Deep disciplinary expertise is the ability to integrate and rigorously apply knowledge, understanding and skills of a recognised discipline defined by scholarly activity, as well as familiarity with evolving practice of the discipline.
GQ2	Critical thinking and problem solving Critical thinking and problem solving are the questioning of ideas, evidence and assumptions in order to propose and evaluate hypotheses or alternative arguments before formulating a conclusion or a solution to an identified problem.
GQ3	Oral and written communication Effective communication, in both oral and written form, is the clear exchange of meaning in a manner that is appropriate to audience and context.
GQ4	Information and digital literacy Information and digital literacy is the ability to locate, interpret, evaluate, manage, adapt, integrate, create and convey information using appropriate resources, tools and strategies.
GQ5	Inventiveness Generating novel ideas and solutions.
GQ6	Cultural competence Cultural Competence is the ability to actively, ethically, respectfully, and successfully engage across and between cultures. In the Australian context, this includes and celebrates Aboriginal and Torres Strait Islander cultures, knowledge systems, and a mature understanding of contemporary issues.
GQ7	Interdisciplinary effectiveness Interdisciplinary effectiveness is the integration and synthesis of multiple viewpoints and practices, working effectively across disciplinary boundaries.
GQ8	Integrated professional, ethical, and personal identity An integrated professional, ethical and personal identity is understanding the interaction between one’s personal and professional selves in an ethical context.
GQ9	Influence Engaging others in a process, idea or vision.

Outcome map

Learning outcomes	Graduate qualities
Learning outcomes

Responding to student feedback

This section outlines changes made to this unit following staff and student reviews.

Increase the weight of the Final exam to 50% and remove the online quiz from the assessment structure. The online quiz was based on the "Secure Code Warrior" platform that the university did not purchase for next semester anymore and the platform is not available for students.

Additional information

“IMPORTANT: School policy relating to Academic Dishonesty and Plagiarism. In assessing a piece of submitted work, the School of Computer Science may reproduce it entirely, may provide a copy to another member of faculty, and/or to an external plagiarism checking service or in-house computer program and may also maintain a copy of the assignment for future checking purposes and/or allow an external service to do so.”

Disclaimer

The University reserves the right to amend units of study or no longer offer certain units, including where there are low enrolment numbers.

To help you understand common terms that we use at the University, we offer an online glossary.

Current students

Overview

Overview

Unit details and rules

Teaching staff

Assessment

Assessment

Assessment summary

Assessment criteria

Late submission

Academic integrity

Learning support

Learning support

Simple extensions

Special consideration

Using AI responsibly

Support for students

Weekly schedule

Weekly schedule

Attendance and class requirements

Study commitment

Learning outcomes

Learning outcomes

Graduate qualities

Outcome map

Responding to student feedback

Responding to student feedback

Additional information

Additional information

Disclaimer

On this page

Useful links

Media

Student links

About us

Connect

Current students

COMP5618: Applied Cybersecurity

Semester 2, 2024 [Normal evening] - Camperdown/Darlington, Sydney

Overview

Overview

Unit details and rules

Teaching staff

Assessment

Assessment

Assessment summary

Assessment criteria

Late submission

Academic integrity

Learning support

Learning support

Simple extensions

Special consideration

Using AI responsibly

Support for students

Weekly schedule

Weekly schedule

Attendance and class requirements

Study commitment

Learning outcomes

Learning outcomes

Graduate qualities

Outcome map

Responding to student feedback

Responding to student feedback

Additional information

Additional information

Disclaimer

On this page

Useful links

Media

Student links

About us

Connect