Outline

Overview

This unit will present the lessons from recent research and from case studies of practice to bring students the skills to assess and improve the security of deployed systems. A particular focus is on data-driven approaches to collect operational data about a system's security. We explore deployment issues at local and global scale, e.g. for X.509, DNS, and BGP, and also take human factors explicitly into account. As a result, students will learn to put building blocks of security together in a sound way, to arrive at engineering solutions that are empirically verifiable, functional, and secure against realistic threats. As Dan Geer once famously said: "Any security technology whose effectiveness can't be empirically determined is indistinguishable from blind luck."

Unit details and rules

Academic unit	Computer Science
Credit points	6
Prerequisites ?	None
Corequisites ?	None
Prohibitions ?	COMP5617
Assumed knowledge ?	INFO3616 or ELEC5616
Available to study abroad and exchange students	No

Teaching staff

Coordinator	Qiang Tang, qiang.tang@sydney.edu.au

Type	Description	Weight	Due	Length
Supervised exam ?	Final exam Open book exam	50%	Formal exam period	2 hours
Outcomes assessed:
Assignment	Homework 1 Short answer questions	10%	Week 06 Due date: 11 Sep 2022 at 23:59	3 hours
Outcomes assessed:
Assignment	Homework 2 Short answer questions	10%	Week 11 Due date: 19 Oct 2022 at 23:59	3 hours
Outcomes assessed:
Assignment	Project Design report, code and system documentation	30%	Week 13 Due date: 06 Nov 2022 at 23:59	Semester long
Outcomes assessed:

Assessment summary

Assessment criteria

The University awards common result grades, set out in the Coursework Policy 2014 (Schedule 1).

As a general guide, a high distinction indicates work of an exceptional standard, a distinction a very high standard, a credit a good standard, and a pass an acceptable standard.

Result name	Mark range	Description
High distinction	85 - 100	Awarded when you demonstrate the learning outcomes for the unit at an exceptional standard, as defined by grade descriptors or exemplars outlined by your faculty or school.
Distinction	75 - 84	Awarded when you demonstrate the learning outcomes for the unit at a very high standard, as defined by grade descriptors or exemplars outlined by your faculty or school.
Credit	65 - 74	Awarded when you demonstrate the learning outcomes for the unit at a good standard, as defined by grade descriptors or exemplars outlined by your faculty or school.
Pass	50 - 64	Awarded when you demonstrate the learning outcomes for the unit at an acceptable standard, as defined by grade descriptors or exemplars outlined by your faculty or school.
Fail	0 - 49	When you don’t meet the learning outcomes of the unit to a satisfactory standard.

For more information see guide to grades.

Late submission

In accordance with University policy, these penalties apply when written work is submitted after 11:59pm on the due date:

Deduction of 5% of the maximum mark for each calendar day after the due date.
After ten calendar days late, a mark of zero will be awarded.

Academic integrity

The Current Student website provides information on academic integrity and the resources available to all students. The University expects students and staff to act ethically and honestly and will treat all allegations of academic integrity breaches seriously.

We use similarity detection software to detect potential instances of plagiarism or other forms of academic integrity breach. If such matches indicate evidence of plagiarism or other forms of academic integrity breaches, your teacher is required to report your work for further investigation.

Use of generative artificial intelligence (AI) and automated writing tools

You may only use generative AI and automated writing tools in assessment tasks if you are permitted to by your unit coordinator. If you do use these tools, you must acknowledge this in your work, either in a footnote or an acknowledgement section. The assessment instructions or unit outline will give guidance of the types of tools that are permitted and how the tools should be used.

Your final submitted work must be your own, original work. You must acknowledge any use of generative AI tools that have been used in the assessment, and any material that forms part of your submission must be appropriately referenced. For guidance on how to acknowledge the use of AI, please refer to the AI in Education Canvas site.

The unapproved use of these tools or unacknowledged use will be considered a breach of the Academic Integrity Policy and penalties may apply.

Studiosity is permitted unless otherwise indicated by the unit coordinator. The use of this service must be acknowledged in your submission as detailed on the Learning Hub’s Canvas page.

Outside assessment tasks, generative AI tools may be used to support your learning. The AI in Education Canvas site contains a number of productive ways that students are using AI to improve their learning.

Learning support

Simple extensions

If you encounter a problem submitting your work on time, you may be able to apply for an extension of five calendar days through a simple extension.  The application process will be different depending on the type of assessment and extensions cannot be granted for some assessment types like exams.

Special consideration

If exceptional circumstances mean you can’t complete an assessment, you need consideration for a longer period of time, or if you have essential commitments which impact your performance in an assessment, you may be eligible for special consideration or special arrangements.

Special consideration applications will not be affected by a simple extension application.

Using AI responsibly

Co-created with students, AI in Education includes lots of helpful examples of how students use generative AI tools to support their learning. It explains how generative AI works, the different tools available and how to use them responsibly and productively.

Weekly schedule

WK	Topic	Learning activity
Week 01	Introduction and overview	Lecture and tutorial (3 hr)
Week 02	Cryptography-I	Lecture and tutorial (3 hr)
Week 03	Cryptography-II	Lecture and tutorial (3 hr)
Week 04	PKI	Lecture and tutorial (3 hr)
Week 05	TLS	Lecture and tutorial (3 hr)
Week 06	DNSSEC	Lecture and tutorial (3 hr)
Week 07	Other security protocols	Lecture and tutorial (3 hr)
Week 08	Blockchain-I	Lecture and tutorial (3 hr)
Week 09	Blockchain-II	Lecture and tutorial (3 hr)
Week 10	Anonymity	Lecture and tutorial (3 hr)
Week 11	Private computation	Lecture and tutorial (3 hr)
Week 12	Accountability in E2EE	Lecture and tutorial (3 hr)
Week 13	Project presentation	Lecture and tutorial (3 hr)

Study commitment

Typically, there is a minimum expectation of 1.5-2 hours of student effort per week per credit point for units of study offered over a full semester. For a 6 credit point unit, this equates to roughly 120-150 hours of student effort in total.

Learning outcomes

Learning outcomes are what students know, understand and are able to do on completion of a unit of study. They are aligned with the University's graduate qualities and are assessed as part of the curriculum.

Outcomes
Graduate qualities

At the completion of this unit, you should be able to:

LO1. Understand the balance between risk, achieved security, and cost; experience with threat modelling and risk analysis as tools to choose this balance for a given system
LO2. Understand common security terminology in security literature
LO3. Understand different ways in which security of computer systems can be compromised, e.g. physically, remotely, operationally (esp. social engineering); and relate specific attack scenarios to the major security goals such as authentication, integrity, secrecy, non-repudiation
LO4. Understand the major challenges for security of programs, information, computers and networks, and ability to avoid most egregious (typical) flaws in designing and operating IT systems
LO5. Demonstrate a high-level knowledge of common approaches to achieve security goals in computer systems.
LO6. Produce written reports that evaluate a system's security
LO7. Research information on security issues from the literature, and analyse a security incident use case

Graduate qualities

The graduate qualities are the qualities and skills that all University of Sydney graduates must demonstrate on successful completion of an award course. As a future Sydney graduate, the set of qualities have been designed to equip you for the contemporary world.

GQ1	Depth of disciplinary expertise Deep disciplinary expertise is the ability to integrate and rigorously apply knowledge, understanding and skills of a recognised discipline defined by scholarly activity, as well as familiarity with evolving practice of the discipline.
GQ2	Critical thinking and problem solving Critical thinking and problem solving are the questioning of ideas, evidence and assumptions in order to propose and evaluate hypotheses or alternative arguments before formulating a conclusion or a solution to an identified problem.
GQ3	Oral and written communication Effective communication, in both oral and written form, is the clear exchange of meaning in a manner that is appropriate to audience and context.
GQ4	Information and digital literacy Information and digital literacy is the ability to locate, interpret, evaluate, manage, adapt, integrate, create and convey information using appropriate resources, tools and strategies.
GQ5	Inventiveness Generating novel ideas and solutions.
GQ6	Cultural competence Cultural Competence is the ability to actively, ethically, respectfully, and successfully engage across and between cultures. In the Australian context, this includes and celebrates Aboriginal and Torres Strait Islander cultures, knowledge systems, and a mature understanding of contemporary issues.
GQ7	Interdisciplinary effectiveness Interdisciplinary effectiveness is the integration and synthesis of multiple viewpoints and practices, working effectively across disciplinary boundaries.
GQ8	Integrated professional, ethical, and personal identity An integrated professional, ethical and personal identity is understanding the interaction between one’s personal and professional selves in an ethical context.
GQ9	Influence Engaging others in a process, idea or vision.

Outcome map

Learning outcomes	Graduate qualities
Learning outcomes

Responding to student feedback

This section outlines changes made to this unit following staff and student reviews.

there was some updates on the topics, including adding blockchain related topics compared to the course of 2019

Disclaimer

The University reserves the right to amend units of study or no longer offer certain units, including where there are low enrolment numbers.

To help you understand common terms that we use at the University, we offer an online glossary.

Current students

Overview

Overview

Unit details and rules

Teaching staff

Assessment

Assessment

Assessment summary

Assessment criteria

Late submission

Academic integrity

Learning support

Learning support

Simple extensions

Special consideration

Using AI responsibly

Weekly schedule

Weekly schedule

Study commitment

Learning outcomes

Learning outcomes

Graduate qualities

Outcome map

Responding to student feedback

Responding to student feedback

Disclaimer

On this page

Useful links

Media

Student links

About us

Connect

Current students

COMP8617: Empirical Security Analysis and Engineering

Semester 2, 2022 [Normal evening] - Remote

Overview

Overview

Unit details and rules

Teaching staff

Assessment

Assessment

Assessment summary

Assessment criteria

Late submission

Academic integrity

Learning support

Learning support

Simple extensions

Special consideration

Using AI responsibly

Weekly schedule

Weekly schedule

Study commitment

Learning outcomes

Learning outcomes

Graduate qualities

Outcome map

Responding to student feedback

Responding to student feedback

Disclaimer

On this page

Useful links

Media

Student links

About us

Connect