University of Ontario Institute of Technology
Faculty of Engineering and Applied Science
ENGR 4840U: Software and Computer Security
COURSE OUTLINE
Dr. Shahryar Rahnamayan
Office: U5-27
Email: via WebCT
Office hours: Fridays 10:00AM - 1:00PM
Teaching Assistant
Mr. Ali Esmailzadeh
Course Objectives
In this course students get familiar with principals of software security and corresponding
techniques to manage computer and software security risks. This course covers database security,
auditing software, access control, authorization and authentication, applying cryptography
techniques, firewalls and intrusion detection, malicious software, buffer overflows, and also
other software security issues.
Course Outcomes
At the end of the course the students should be able to
 Explain the main concepts of software and computer securities
 Describe appropriate techniques to tackle with network and computer security risks
 Design and analysis of encryption and decryption algorithms
 Understand authorization and authentication
 Explain intrusion detection, malicious software, buffer overflows concepts
Prerequisites
ENGR 4650U and ENGR 4790U
Course Organization
Three lecture hours per week for one semester.
Required Course Texts and Other Materials
Textbook:
Computer Security: Principles and Practice, by: William Stallings and Lawrie Brown, 2008
ISBN: 0-13-600424-5
1
Software:
Microsoft Visual Studio IDE
Reference Books and Information Sources
Computer Security: Principles and Practice
(Best Computer Science and Engineering textbook for 2008, awarded by the Text and Academic
Authors Association.)
Policies and Expectations for the Learning Environment
Course content will be delivered through a combination of lectures, in-class activities and
assignments. Assigned activities will include Web-Centric e-Learning components. Some of
these will be performed in class, whereas others are to be performed outside of class.
Some in- and outside activities might be graded, others serve to self assess your acquired
knowledge.
It is expected that to be successful, students will attend and participate in class and perform all
required online and homework assignments.
There is a WebCT-based web page for the course, which include a constantly updating calendar
of course milestones, assignment, test dates and further information. Students are expected to
inform themselves regularly about course requirements.
Communication with the professor through electronic means will be through WebCT only. EMail to other accounts to the professor might not be answered in a timely fashion.
The professor will attempt to answer to e-mails/Discussion Postings through WebCT in a timely
fashion (<= 2 week days).
Provocative or demeaning contributions to electronic media might be removed or ignored.
Contributions to discussion forums/chat rooms and e-mails that indicate academic misconduct
might be used to prove such cases.
Data communication on the UOIT computer network during exam/quiz/assignment times might
be monitored to detect and prevent inappropriate communication.
2
Suitable computerized means might be used to restrict the functionality of the student laptop in
in-class situations to the required software tools of the course.
Assignments:
Assignments will be available on WebCT. Paper copies of outlines and assignments will not be
handed out. Changes to assignments will be announced either in class or via WebCT, but will not
be posted on any newsgroup (including WebCT's).
We will be using electronic submission of assignments via the WebCT submission system; no
other means of submission (e.g., email, hard copies, etc.) will be accepted. Assignment criteria
are specified in the detailed assignment descriptions. Read them carefully to be sure that you
have fulfilled all aspects of the requirements. Assignments are DUE ON THE DAY AND TIME
indicated. Late assignments will be handled as follows:
Non-negotiated Late Assignment:
An assignment that has been handed in late without prior agreement between the student and the
professor to extend the time for the assignment to be handed in will be considered a nonnegotiated late assignment and will be assigned a penalty of 20%, if it is submitted within
24h of the original due date, otherwise a grade of zero will be assigned.
Negotiated Late Assignment:
An assignment that has been handed in late in accordance with a mutually agreed deadline and
penalty (if applicable) will be considered a negotiated late assignment and will be marked in
accordance with the mutually agreed terms.
Extenuating Circumstances:
The professor will consider individually, rare extenuating circumstances, which may cause an
assignment to be late. Examples of extenuating circumstances include hospitalization, death of a
loved one, traffic accidents, etc. The student must provide documentation to validate the
extenuating circumstance. It will be at the professor’s discretion to work out the extension in this
situation.
3
Course Evaluation
Course Component Percent of Final Mark
Quizzes
20%
Group*
Assignments
25%
Group* Class
Presentation
5%
Group*
Programming
10%
Project or Research
Paper (Optional)
Midterm
20%
Final exam
30%
Total
110%
Remarks
There are 10 quizzes (2% each), which
corresponds to the weekly lecture
topics. The date for the quizzes will not
be announced previously.
There are a total of 5 assignments (5%
each). The TAs will discuss the grading
policies for the assignments.
One chapter from the textbook (Ch10,
Ch.13-Ch.18) should be presented by
each group (60 minutes presentation +
20 minutes answer to questions).
Topics for this case will be announced
to interested students.
Requirements and restrictions will be
announced (week after reading week).
Requirements and restrictions will be
announced.
* No more than three students should be in each group.
Note: you MUST get at least 50% of the total mark to pass the course.
Assignments are posted on the WebCT course page. Refer for more details such as due dates and
times.
Missed Tests and Final Exam
- Should a student fail to write a test or the final exam, the instructor must be informed ASAP
(via WebCT) and a medical certificate must be sent directly from the Doctor’s Office or Hospital
within 5 days by mail or preferably by fax (905-721-3370) to the Academic Advisor of FEAS
(and not to the instructor). A medical certificate, obtained from the university Website or WebCT
or from the Academic Advisor must clearly state the date, and the names of the student and the
doctor/hospital, and the doctor’s/hospital’s phone number and address.
- In case of absence from the test, there will be no make-up test. Should the absence (for medical
reasons or otherwise) prove to be absolutely legitimate (i.e., backed by strong bone fide
evidence), pending instructor’s approval, the weight of the missed test is shifted to the final
exam, otherwise the student will get a zero on his or her missed test.
- Should the absence from the final exam (for medical reasons or otherwise) prove to be
absolutely legitimate (i.e., backed by strong bone fide evidence), the student will write a deferred
exam which may be written or oral at the discretion of the instructor. The students who write a
4
deferred exam have additional time to study and a less crowded exam schedule compared to their
colleagues who write the final exam during the tight exam period. As such, it is only fair to
expect better performance from these students on the deferred exam than on the final exam.
Sequence of Instructions
This is a planning guide.
Your professor may alter the sequence of instructions, the depth of coverage of material, as well
as the precise test dates. Students will be given advanced notice, via the WebCT course web sites
announcement tool and the WebCT calendar of specific assignment and test dates that apply.
In-class quizzes may be assigned without notice during any scheduled class time. Assigned tasks
and tests will have to be completed during the period.
Lectures
It is highly recommended that all students attend all classes.
Week
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Topic
Explaining Course Outline + Overview
Cryptographic Tools
User Authentication
Access Control
Database Security
Reading Week
Midterm Review
Midterm
Intrusion Detection
Malicious Software
Denial of Service
Firewall and Intrusion Prevention Systems
Class Presentations
Buffer Overflows + Other Software
Security Issues
Course Review
Textbook Chapter
1
2
3
4
5
6
7
8
9
11, 12
Laboratories
Not Applicable
Tutorials
Not Applicable
Computer Experience and Usage
Computers are used for programming and teaching. The standard laptop leased to all students in
the program is used in this course. It is required that the laptop is brought to each of the classes.
5
Notes to Remember
- If you must send an e-mail to the instructor, then send it via WebCT. It is highly recommended
that if the students have any questions or concerns whatsoever, they should discuss them with the
instructor during his office hours, rather than sending him e-mails. Understanding a situation or
solving problem or providing advice can always be more effective in person. Should you have a
general question about the course or need to discuss a problem via WebCT, students must send
emails to the TAs.
- It is advised that students print the lecture notes from WebCT before they come to the class,
and then add their own understanding to the notes during the lectures.
- All assignments must be written very legibly, if something cannot be read, then that cannot be
marked.
- Any student who gets 90%+ (A+) in this course can ask for and expect a very good letter of
recommendation/reference when he or she is looking for a job or applying to a graduate program
or applying for a scholarship.
Other Information
SOME IMPORTANT GENERAL INFORMATION OF RELEVANCE TO THE COURSE
Academic Integrity and Conduct
UOIT is committed to the fundamental values of preserving academic integrity as defined in
UOIT policies and contained in the UOIT Calendar. Students should familiarize themselves with
UOIT’s policies and statements in this area. Acts of academic dishonesty, including plagiarism,
cheating, aiding others in cheating, and examination impersonation, will be dealt with severely as
they threaten the integrity of the academic system and are not acceptable.
UOIT and faculty members reserve the right to use electronic means to detect and help prevent
plagiarism. Students agree that by taking this course all assignments are subject to submission
for textual similarity review to Turnitin.com. Assignments submitted to Turnitin.com will be
included as source documents in Turnitin.com's restricted access database solely for the purpose
of detecting plagiarism in such documents for five academic years. The faculty member may
require students to submit their assignments electronically to Turnitin.com or the faculty member
may submit questionable text on behalf of a student. The terms that apply to UOIT's use of the
Turnitin.com service are described on the Turnitin.com website. (To read the entire policy,
please go to: http://www.uoit.ca/EN/main2/11246/13525/14057/14152/turnitin_policy.html.)
6
Accessibility
To insure that disability-related concerns are properly addressed during this course, students with
documented disabilities and who may require assistance to participate in this class are
encouraged to speak with their instructor as soon as possible. Students who suspect they may
have a disability that may affect their participation in this course are advised to go to the Centre
for Students with Disabilities (room B297) as soon as possible.
Approved by (indicating approval of Faculty’s Curriculum Committee): Program Director’s
Name:
Date:
7