Cyber Security Foundations introduces all essential cyber security principles. This includes principles of secure design, secrets minimization, least privilege, isolation, separation and encapsulation. The interplay between failed security principles and vulnerabilities is investigated in detail.
The course provides the essential foundations which allow students to continue in a more in-depth cyber security career, yet can also be used a standalone unit to provide a self-contained set of knowledge.
Learning Outcomes
Upon successful completion, students will have the knowledge and skills to:
1. Demonstrate a thorough understanding of the fundamental principles underlying Cyber Security.2. Define and identify cyber security principles and their violation.
3. Apply cyber security principles in a practical context.
4. Migrate insights from cyber security analysis into new designs.
5. Communicate a cyber security thread to a heterogenous team of professionals.
Research-Led Teaching
This course features topics on the state-of-the-art research on cyber security research, including recently discovered security vulnerabilities and their mitigation techniques. The lab material includes case studies on recent cyber security incidents in the real world.
Examination Material or equipment
All examination materials are permitted; these include textbooks and online resources.
Required Resources
Since cyber security is a rather broad subject and one thatis constantly evolving, no single textbook will be able to cover all topics of interests. For this course, we will follow the outline of subjects described in:
- Dieter Gollmann. Computer Security (3rdedition). Wiley, 2011
- Christof Paar and Jan Pelzl. Understanding cryptography: a textbook for students and practitioners. Springer, 2010.
However, some course material, especially those related to recent security incidents and vulnerabilities, will be compiled from various other sources, including books, research papers and online resources(references will be given in relevant lectures).
Recommended Resources
The following textbooks are recommended but not required. Selected material from one or more of these textbooks will be provided in the lecture slides.
- Wenliang Du. Computer Security and Internet Security: a hands-on approach. 2022. ISBN: 978-1733003940
- William Stallings. Cryptography and Network Security (7thedition). Pearson, 2017
- Ross Anderson. Security Engineering. Wiley, 2020.
- David Basin, Patrick Schaller, Michael Schlapfer. Applied Information Security: a hands-on approach. Springer 2011.
- Matt Bishop. Computer Security: Art and Science. Addison Wesley, 2018.
- Jon Erickson. Hacking: the art of exploitation (2ndedition). No Starch Press, 2008.
- Stephen G. Kochan and Patrick Wood. Shell Programming in Unix, Linux and OS X (4thedition). Addison-Wesley Professional, 2016.
Staff Feedback
Students will be given feedback in the following forms in this course:
- written comments
- verbal comments
- feedback to whole class, groups, individuals, focus group etc
Student Feedback
ANU is committed to the demonstration of educational excellence and regularly seeks feedback from students. Students are encouraged to offer feedback directly to their Course Convener or through their College and Course representatives (if applicable). Feedback can also be provided to Course Conveners and teachers via the Student Experience of Learning & Teaching (SELT) feedback program. SELT surveys are confidential and also provide the Colleges and ANU Executive with opportunities to recognise excellent teaching, and opportunities for improvement.
Other Information
Labs start at Week 1 and students must register for a lab group by the start of Week 1 or they will be assigned one automatically.
Class Schedule
| Week/Session | Summary of Activities | Assessment |
|---|---|---|
| 1 | Lectures: course topics overview; history of computer security; principles of security. Lab 1: setting up lab virtual machines; introduction to basic linux commands. | Online math prerequisite quiz: review of basic modular arithmetic |
| 2 | Lectures: Security management; identity and authentication. Lab 2: linux and shellscripting tutorial | Online lab quiz |
| 3 | Lectures: access control; reference monitor & hardware-based security. Lab 3: security principles and case studies | Online lab quiz |
| 4 | Lectures: operating system security: Unix access control, setuid programs software security: overview of C language, vulnerability basics Lab 4: identification and authentication. | Online lab quiz; Assignment 1 (System and Software Security) released. |
| 5 | Lectures: software security: vulnerability basics, defence mechanisms Lab 5: Unix security mechanisms | Online lab quiz |
| 6 | Lectures: Introduction to cryptography: outlines, classic ciphers, math preliminary Lab 6: Software security | Online lab quiz |
| 7 | Lectures: stream ciphers; block ciphers. Lab 7: classical ciphers; basic crypto related math | Online lab quiz; Assignment 1 due |
| 8 | Lectures: encryption mode; cryptographic hash functions; message authentication code. Lab 8: stream and block ciphers | Online quiz; Assignment 2 (Cryptography) released |
| 9 | Lectures: introduction to public key cryptography RSA crypto system Diffie-Hellman key exchange Lab 9: encryption mode | Online lab quiz |
| 10 | Lectures: digital signatures; key establishment Lab 10: hash and MAC | Online lab quiz |
| 11 | Lectures: key establishment; overview of network security. Lab 11: public key cryptography and RSA | Online lab quiz. |
| 12 | Revision and/or guest lectures. Lab 12: key exchange, digital signatures, key establishment | Online lab quiz; Assignment 2 due. |
Tutorial Registration
ANU utilises MyTimetable to enable students to view the timetable for their enrolled courses, browse, then self-allocate to small teaching activities / tutorials so they can better plan their time. Find out more on the Timetable webpage.Assessment Summary
| Assessment task | Value | Due Date | Return of assessment | Learning Outcomes |
|---|---|---|---|---|
| Math prerequisite quiz | 1 % | * | * | 1 |
| Lab quizzes | 9 % | * | * | 1, 2, 3, 4, ,5 |
| Assignment 1 - System and Software Security | 25 % | 21/09/2022 | 05/10/2022 | 1, 2, 3, 4 |
| Assignment 2 - Cryptography | 25 % | 27/10/2022 | 10/11/2022 | 1, 2, 3, 4 |
| Final Examination | 40 % | * | * | 1, 2, 3, 4 |
* If the Due Date and Return of Assessment date are blank, see the Assessment Tab for specific Assessment Task details
Policies
ANU has educational policies, procedures and guidelines , which are designed to ensure that staff and students are aware of the University’s academic standards, and implement them. Students are expected to have read the Academic Integrity Rule before the commencement of their course. Other key policies and guidelines include:
- Academic Integrity Policy and Procedure
- Student Assessment (Coursework) Policy and Procedure
- Special Assessment Consideration Guideline and General Information
- Student Surveys and Evaluations
- Deferred Examinations
- Student Complaint Resolution Policy and Procedure
- Code of practice for teaching and learning
Assessment Requirements
The ANU is using Turnitin to enhance student citation and referencing techniques, and to assess assignment submissions as a component of the University's approach to managing Academic Integrity. For additional information regarding Turnitin please visit the Academic Skills website. In rare cases where online submission using Turnitin software is not technically possible; or where not using Turnitin software has been justified by the Course Convener and approved by the Associate Dean (Education) on the basis of the teaching model being employed; students shall submit assessment online via ‘Wattle’ outside of Turnitin, or failing that in hard copy, or through a combination of submission methods as approved by the Associate Dean (Education). The submission method is detailed below.
Moderation of Assessment
Marks that are allocated during Semester are to be considered provisional until formalised by the College examiners meeting at the end of each Semester. If appropriate, some moderation of marks might be applied prior to final results being released.
Examination(s)
The final examination is a hurdle: the student must get a mark of at least 40% in the final examination. Failure at this hurdle will result in failure of the course.
Assessment Task 1
Learning Outcomes: 1
Math prerequisite quiz
This quiz is intended to encourage students to review their knowledge of basic modular arithmetic, that will be needed for the parts of the course related to cryptography. The quiz can be taken anytime from Week 1 to Week 5. Multiple attempts will be permitted. Students who score less than 60 (out of 100) will be strongly recommended to review their first year math course contents, or drop the course, as the cryptography part will assume familiarity with basic concepts in modular arithmetic.
Assessment Task 2
Learning Outcomes: 1, 2, 3, 4, ,5
Lab quizzes
For every lab, except for Lab 1, students are required to complete an online quiz, which is meant to re-enforce the material covered in the labs. There are 11 lab quizzes, and together they account for 9% of the total course mark. Each lab quiz is due one week after the quiz is released.
Assessment Task 3
Learning Outcomes: 1, 2, 3, 4
Assignment 1 - System and Software Security
The main objective of this assignment is for the students to understand the security mechanisms in Unix-like operating systems, such as Linux, and their interplay with software security. This assignment uses a 'Capture the Flag' (CTF) style challenges, commonly used for cyber security training and education. Each student will be assigned a unique set of challenges. Each challenge comes with a software package that contains one or more vulnerabilities, and a hidden 'flag' (which takes the form of a unique sequence of characters) that can only be uncovered through exploiting one or more vulnerabilities in the executable binary and/or relevant access control parameters associated with the software package. The description for each challenge is provided but it is intentionally brief, as some exploration of the behaviour of the software and its interaction with the operating system is expected and is an essential part of the challenge.
This assignment must be solved in the same virtual machine used in the labs. The detailed instructions on how to install the relevant software packages in the virtual machine will be provided when the assignment is released.
For each challenge, the student must submit two components for assessment:
- The unique flag for the challenge. This accounts for 10% of the mark.
- A report detailing how they solve the challenge to obtain the flag. This accounts for 90% of the mark.
The report must contain the following components:
- A detailed account of the exploration of potential vulnerabilities in the challenge.
- A detailed analysis of the vulnerabilty found.
- A detailed explanation of how the vulnerability is exploited to obtain the flag. The explanation must include a high-level overview of the exploitation strategy, followed by detailed exploitation steps. For the latter, the student must include all the necessary details that would allow the assessor to reproduce the exploit.
The relative weightings of these report components may differ from one challenge to another; the detailed weightings will be provided when the assignment is released.
Assessment Task 4
Learning Outcomes: 1, 2, 3, 4
Assignment 2 - Cryptography
The main objective of this assignment is for the students to understand the applications of basic cryptographic operations and to analyse potential weaknesses in the design and implementation of these operations in applications. This assignment uses the same 'Capture the Flag' (CTF) style challenges as in Assignment 1. Each student will be assigned a unique set of challenges. Each challenge comes with a software package that contains a flawed implementation of a cryptographic function, and one or more auxiliary files (which could be ciphertexts, plaintexts or other tools needed to solve the challenge). There is a flag (which takes the form of a unique sequence of characters) hidden in one of the auxiliary files that can only be uncovered through exploiting one or more vulnerabilities in the implemented cryptographic function and/or knowledge of relevant plaintexts or ciphertexts.
For each challenge, the student must submit two components for assessment:
- The unique flag for the challenge. This accounts for 10% of the mark.
- A report detailing how they solve the challenge to obtain the flag. This accounts for 90% of the mark.
The report must contain the following components:
- A detailed account of the exploration of potential vulnerabilities in the challenge.
- A detailed analysis of the vulnerabilty found.
- A detailed explanation of how the vulnerability is exploited to obtain the flag. The explanation must include a high-level overview of the exploitation strategy, followed by detailed exploitation steps. For the latter, the student must include all the necessary details that would allow the assessor to reproduce the exploit.
The relative weightings of these report components may differ from one challenge to another; the detailed weightings will be provided when the assignment is released.
Assessment Task 5
Learning Outcomes: 1, 2, 3, 4
Final Examination
The final examination covers all topics of the course. It will be conducted online via Wattle. To ensure the integrity of the exam process, some form of (self-)invigilation will be required. More details will be made available in the second half of the semester.
The final examination is a hurdle: the student must get a mark of at least 40% in the final examination. Failure at this hurdle will result in failure of the course.
Academic Integrity
Academic integrity is a core part of the ANU culture as a community of scholars. The University’s students are an integral part of that community. The academic integrity principle commits all students to engage in academic work in ways that are consistent with, and actively support, academic integrity, and to uphold this commitment by behaving honestly, responsibly and ethically, and with respect and fairness, in scholarly practice.
The University expects all staff and students to be familiar with the academic integrity principle, the Academic Integrity Rule 2021, the Policy: Student Academic Integrity and Procedure: Student Academic Integrity, and to uphold high standards of academic integrity to ensure the quality and value of our qualifications.
The Academic Integrity Rule 2021 is a legal document that the University uses to promote academic integrity, and manage breaches of the academic integrity principle. The Policy and Procedure support the Rule by outlining overarching principles, responsibilities and processes. The Academic Integrity Rule 2021 commences on 1 December 2021 and applies to courses commencing on or after that date, as well as to research conduct occurring on or after that date. Prior to this, the Academic Misconduct Rule 2015 applies.
The University commits to assisting all students to understand how to engage in academic work in ways that are consistent with, and actively support academic integrity. All coursework students must complete the online Academic Integrity Module (Epigeum), and Higher Degree Research (HDR) students are required to complete research integrity training. The Academic Integrity website provides information about services available to assist students with their assignments, examinations and other learning activities, as well as understanding and upholding academic integrity.
Online Submission
You will be required to electronically sign a declaration as part of the submission of your assignment. Please keep a copy of the assignment for your records. Unless an exemption has been approved by the Associate Dean (Education) submission must be through Turnitin.
Hardcopy Submission
For some forms of assessment (hand written assignments, art works, laboratory notes, etc.) hard copy submission is appropriate when approved by the Associate Dean (Education). Hard copy submissions must utilise the Assignment Cover Sheet. Please keep a copy of tasks completed for your records.
Late Submission
Late submission not permitted. If submission of assessment tasks without an extension after the due date is not permitted, a mark of 0 will be awarded.
Referencing Requirements
The Academic Skills website has information to assist you with your writing and assessments. The website includes information about Academic Integrity including referencing requirements for different disciplines. There is also information on Plagiarism and different ways to use source material.
Extensions and Penalties
Extensions and late submission of assessment pieces are covered by the Student Assessment (Coursework) Policy and Procedure. Extensions may be granted for assessment pieces that are not examinations or take-home examinations. If you need an extension, you must request an extension in writing on or before the due date. If you have documented and appropriate medical evidence that demonstrates you were not able to request an extension on or before the due date, you may be able to request it after the due date.
Privacy Notice
The ANU has made a number of third party, online, databases available for students to use. Use of each online database is conditional on student end users first agreeing to the database licensor’s terms of service and/or privacy policy. Students should read these carefully. In some cases student end users will be required to register an account with the database licensor and submit personal information, including their: first name; last name; ANU email address; and other information.In cases where student end users are asked to submit ‘content’ to a database, such as an assignment or short answers, the database licensor may only use the student’s ‘content’ in accordance with the terms of service – including any (copyright) licence the student grants to the database licensor. Any personal information or content a student submits may be stored by the licensor, potentially offshore, and will be used to process the database service in accordance with the licensors terms of service and/or privacy policy.
If any student chooses not to agree to the database licensor’s terms of service or privacy policy, the student will not be able to access and use the database. In these circumstances students should contact their lecturer to enquire about alternative arrangements that are available.
Distribution of grades policy
Academic Quality Assurance Committee monitors the performance of students, including attrition, further study and employment rates and grade distribution, and College reports on quality assurance processes for assessment activities, including alignment with national and international disciplinary and interdisciplinary standards, as well as qualification type learning outcomes.
Since first semester 1994, ANU uses a grading scale for all courses. This grading scale is used by all academic areas of the University.
Support for students
The University offers students support through several different services. You may contact the services listed below directly or seek advice from your Course Convener, Student Administrators, or your College and Course representatives (if applicable).
- ANU Health, safety & wellbeing for medical services, counselling, mental health and spiritual support
- ANU Access and inclusion for students with a disability or ongoing or chronic illness
- ANU Dean of Students for confidential, impartial advice and help to resolve problems between students and the academic or administrative areas of the University
- ANU Academic Skills and Learning Centre supports you make your own decisions about how you learn and manage your workload.
- ANU Counselling Centre promotes, supports and enhances mental health and wellbeing within the University student community.
- ANUSA supports and represents undergraduate and ANU College students
- PARSA supports and represents postgraduate and research students
Convener
|
|
|||
Research InterestsFormal methods; computational logic; cyber security |
||||
AsPr Alwen Tiu
|
|
|
||||||
Instructor
|
|
|
|||
Research Interests |
||||
AsPr Alwen Tiu
|
|
|
||||||
