EECS 3482

Introduction to Computer Security

Winter, 2015
computer security image`

  Lecture Schedule:         Mon and Wed  17:30 - 19:00,  ACW 306

  Instructor:                         Natalija Vlajic (vlajic @

  Office Hours:                   Mon and Wed  14:00 - 15:00 (LAS 2047)

  TA:                                       Yang Yang (yangcs @

      Course News

  • May 4:   Preliminary final grades are now available through ePost.
  • May 4:   Final exam solutions are available here.
  • Apr 21:   Lab 3, 4 and 5 grades are now available through ePost.
  • Apr 9:   Final exam will be held on Sunday, April 26, 10:00. The exam will be closed book and closed notes. The use of a simple calculator is allowed. 60% of the exam will be related to the material discussed in class after Feb 11 (i.e., after Midterm), and 40% to the material discussed before Feb 11. A sample Final exam from W 2014 can be accessed here.
  • Apr 9:   Research Project & Presentation grades are now available through ePost (for students with an EECS account). A detailed breakdown of the grades will be provided/emailed on request.
  • Mar 25:   IMPORTANT!  Mini Project Teams 14 - 18 presentation times have changed. See the student presentation schedule below.
  • Mar 25:   Makeup of Lab 3 will be held on Wednesday, April 15, at the usual time and place (LAS 1002, 12:30).
  • Feb 26:   Lab 2 grades are now available through ePost.
  • Feb 24:   Midterm solutions are available here.
  • Feb 24:   Midterm and Lab 1 grades are now available through ePost.
  • Feb 9:   Midterm exam will be held on Wednesday, February 11, in class. The exam will be closed book and closed notes, and will cover all the material discussed in class up to and including the lecture of February 9. A sample midterm from W 2014 can be accessed here.
  • Jan 20:   EECS 3482 Laboratories are starting this week. Time: Wednesday, 12:30. Location: LAS 1002.
  • Jan 15:   Jan 12 notes have been updated (see slides 29 - 36).
  • Jan 13:   Mini Project Teams have been formed. Find your name and respective team in Student Presentations column of Course Schedule & Notes table. Contact the course instructor ASAP if your name is missing from this list and/or the provided information is incorrect.
  • Jan 5:   IMPORTANT!   Mini Project Teams and respective presentation dates must be determined by January 12. For more see: Mini Project - Tips, Requirements and Timeline.
  • Jan 5:   Classes begin.  Location: ACW 306.

   Course Information:

   Course Material:

   Course Policies:

   Course Schedule & Notes:

Required Reading
Lab Dates
Student Presentations
M, Jan 5

Sony Hack

W, Jan 7
Introduction:  Security CIA Chapter 1

M, Jan 12
Introduction: Security Threats
Chapter 6

W, Jan 14
Introduction: Security Threats (cont.)

M, Jan 19
Steganography - part 1 

Team 1
[Chu, Rolfe, Danno]
Shellshock (Bash Bug)

W, Jan 21 Steganography - part 2

Group 1
Team 2
[Borges, Yoshiwara, Santos]
Facebook, Twitter & Privacy
M, Jan 26
class cancelled

W, Jan 28   Cryptography - part 1 Chapter 2 LAB 1
Group 2
Team 3
[Noori, Patabendi, Malik]
Cyber Attack on Ebay
M, Feb 2  Cryptography - part 2 
Lab 2 - what you need to know
Sections 20.2, 20.3, 21.3, 21.4
Team 4
[Lebon, Ratovonirina, Arshad]

W, Feb 4
Cryptography - part 3 ...
up 1

Team 5
[Turky, Kapur, Nyima]
Why to Start a Career in Cybersecurity
M, Feb 9
Cryptography - part 4 ...

Team 6
[Emilrajan, Tacouri, Khodak]
Lizard Squad Attack on Tor

W, Feb 11
Midterm Exam

up 2

Reading Week
M, Feb 23
Security Management & Policy - part 1
Chapter 15

Team 7
[Bassakyros, Nada, Sattu]

W, Feb 25 Security Management & Policy - part 2 ...
up 1

Team 8
[Peng, Kang, Cheng]
Security for Mobile Applications
M, Mar 2
Access Control - part 1
Chapter 3 & 4

Team 9
[Kresling, Abdelrazeq, Frimpong]
Malware Causing Physical Damage: Case of German Steel Plant
Labor Disruption - classes cancelled

W, Mar 11
Access Control - part 2

...Password Cracking - part 1
up 2

Team 10
[Soukup, Tran, Le]
M, Mar 16
Password Cracking - part 2

Security Risk Management - part 1
Chapter 14
Team 11
[Aslamad, Hussaini, Ameri]
Car Hacking

W, Mar 18
Guest Lecture:

Pius Ndebele
IT Audit Manager
Royal Bank of Canada (RBC)

up 1

M, Mar 23 ***Security Risk Management - part 2 ...
Team 12
[Abdullah, Patel, Pathmasiri]

W, Mar 25
Guest Lecture:

Dina Kamal
Partner at Deloitte Canada
Enterprise Risk Services

up 2

M, Mar 30
DDoS Attacks / Puppetnets
Chapter 7

Team 13
[Xie, Zhou, Zhang]
Internet Censorship in China

W, Apr 1
Security Risk Management - part 3
... LAB 5
up 1

Team 14
[Anh, Bhole, Bhivandkar]
UI State Interface Attack
12 M, Apr 6
Legal and Ethical Aspects
Chapter 19

Team 15
[Cetinalp, Patel, Apelo]
Bitcoin Security

Team 16
[Tang, Shah, Yarchak]

W, Apr 8 Intellectual Property Section 19.2 LAB 5
up 2

Team 17
[Buhari, Etedali, Sekyere]
Medical Device Security
Team 18
[Long, Liu, Zhang]
Dyre Banking Trojan
Team 19
[Dutta, Wu]
SpoofedMe: Social Login Attack

Final Exam:   Sun, Apr 26, 10:00

  Recommended Reading Material:

   Course Description:
This course introduces students to the basic concepts, goals and terminology of computer security. It provides a general overview of the computer security body of knowledge with an emphasis on the risk-based mindset that a computer security professional needs to have. Students will be exposed to both the theoretical and the practical aspects of computer security (the lab sessions will include security case studies as well as exercises using modern security tools).


Any 12 university credits at the 2000-level in any discipline.

   Grading Scheme:

   Late Assignments and Missed Midterm:

Late assignments will not be accepted, unless a prior arrangement is made with the instructor.
Makeups of missed midterm exams are only possible in extremely exceptional situations (such as verifiable medical emergencies) or by arrangement well prior to the exam, provided there is an extremely compelling reason.

   Academic Honesty:

"The Department takes the matter of academic honesty very seriously. Academic honesty is essentially giving credit where credit is due. And not misrepresenting what you have done and what work you have produced. When a piece of work is submitted by a student it is expected that all unquoted and uncited ideas and text are original to the student. Uncited and unquoted text, diagrams, etc., which are not original to the student, and which the student presents as their own work is considered academically dishonest." For more see:  Department of Computer Science Academic Honesty Guidelines.

Mini Project on Current Topics in Computer Security

The goal of Mini Project is to provide students with an opportunity to conduct independent Internet-based research on a security-related topic of their interest, as well as to practice their team-work and presentation skills.
In particular, during the course of the term, teams comprising 3 students each will conduct a study on a current topic in computer/information/cyber security. The findings of this study will subsequently be presented to the class in the form of a 5-min presentation.
Further details concerning the project's scope, timeline, as well as the final presentation tips and requirements are provided in the following document: Mini Project - Tips, Requirements and Timeline.

  Mini Project: Important dates
- by January 12:   Teams of 3 students formed. Presentation dates determined.

- at least one week before Team X presentation:   Team X informs the instructor about their selected topic.
- at least 2-3 days before Team X presentation:    Team X emails a preliminary copy of their presentation to the instructor.