COMP 4108 (Winter 2015): Computer Systems Security

School of Computer Science, Carleton University

Preliminary course outline, subject to change; last updated Jan. 17th, 2015.

Assignments page

Instructor: Furkan Alaca (Office Hours: Monday 11:30am-12:30pm in 5331HP, E-mail: furkan.alaca (insert @ here)

TA: Adam Skillen (Office Hours: TBA, E-mail: askillen (insert @ here)

Lecture times: 10:05-11:25am Monday and Wednesday, Jan. 5 to Apr. 8, 2015 (excluding Winter Break: Feb. 16-20)

Location: 406 Southam Hall


Calendar description

Introduction to information security in computer and communications systems, including network, operating systems, web and software security. Passwords, authentication applications, privacy, data integrity, anonymity, secure email, IP security, security infrastructures, firewalls, viruses, intrusion detection, network attacks.


One of COMP 3203 (Principles of Computer Networks) or SYSC 4602 (Computer Communications); and one of COMP 3000 (Operating Systems), SYSC 3001 (Operating Systems and Databases), SYSC 4001 (Operating Systems).


(Required) Stallings and Brown, Computer Security: Principles and Practice, 3/e (2015)

Additional resources from author's website

Additional resources from publisher's website (requires access code from physical textbook)



Students should regularly check the COMP 4108 assignments page for instructions and due dates. Some of the assignment content is password-protected: the password will be provided in class.

Students will be required to remotely log into a VM which has been specially created for each assignment. Please email your student number to the course TA, askillen(at), to get your individual userid/password to log into your VM. The VMs will be remotely accessible off-campus.

Students registered in the course may use the undergraduate Computer Science laboratories in Herzberg (HP): See this page for further information on policies, hours, and gaining access.

Reading Responses

Readings will be assigned for the last 3 lectures. For each reading, a one-page, hard-copy critque must be handed in at the start of the specified class, followed by a class discussion of the paper. The response should include a 2-3 sentence overview of the paper rephrased in your own words, plus three brief criticisms of the reading (perceived shortcomings, points you disagree with, or suggestions for improvement). Support your criticisms as best possible within the available space.


Although many of the topics covered will be based on chapters from the textbook, supplementary material will be covered during the lectures. Moreover, obtaining the marks for the reading responses will require students to physically submit them in class and to participate in the class discussion. Students are therefore expected to attend all classes and will be responsible for all material covered therein.

Topics Outline

Course objectives: To understand fundamental principles of computer systems security; to learn the technical underpinnings of current computer security technologies; to learn about software security vulnerabilities and countermeasures; to learn about major categories of threats and how to protect against them with the appropriate security tools; to gain practical experience through the course assignments in understanding how various attacks are carried out.

Week Date Topics covered (subject to modification)
1 Jan. 5

Overview (Ch. 1): Computer security concepts, types of security threats and attacks, countermeasures, aspects of a comprehensive security strategy.

Cryptographic Tools (Ch. 2): Symmetric encryption, message authentication and hash functions, public-key encryption, digital signatures and key management, random and pseudorandom numbers.

Jan. 7
2 Jan. 12
Jan. 14

Access Control (Ch. 4): Access control models, filesystem permissions and setuid

3 Jan. 19
Jan. 21

Software Security (Ch. 11): handling program input, data interpretation, interactions with OS, libraries, other apps, race conditions, program output.

4 Jan. 26
Jan. 28
(A1 due)
Buffer Overflow (Ch. 10)
5 Feb. 2

Malicious Software (Ch. 6): viruses, worms & worm propagation, rootkits, and botnets.

Interesting talk: The History and Evolution of Computer Viruses (Mikko Hypponen, DEFCON 2011 talk).

Feb. 4
6 Feb. 9 Test 1, in class.
Feb. 11
(A2 due)

Denial of Service Attacks (Ch. 7)

Interesting talk: Lessons from Surviving a 300Gbps DDoS Attack (Matthew Prince, Black Hat 2013 talk)

7 Feb. 16 Winter Break, no classes.
Feb. 18
8 Feb. 23

Intrusion Detection (Ch. 8)

Firewalls & Intrusion Prevention Systems (Ch. 9)

Tunneling: SSH, IPSec, VPNs (Ch. 22.5 + Class Notes)

Feb. 25
9 Mar. 2
Mar. 4
(A3 due)
10 Mar. 9

Web Security (Class Notes): SSL/HTTPS, Same-Origin Policy, HTTP cookies, XSS, CSRF.

Time-permitting: SQL injection (Ch. 5.4) and possibly other topics.

Mar. 11
11 Mar. 16
Mar. 18
(A4 due)
User Authentication (Ch. 3)
12 Mar. 23
Mar. 25 Test 2, in class.
13 Mar. 30
(RR1 due)
Class discussion
Apr. 1
(RR2 due)
Class discussion
14 Apr. 6
(RR3 due)
Class discussion
Apr. 8
(A5 due)
No lecture - classes follow a Friday schedule.

University Policies

Student Academic Integrity Policy

Every student should be familiar with the Carleton University student academic integrity policy. A student found in violation of academic integrity standards may be awarded penalties which range from a reprimand to receiving a grade of F in the course or even being expelled from the program or University. Some examples of offences are: plagiarism and unauthorized co-operation or collaboration. Information on this policy may be found in the Undergraduate Calendar.


As defined by Senate, "plagiarism is presenting, whether intentional or not, the ideas, expression of ideas or work of others as one's own". Such reported offences will be reviewed by the office of the Dean of Science.

Unauthorized Co-operation or Collaboration

Senate policy states that "to ensure fairness and equity in assessment of term work, students shall not co-operate or collaborate in the completion of an academic assignment, in whole or in part, when the instructor has indicated that the assignment is to be completed on an individual basis". Please refer to the course outline statement or the instructor concerning this issue.

Academic Accommodations for Students with Disabilities

The Paul Menton Centre for Students with Disabilities (PMC) provides services to students with Learning Disabilities (LD), psychiatric/mental health disabilities, Attention Deficit Hyperactivity Disorder (ADHD), Autism Spectrum Disorders (ASD), chronic medical conditions, and impairments in mobility, hearing, and vision. If you have a disability requiring academic accommodations in this course, please contact PMC at 613-520-6608 or for a formal evaluation. If you are already registered with the PMC, contact your PMC coordinator to send me your Letter of Accommodation at the beginning of the term, and no later than two weeks before the first in-class scheduled test or exam requiring accommodation (if applicable). After requesting accommodation from PMC, meet with me to ensure accommodation arrangements are made. Please consult the PMC website for the deadline to request accommodations for the formally-scheduled exam (if applicable) at

Religious Obligation

Write to me with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details visit the Equity Services website:

Pregnancy Obligation

Write to me with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details visit the Equity Services website:

Medical Certificate

The following is a link to the official medical certificate accepted by Carleton University for the deferral of final examinations or assignments in undergraduate courses. To access the form, please go to