CPSC 526/626: Network Systems Security (Fall 2025)

Announcements | General Information | Assignments | Tutorials | Lectures

Announcements

Sep 2: Welcome to class!

General information

Instructor: Joel Reardon, ICT 642, e-mail joel.reardon [at] ucalgary [dot] ca
Lectures: MS 319
Office hours: TR 14:30 -- 15:30 in ICT 642

Assignments

assignment	due date

Questions in assignments are submitted through a D2L dropbox.

Tutorials

num	day	time	place	tutor
01	MW	1000--1050	MS 252	Naeem

Date	Topic	Handout
2022-09-09	intro	Threat models
2022-09-11	intro	C socket programming
2022-09-16	intro	Tinycore

Lecture Content

Lecture Date Topic Readings

Sep 2 Admin[slides]

Sep 2 and 4 Introduction[slides] [PVO] chapter 1; [beej] chapters 1-7

Sep 9 and 11 Cryptography and Channel Security[slides] [PVO] chapter 2

Randomness [rfc1750] 1--4 (626 also 5, 6); [dualec]; [prng]

Kerberos [PVO] 4.1--4.4; 4.7; [kerb] all scenes

Certificates [PVO] 8.1--8.5; [evcert]

TLS [PVO] 9.2; [strip]

Network Stack

Denial of Service [PVO] 11.4;

TCP Attacks [PVO] 11.6

DNS and DNSSec [PVO] 11.5; [kam], [kamdns]

ARP [PVO] 11.5

Firewalls [PVO] 10.1, 10.2;

IDS [PVO] 11.1, 11.2

Web Security [PVO] 9.1, 9.3, 9.4

XSRF [PVO] 9.5; [schreiber]

XSS [PVO] 9.6; [postcards]

Code Injection [PVO] 9.7; [sql]

Clickjacking [huang]

Lecture Date	Topic	Readings
Sep 2	Admin[slides]
Sep 2 and 4	Introduction[slides]	[PVO] chapter 1; [beej] chapters 1-7
Sep 9 and 11	Cryptography and Channel Security[slides]	[PVO] chapter 2
	Randomness	[rfc1750] 1--4 (626 also 5, 6); [dualec]; [prng]
	Kerberos	[PVO] 4.1--4.4; 4.7; [kerb] all scenes
	Certificates	[PVO] 8.1--8.5; [evcert]
	TLS	[PVO] 9.2; [strip]
	Network Stack
	Denial of Service	[PVO] 11.4;
	TCP Attacks	[PVO] 11.6
	DNS and DNSSec	[PVO] 11.5; [kam], [kamdns]
	ARP	[PVO] 11.5
	Firewalls	[PVO] 10.1, 10.2;
	IDS	[PVO] 11.1, 11.2
	Web Security	[PVO] 9.1, 9.3, 9.4
	XSRF	[PVO] 9.5; [schreiber]
	XSS	[PVO] 9.6; [postcards]
	Code Injection	[PVO] 9.7; [sql]
	Clickjacking	[huang]

References

[PVO] Paul Van Oorschot Computer Security and the Internet 2020, Springer
[rfc793] Transmission Control Protocol
[beej] Beej's Guide to Network Programming
[rfc1750] Randomness Recommendations for Security
[dualec] Dual EC: A Standardized Back Door
[prng] Pseudorandom Number Generators
[kerb] Designing an Authentication System: a Dialogue in Four Scenes
[evcert] Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study
[strip] New Tricks For Defeating SSL In Practice Moxie Marlinspike
[kam] It's The End Of The Cache As We Know It Kaminsky
[kamdns] An Illustrated Guide to the Kaminsky DNS Vulnerability
[raw] raw socket programming tutorial
[schreiber] Session Riding
[postcards] Postcards from the post-XSS world
[sql] Advanced SQL Injection In SQL Server Applications
[huang] Clickjacking: Attacks and Defenses

Last updated: