CPSC 526/626: Network Systems Security (Fall 2025)

Announcements | General Information | Assignments | Tutorials | Lectures

Announcements

Sep 2: Welcome to class!
Sep 14: Assignment 1 posted.
Sep 23: Assignment 2 posted.
Sep 23: Office hours today from 13:50 to 14:30 and bonus hours tomorrow 1300-1400
Sep 30: Practice midterm posted.
Oct 6: Office hours today from 13:30 to 15:30 and cancelled T and R
Oct 13: Assignment 2 now due Oct 15
Oct 14: Assignment 3 now posted
Oct 17: Final exam is Dec 12 at 1300
Nov 18: Office hours today 1500-1600
Nov 23: Assignment 5 posted now due Dec 5 at noon
Dec 2: Office hours Thursday 1230--1400

General information

Instructor: Joel Reardon, ICT 642, e-mail joel.reardon [at] ucalgary [dot] ca
MIDTERM REVIEW:midterm one (oct 7)
midterm two (nov 6)
Lectures: MS 319
Office hours: TR 14:30 -- 15:30 in ICT 642

Assignments

assignment	due date
Assignment 1	Sept 25th
Assignment 2	now Oct15
Assignment 3	Oct 31st
Assignment 4	Nov 19th
Assignment 5	Dec 5th

Questions in assignments are submitted through a D2L dropbox.

Tutorials

num	day	time	place	tutor
01	MW	1000--1050	MS 252	Naeem

Date	Topic	Handout
2025-09-08	intro	Threat models
2025-09-10	intro	C socket programming
2025-09-15	intro	Tinycore
2025-09-17	work on Assignment 1
2025-09-22	work on Assignment 1
2025-09-24	channel	Crypto
2025-09-29	protocols	Protocol Analysis
2025-10-01	certificates and TLS	Certificates and TLS
2025-10-06	midterm review
2025-10-08	work on Assignment 2
2025-10-15	network traffic	Wireshark
2025-10-20	network scanning	NMAP
2025-10-22	work on Assignment 3
2025-10-27	dns	DNS
2025-10-29	firewall	Firewalls
2025-11-03	work on Assignment 4
2025-11-05	midterm review
2025-11-10	reading week
2025-11-12	reading week
2025-11-17	work on Assignment 4
2025-11-19	web	SOP
2025-11-24	work on Assigment 5
2025-11-26	web	XSRF
2025-12-01	web	XSS
2025-12-03	web	Code injection

Lecture Content

Lecture Date Topic Readings

Sep 2 Admin[slides]

Sep 2 and 4 Introduction[slides] [PVO] chapter 1; [beej] chapters 1-7

Sep 4 and 9 Cryptography and Channel Security[slides] [PVO] chapter 2

Sep 9 and Sep 11 Hash Functions[slides] [PVO] chapter 2

Sep 11 and 16 Randomness[slides] [rfc1750] 1--4 (626 also 5, 6); [dualec]; [prng]

Sep 16 and Sep 18 Kerberos[slides] [PVO] 4.1--4.4; 4.7; [kerb] all scenes

Sep 18 and Sep 23 Certificates[slides] [PVO] 8.1--8.5; [evcert]

Sep 25 TLS[slides] [PVO] 9.2; [strip]

Oct 2 SSH[slides] [PVO] 10.3

Sep 25 and Oct 14 Network Stack[slides]

Oct 7 MIDTERM 1

Oct 14 Denial of Service[slides] [PVO] 11.4;

Oct 14 and Oct 16 TCP Attacks[slides] [PVO] 11.6

Oct 21 and Oct 23 DNS and DNSSec[slides] [PVO] 11.5; [kam], [kamdns]

Oct 23 ARP[slides] [PVO] 11.5

Oct 30 Firewalls[slides] [PVO] 10.1, 10.2;

Oct 30 IDS[slides] [PVO] 11.1, 11.2

Nov 4 review

Nov 6 MIDTERM 2

Nov 18 and Nov 20 Web Security[slides] [PVO] 9.1, 9.3, 9.4

Nov 20 XSRF[slides] [PVO] 9.5; [schreiber]

Nov 20 and Nov 25 XSS[slides] [PVO] 9.6; [postcards]

Nov 25 Code Injection[slides] [PVO] 9.7; [sql]

Nov 27 and Dec 2 Clickjacking[slides] [huang]

Dec 2 review

Lecture Date	Topic	Readings
Sep 2	Admin[slides]
Sep 2 and 4	Introduction[slides]	[PVO] chapter 1; [beej] chapters 1-7
Sep 4 and 9	Cryptography and Channel Security[slides]	[PVO] chapter 2
Sep 9 and Sep 11	Hash Functions[slides]	[PVO] chapter 2
Sep 11 and 16	Randomness[slides]	[rfc1750] 1--4 (626 also 5, 6); [dualec]; [prng]
Sep 16 and Sep 18	Kerberos[slides]	[PVO] 4.1--4.4; 4.7; [kerb] all scenes
Sep 18 and Sep 23	Certificates[slides]	[PVO] 8.1--8.5; [evcert]
Sep 25	TLS[slides]	[PVO] 9.2; [strip]
Oct 2	SSH[slides]	[PVO] 10.3
Sep 25 and Oct 14	Network Stack[slides]
Oct 7	MIDTERM 1
Oct 14	Denial of Service[slides]	[PVO] 11.4;
Oct 14 and Oct 16	TCP Attacks[slides]	[PVO] 11.6
Oct 21 and Oct 23	DNS and DNSSec[slides]	[PVO] 11.5; [kam], [kamdns]
Oct 23	ARP[slides]	[PVO] 11.5
Oct 30	Firewalls[slides]	[PVO] 10.1, 10.2;
Oct 30	IDS[slides]	[PVO] 11.1, 11.2
Nov 4	review
Nov 6	MIDTERM 2
Nov 18 and Nov 20	Web Security[slides]	[PVO] 9.1, 9.3, 9.4
Nov 20	XSRF[slides]	[PVO] 9.5; [schreiber]
Nov 20 and Nov 25	XSS[slides]	[PVO] 9.6; [postcards]
Nov 25	Code Injection[slides]	[PVO] 9.7; [sql]
Nov 27 and Dec 2	Clickjacking[slides]	[huang]
Dec 2	review

References

[PVO] Paul Van Oorschot Computer Security and the Internet 2020, Springer
[rfc793] Transmission Control Protocol
[beej] Beej's Guide to Network Programming
[rfc1750] Randomness Recommendations for Security
[dualec] Dual EC: A Standardized Back Door
[prng] Pseudorandom Number Generators
[kerb] Designing an Authentication System: a Dialogue in Four Scenes
[evcert] Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study
[strip] New Tricks For Defeating SSL In Practice Moxie Marlinspike
[kam] It's The End Of The Cache As We Know It Kaminsky
[kamdns] An Illustrated Guide to the Kaminsky DNS Vulnerability
[raw] raw socket programming tutorial
[schreiber] Session Riding
[postcards] Postcards from the post-XSS world
[sql] Advanced SQL Injection In SQL Server Applications
[huang] Clickjacking: Attacks and Defenses

Last updated: