CPSC 526/626: Network Systems Security (Fall 2025)

Announcements | General Information | Assignments | Tutorials | Lectures

Announcements

Sep 2: Welcome to class!
Sep 14: Assignment 1 posted.
Sep 23: Assignment 2 posted.
Sep 23: Office hours today from 13:50 to 14:30 and bonus hours tomorrow 1300-1400
Sep 30: Practice midterm posted.
Oct 6: Office hours today from 13:30 to 15:30 and cancelled T and R

General information

Instructor: Joel Reardon, ICT 642, e-mail joel.reardon [at] ucalgary [dot] ca
MIDTERM REVIEW:here
Lectures: MS 319
Office hours: TR 14:30 -- 15:30 in ICT 642

Assignments

assignment	due date
Assignment 1	Sept 25th
Assignment 2	Oct 13

Questions in assignments are submitted through a D2L dropbox.

Tutorials

num	day	time	place	tutor
01	MW	1000--1050	MS 252	Naeem

Date	Topic	Handout
2025-09-08	intro	Threat models
2025-09-10	intro	C socket programming
2025-09-15	intro	Tinycore
2025-09-17	work on Assignment 1
2025-09-22	work on Assignment 1
2025-09-24	channel	Crypto
2025-09-29	protocols	Protocol Analysis
2025-10-01	certificates and TLS	Certificates and TLS
2025-10-06	midterm review
2025-10-08	work on Assignment 2
2025-10-13	network traffic

Lecture Content

Lecture Date Topic Readings

Sep 2 Admin[slides]

Sep 2 and 4 Introduction[slides] [PVO] chapter 1; [beej] chapters 1-7

Sep 4 and 9 Cryptography and Channel Security[slides] [PVO] chapter 2

Sep 9 and Sep 11 Hash Functions[slides] [PVO] chapter 2

Sep 11 and 16 Randomness[slides] [rfc1750] 1--4 (626 also 5, 6); [dualec]; [prng]

Sep 16 and Sep 18 Kerberos[slides] [PVO] 4.1--4.4; 4.7; [kerb] all scenes

Sep 18 and Sep 23 Certificates[slides] [PVO] 8.1--8.5; [evcert]

Sep 25 TLS[slides] [PVO] 9.2; [strip]

Oct 2 SSH[slides]

Sep 25 and Oct 2 and Oct 16 Network Stack[slides]

Oct 7 MIDTERM 1

Oct 21 Denial of Service[slides] [PVO] 11.4;

TCP Attacks [PVO] 11.6

DNS and DNSSec [PVO] 11.5; [kam], [kamdns]

ARP [PVO] 11.5

Firewalls [PVO] 10.1, 10.2;

IDS [PVO] 11.1, 11.2

Web Security [PVO] 9.1, 9.3, 9.4

XSRF [PVO] 9.5; [schreiber]

XSS [PVO] 9.6; [postcards]

Code Injection [PVO] 9.7; [sql]

Clickjacking [huang]

Lecture Date	Topic	Readings
Sep 2	Admin[slides]
Sep 2 and 4	Introduction[slides]	[PVO] chapter 1; [beej] chapters 1-7
Sep 4 and 9	Cryptography and Channel Security[slides]	[PVO] chapter 2
Sep 9 and Sep 11	Hash Functions[slides]	[PVO] chapter 2
Sep 11 and 16	Randomness[slides]	[rfc1750] 1--4 (626 also 5, 6); [dualec]; [prng]
Sep 16 and Sep 18	Kerberos[slides]	[PVO] 4.1--4.4; 4.7; [kerb] all scenes
Sep 18 and Sep 23	Certificates[slides]	[PVO] 8.1--8.5; [evcert]
Sep 25	TLS[slides]	[PVO] 9.2; [strip]
Oct 2	SSH[slides]
Sep 25 and Oct 2 and Oct 16	Network Stack[slides]
Oct 7	MIDTERM 1
Oct 21	Denial of Service[slides]	[PVO] 11.4;
	TCP Attacks	[PVO] 11.6
	DNS and DNSSec	[PVO] 11.5; [kam], [kamdns]
	ARP	[PVO] 11.5
	Firewalls	[PVO] 10.1, 10.2;
	IDS	[PVO] 11.1, 11.2
	Web Security	[PVO] 9.1, 9.3, 9.4
	XSRF	[PVO] 9.5; [schreiber]
	XSS	[PVO] 9.6; [postcards]
	Code Injection	[PVO] 9.7; [sql]
	Clickjacking	[huang]

References

[PVO] Paul Van Oorschot Computer Security and the Internet 2020, Springer
[rfc793] Transmission Control Protocol
[beej] Beej's Guide to Network Programming
[rfc1750] Randomness Recommendations for Security
[dualec] Dual EC: A Standardized Back Door
[prng] Pseudorandom Number Generators
[kerb] Designing an Authentication System: a Dialogue in Four Scenes
[evcert] Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study
[strip] New Tricks For Defeating SSL In Practice Moxie Marlinspike
[kam] It's The End Of The Cache As We Know It Kaminsky
[kamdns] An Illustrated Guide to the Kaminsky DNS Vulnerability
[raw] raw socket programming tutorial
[schreiber] Session Riding
[postcards] Postcards from the post-XSS world
[sql] Advanced SQL Injection In SQL Server Applications
[huang] Clickjacking: Attacks and Defenses

Last updated: