CPSC 538H - Network Security
Class: Monday and Wednesday, 2:00-3:30 PM
Location: SWNG-Floor 2-Room 208
Instructor: Nguyen Phong Hoang (nphoang@ubcnet.ca)
Office hours: Monday and Wednesday, 1:00-2:00 PM
Piazza: CPSC 538H (All course announcements, Q&A, and discussion will be on Piazza.)
0. Overview This graduate-level course explores the technical and societal dimensions of network security through a thematic and research-oriented lens. Students will study core vulnerabilities in modern networks, explore state-of-the-art defenses, analyze real-world abuse, and investigate privacy technologies. Emphasis will be placed on primary research papers, hands-on experimentation, and a final independent research project.
1. Prerequisites While there are no formal prerequisites for this course, it is recommended that students have some understanding of computer networks (e.g., undergraduate-level networking course or equivalent experience of CPSC 317 or CPSC 417). Security knowledge is not required but will be helpful. The course will involve hands-on activities and a final project, so students should be comfortable with programming, command-line tools, and basic network protocols. Students should also have a strong interest in network security and be willing to engage in discussions and activities that challenge their understanding of security concepts.
2. Learning Objectives By the end of the course, students will be able to:
- Analyze and critique security vulnerabilities in core Internet protocols
- Apply security tools to capture, scan, and inspect network traffic
- Understand adversarial strategies, including phishing, botnets, and censorship
- Explore and evaluate privacy-enhancing technologies like Tor and encrypted DNS
- Conduct and communicate original research in network security
3. Course Format
- Seminar discussions based on recent and classic research papers
- Hands-on labs and tool-based exercises
- Media case studies (e.g., Netflix cybercrime documentaries)
- Final project with proposal, presentation, and technical report that is suitable for publication
4. Thematic Modules and Tentative Schedule
5. Grading The course will be graded based on the following components:
Paper review & presentation (20%)
Students will read and review research papers on network security topics published at top security conferences. Each student will then play the role of an attacker and present 1~2 papers to the class. This activity will be evaluated based on the understanding of the paper, the quality of the presentation, and the ability to engage in discussions with peers.
Netflix & learn (10%)
We will watch a cybercrime documentary and write a short review. This year, we will watch a few episodes from the Netflix series 'Web of Make Believe: Death, Lies and the Internet'. The review should summarize the main points of the documentary, discuss the relevance to security and privacy, and provide a critical analysis of the content. The review should be submitted as a written report no longer than 1 page. The report is due after the documentary screening and by the end of the day (AoE) of the next class.
Participation (10%)
Active participation in class discussions and activities is essential for success in this course. Students are expected to engage in discussions, ask questions, and provide feedback to their peers, especially during hands-on activities and paper presentations where you will play the role of defenders to challenge the attacker's assumptions.
Project proposal & feedback (10%)
A one-page project proposal is due on October 7th. Students will meet with Phong at least once during the first month of the course to discuss their project ideas and progress. These meetings are intended to provide guidance and feedback on the project and ensure that students are on track to complete the project successfully.
Project presentations (15%)
Students will have a final project presentation (15%). The presentation will be evaluated based on the clarity of the presentation, the depth of understanding of the project, and the ability to answer questions from the audience. Presenter will be evaluated by both the instructor and peers.
Final project report (35%)
Students are encouraged to work individually on the final project. However, if students wish to work in pairs, they must discuss this with the instructor first. The final project report should be a technical report that is suitable for publication. It should include an introduction, background and motivation, methodology, results, and conclusion sections. The report should be at least 6 pages long and follow the ACM SIGCOMM conference format. The report is due on December 20th. The project will involve designing and implementing a network security problem. Projects can range from conducting a network measurement study, developing a new security tool or technique, to analyzing a real-world security issue. One of the primary goals of this course is for students to get experience in doing network security research by exploring an open problem in the field. It should be a problem that is interesting to the student, i.e., students can select a topic that they are passionate about, but I am happy to provide suggestions and discuss project ideas as well. Projects will be evaluated based on the creativity, technical depth, and practical relevance of the work.
6. Academic Integrity
7. Legality and Ethics
Through this course, we will discuss various security tools and techniques that can be used for both defensive and offensive purposes. By introducing these tools, the course aims to provide students with a better understanding of network security concepts and challenges. However, it is the responsibility of the students to ensure that they use these tools in a legal and ethical manner. If you have any questions or concerns about the legality or ethics of using a particular tool or technique, please discuss it with the instructor.
- Canada Law on Unauthorized Use of Computer
- Canada Law on Mischief in Relation to Computer Data
- UBC Information Systems Policy
8. Late Policy
We understand that unexpected circumstances may arise that prevent you from submitting an assignment on time. Thus, we will allow a total of 72 hours of late submission for the entire semester. You can use this time for any submission throughout the semester with 1 hour being the minimum unit. Once you have used up all the hours, each late submission will incur a 25% penalty per day. If you need more time due to extenuating circumstances, please contact the instructor as soon as possible.
