well done all those who have now finished their security exams! We’ve been skimming over the answers and there are some great ones.
this is just to remind you to not talk about the exam until 7pm tomorrow (Tuesday) as there are still a number of students doing the exam now and tommorrow…
also if someone has any tips for how to remember how to spell sentance please do pass them on and I’ll be forever grateful !
all the best
Richar
Hi everyone,
Just a reminder that there should be NO SQLMap or other automated tools during the exam. We've just had 10 different accounts run SQLMap which took down both our binaries and out web application.
As a result, we're extended the deadline to 6:15pm for part C submissions.
Any uses of SQLMap or other automated tooling from here will be deemed academic misconduct and investigated as such.
Please be mindful of your fellow students and continue with your technical progress.
Kris.
Hi everyone,
Moodle is having some latency issues with everyone submitting at the same time. Please give it a chance to upload.
You may have to log out and log back in to Moodle before submitting. The timeouts on logins are very strict and so having the page already open can cause upload issues.
All uploads made before 5:05 will be counted as on time.
Kris.
Friendly update - it’s 35 mins till the deadline for parts AB submissions.
suggest to practise doing an exam submission now - don’t leave it till the end to do your first one in case there are problems. note that the last few minutes before 5pm are likely to be choked for Moodle.
look over the FAQ and exam updates on the exam live page now in case there are things there that impact on your exam answers. And keep refreshing that page periodically over the remainder of the exam.
Stand up and sit down and stretch for a few seconds - you’ll be amazed how that helps you refocus in this busy time near the end.
All the best - richard
Dear all,
Don’t forget you can ask questions and see the exam questions FAQ, which we update live.
Just refresh the page periodically over the exam : https://www.openlearning.com/secedu/courses/security-engineering-lecture-slides-2024/exam/live24
A time checkin that you have 2 hours to go on parts A+B, and you might want to try doing a sample submission soon so you can practise doing it. Also don’t forget to make backups as you go in case of mistakes or unfortunate accidents!
warm regards Richard
COMP6441 A/B Download: https://www.openlearning.com/secedu/courses/security-engineering-lecture-slides-2024/exam/live24/exam-files/?cl=1
LAWS A/B Download:
https://www.openlearning.com/secedu/courses/security-engineering-lecture-slides-2024/exam/live24/exam-files/?cl=1
COMP6841 C Download: https://www.openlearning.com/secedu/courses/security-engineering-lecture-slides-2024/exam/partc-live24/?cl=1
Submission for COMP A/B: https://moodle.telt.unsw.edu.au/mod/assign/view.php?id=7014740
Submission for LAWS A/B:
https://moodle.telt.unsw.edu.au/mod/assign/view.php?id=7329466
Submission for COMP C:
https://moodle.telt.unsw.edu.au/mod/assign/view.php?id=7014741
Hi all,
We've created an Exam Info page for tomorrow's exam - on it you can access information about the exam and any last minute updates, and tomorrow at 2pm you can use it to download the exam paper.
It is at
https://www.openlearning.com/secedu/courses/security-engineering-lecture-slides-2024/exam/?cl=1
As promised it also contains a skeleton version of the COMP Parts A&B paper so you can look over it and become familiar with the exam rules and format.
We are all thinking about you tonight - wishing you the very best.
Warm regards,
Richard (and the team)
To all those who came to the exam revision session last night or participated online - I hope you found it helpful and you had your queries answered.
To those who weren't there:
Hi everyone, if you'd like to participate online, here is the link.
https://www.youtube.com/watch?v=xLiJ_MeQv6w&list=PLDxcXbiEz9vb1xtzhN4SYd1pfYaAltAZi&index=29
Kris.
Hello everyone!
I hope you are all taking a breather before the exam next week and have had a chance to recover and recharge after the submission of the final logbook and Something Awesome Project. The quality so far has been really impressive and all the tutors are amazed at the projects that have come in.
As discussed last week we are holding some (optional) exam revision sessions this week for those who are interested:
More announcements will be made through the week regarding access to the exam and how to submit, along with the exam skeleton and everything else you’ll need to know for Monday.
Looking forward to seeing you this week.
Kris.
Dear Everyone,
1. I've been hearing fantastic things about your projects. Well done! Congratulations on your efforts (and courage).
2. The final activities of the course, in module "Wrapup", are now released. You have until the end of the upcoming weekend to do them, although you might not need that amount of time as there isn't a huge activity workload for this module. 6441 and 6841 students - you might want to check out some of the activities for the other group - entirely optional but there are some interesting ones you might like.
3. We've released last year's exam as a sample for you to see what exams look like. It has an analysis question in it on the same film (Dr Strangelove) that we are using for the analysis question this year too. In the tutorials this week discuss the exam and attempt the Strangelove question as your case study. Your tutorial participation and contributions in discussing the exam will count as your 7th and final module mark - for the so called "Exam Revision module". Recall your activities result is made from your 5 best modules.
If you can't come along to watch the film on Tuesday night, or you can but you also want to revise it afterwards, you can watch it for free here: https://archive.org/details/DRStrangelove_20130616
Looking forward to seeing you tonight as we start to wrap up the course!
Warm regards,
Richard
Hi all,
I hope everyone is keeping well.
The link below is for the EOI form for COMP6448, which is running as a cloud security course in term 1 2025 (the course Richard mentioned in Monday's lecture) I will keep the form open until Friday the 15th of Nov 9am in case anyone would still like to potentially join us in T1.
EOI form - Cloud Computing Course
if you have any questions, email me at caitlin.obrien@unsw.edu.au
Hi Everyone,
I’ve been thinking a lot about attendance.
Although it’s important to us that everyone learn at the same speed so the tutorial sessions are higher quality for everyone involved, and we’ve discovered in the past and especially last year that not engaging with the course much along the way and then trying to watch all the lectures as videos at the end of the course leads to disastrous exam performance, I now realise that the mechanism of encouraging / monitoring attendance is having unintended consequences.
I’m aware of students having to stay up late after the lecture to answer the quiz, when really they should be going to sleep. I’m also aware of other students, who I know have attended the lectures because I see them there, forgetting to fill it in and now getting stressed about passing the course.
None of these consequences are good. So we will not be requiring that you complete the lecture quizzes to pass the course this year. Please do keep trying to answer the quiz during or after each lecture if you feel it helpful to consolidate what you are learning in the class (there is lots of research that shows that if you think about the material while you are learning it your recall and understanding is MUCH higher the next day) but please do not feel that you are required to do it, or that you need to do by a deadline - it is now your own choice about what works best for you and how you learn.
Over the remaining weeks of the course we’ll be going over the answers to all the quiz questions from throughout the course in class so if there are some you haven’t done yet you might want to go back and do them (briefly) before we discuss them as a self check and revision.
I’d like to thank the students who have given thoughtful feedback about the quizzes, and have done it in such a helpful and respectful manner. You have helped me and helped make the course better for your peers.
Warm regards,
Richard
It was lovely to see so many of you last night. I noticed some people left before we spoke about the case study scenario for this week - so if you missed it the case situation is linked at the top of the lecture notes, and repeated here to make things easy: https://www.openlearning.com/secedu/courses/security-engineering-lecture-slides-2024/slides/ghost-case-study/
I hope you enjoy it - I find it a fascinating problem. It will help you think about what cryptographic properties are needed in a particular "real world" situation, and how to achieve them using cryptographic primitives like those we have looked at in the course.
A warmup question to get you thinking in advance of the case study - "how is this different to the Houdini problem?" - R
To help with any ambiguities, some additional information has been created and released here: https://webcms3.cse.unsw.edu.au/COMP6441/24T3/resources/106807
Simplified Grading Scheme [Only for COMP students]
Some COMP security students may wish to focus their time on learning in this course and wish to be free of the detailed assessment demands of the course on their time and attention – instead preferring to choose where to focus their learning attention and time once they have mastered the simple core content.
Other students may prefer or need to have a more fine-grained (0..100) measurement of how they went in the course.
To support both options in this course adopts a variant of the Princeton model where students may elect to receive a traditional fine-grained mark out of 100 for the course, or a simplified final result similar to Pass/Fail grading. By default students will be given a fine-grained course result, however, students may elect to be given a final grade under the simplified grading scheme option.
Final result under the Simplified Grading Scheme option
If you want to apply for the Simplified Grading Scheme , you can do so with the link: https://forms.office.com/r/08cLxzJmXy
Additional Information: https://webcms3.cse.unsw.edu.au/COMP6441/24T3/resources/104553
Form will close on Tuesday 5th 23:59 Sydney Time . We will use your last recorded submission before this date. Feel free to reach out to the class account cs6441@cse.unsw.edu.au if you have any questions.
Have fun! Try the Marie Kondo choice activity if you can - it may well change how you think about data custodians.
It was lovely to be together again last night after so long, and to see so many of you in person and hear the questions and ideas from those online. I’ve had a bit of a rough last few weeks and being all together again was a shot in the arm.
No prep is needed for the analysis session in tutes this week but I wanted to let you know what you’ll be doing. The theme follows on from last night: incident response, and the planning and thinking you need to do in advance to respond optimally.
For the first time you’ll be looking at two scenarios. Don’t dawdle on the first one (tho it is super interesting) so you have time to have a good go at the second one too.
Scenario 1: Consider the 2018 Hawaii debacle where citizens got an SMS (screenshot below) saying they were about to be struck by a nuclear missile and similar subsequent events in Japan and Canada.
You lead the Australian government nuclear incident citizen response group. Devise how to best inform, protect and manage citizens if we had credible belief that a nuclear missile was on the way to Australia.
What are your top 5 recommendations? (Ranked, of course!)
Let’s not worry too much about the source - It could be from NKorea, China, India, Russia, US, Israel, UK, wherever…
Scenario 2:
Over the past few weeks more adults have drowned in Australian waters trying to rescue children. In most cases the children have not drowned and it has been the intended rescuers who have tragically died. You have been put in charge of coming up with the government response plan to address this situation. Your mission is to reduce or eliminate the number of such tragedies that occur. What are your top 5 recommendations?
I hope you have had a great quiet week. The activities for module 4/5 are now available - go to the "Module Activities" link on the side navigation bar. I've been quite sick (although I only just realised it) and so we've merged the week 4 and week 5 topics into a single activity module. It's due towards the end of week 7 (finish it before next Saturday) and in keeping with the design of allowing you to not include your lowest two module marks into your final mark we'll take the 5 best module marks (out of the 7 modules).
Kris will be teaching Integrity on Monday and Lyria will be assisting me on Tuesday with the legal aspects of surveillance. She has made a podcast on it which she'll be referring to - please listen to that before the Tuesday Lecture. It's here: https://webcms3.cse.unsw.edu.au/COMP6441/24T3/resources/106582
This week in your tutorial plan to check in with your tutor about your project, to let them know how you are going and your plans for finishing it off.
I'm looking forward to seeing you all. Take care.
Richard
I hope those who went to B-sides had a wonderful time! Can't wait to hear all about it when we all get together in the lectures tonight.
Because of B-sides the week 3 activities are much relaxed and also you can have more time to work on them - up until the week 4 activities are due (in week 5.)
However do make sure do you do in advance any prep needed for the case study sessions and law seminar this week. Case study prep for this week has been much reduced too - should not take much time at all.
Warm regards - Richard
Hi everyone! I hope you're all enjoying the lecture happening right now.
There will be no tutorials are running in week 3 due to BSides Canberra (a security conference). We encourage everyone to come along if they can!
In its place, there will be help sessions running from 9-6 PM on Wednesday, 9-6 PM on Thursday, and 9-4 PM on Friday.
We will also be in Ainsworth Room 113 from 10AM to 2PM.
If you have any questions related to the course, feel free to pop by and ask the tutors running the session. These sessions are mainly for Something Awesome Project feedback but feel free to ask any questions about the course content or security in practice.
Also, feedback for Week 1 will be sent by your tutor sometime on Monday or Tuesday. To give extra time to implement any feedback and give you extra time to finish off the Week 2 activities, the Week 2 logbook will be due on Thursday 10AM.
Kris.
Hi everyone,
If you have any questions you want answered regarding the 6841 extended content, feel free to go to Ainsworth 102 today at 3pm. There will be a couple of tutors ready to help you with the wargames and explain things from another perspective.
Also, the sqli wargames are now live :)
Kris.
Hi Everyone,
The module 2 activities are ready to go - have fun! (they are linked form the left hand menu under "What to do each week")
Warm regards,
Richard
Hi Everyone,
The week 2 case study reading has now been released - you can find it on the Week 1 Activities (linked in the left navbar) or directly here .
It's released later than we intended so it is not due along with the rest of the week 1 logbook activities - just make sure you do the prep before your case study in your tutorial this week.
Looking forward to seeing you all at the lecture tonight.
Warm regards,
Richard
Hi everyone!
I'm sure you're all keen to put what we've spoken about to the test so we're releasing the wargames now! Head over to https://ctfd.comp6841.xyz and register an account. You'll need to register with your uni email ending in @ad.unsw.edu.au.
Please be mindful of the good faith policy (including what you name yourself). Have fun, but don't interfere with people's learning.
If anything is broken or crashes, just send us an email at cs6441@cse.unsw.edu.au. These challenges are deliberately fragile so things could go down.
The extended lecture slides are now linked under the lecture link so you can find the recording and the slides themselves in the "Lecture Links" tab on the sidebar.
Enjoy your weekend!
Kris.
Hi everyone!
Here's the link to the stream for tonight: https://youtube.com/live/xCxKNCB5ChE . This won't be live until 6 when we get started.
Additionally, the week 1 activities are live! They can be found on the sidebar on the left.
I hope everyone has been thinking hard about their something awesome projects and are already diving in to security in their day to day :)
Kris.
Hello everyone!
The online lecture stream tonight will be located here:
Hi everyone!
Welcome aboard! You should have gotten an email detailing some of the administration, but we'll go through everything you need to know in the lecture tonight.
The online lecture stream will be located here:
https://youtube.com/live/Ttwp_mUEHYA?feature=share
For those of you coming in person, we'll see you in Keith Burrows at 6pm!
Kris.