Course Information and Outline

Course Outlines:

1. COMP6441
2. COMP6841
3. LAWS3040

General information about the course

1. Welcome
2. A family of 3 connected courses
3. Teaching style and how to approach the course
4. Good Faith Code
5. Help
6. Keeping Informed
7. No-Penalty Extension
8. Course Meetings
   1. Monday and Tuesday Lectures
   2. Tuesday Law Seminar
   3. Thursday Applied Security Seminar
9. What you do in the course (Assessment items)
10. Bonus Marks
11. Lighting talks
12. Planning your time
13. Assumed Computing Knowledge
14. Text and References
15. Submitted work
16. Plagiarism
17. Scaling
18. Special Consideration
19. Supplementary Final Examination
20. Late penalties for COMP6441 and COMP6841 (does not apply to LAWS3040 students)

Welcome

Security Engineering
The principles and practice of designing and managing complex systems against adversaries in a world of humans, technology, cryptography and regulation

Welcome to UNSW's foundation course(s) in cyber security. Cyber security now cuts across all aspects of life and society, personal, political, commercial, societal, military, health, safety, legal, online, information technology, essential services, law enforcement, governance, espionage and critical national infrastructure. It has the power to affect relationships, money, privacy, state and corporate power, elections, and physical security. Cyber security has become an integral part of everyday life and critical for everyone to understand, yet because the field has emerged recently most have only what knowledge they have been able to teach themselves.

As well as being important cyber security is also a delight to practice as a professional and as an individual as you can do good and have enormous fun at the same time.

This course provides an introduction to modern cyber security design, practice, and regulation and is suitable for anyone with a playful analytical mind and a strong sense of curiosity. We concentrate on analytical skills , an engineering approach to security design, an understanding of the offensive mindset, and an understanding of the role of law and other forms of regulation . We'll also bring you up to date with the current main trends in cyber security. We expect you to be a self-directed learner , you will get out of this course what you put in.

Who are we?

Lecturers

• Richard Buckland: Engineering Lecturer in charge
• Kristian Mansfield: Engineering co-lecturer for COMP6841
• Lyria Bennett Moses: Law Lecturer (for all law stuff, email lyria@unsw.edu.au )

Administrative team

• Priscilla Soo: Course Admin
• Nicholas Tandiono: Course Admin
• Thomas McTavish: Course Admin
• Abiram Nadarajah: Course Admin
• Caitlin Obrien: SECedu office
• Amanda Durham: SECedu office

2. A family of 3 connected courses

There are three related cyber security courses taught concurrently: COMP6441, COMP6841, LAWS3040. These courses all share common core lectures and tutorials so students will get to know each other regardless of which official course code they are enrolled in. Unless there is something specific to which relates to your particular course we will refer to you generally as being a cyber security student and the collection of courses generally as the course.

• COMP6441
  • students learn the foundations of security engineering including design, risk and an overview of modern cryptography, with no background in programming required
  • COMP6441 specific information (including assessment and attendance)
• COMP6841
  • students cover the same material as 6441 students plus applied technical measures requiring programming
  • COMP6841 specific information (including assessment and attendance)
• LAWS3040
  • students learn the legal context of cyber security and how regulation impacts on security practices.
  • LAWS3040 specific information (including assessment and attendance)
• Everyone
  • Everyone learns analysis, history, trends and emerging topics. Students from every course are welcome to attend some or all of the classes of any other course if you are interested in that material. It will not be examined, just attend to learn what you are interested in. The only attendance constraint is if the class rooms fill up.

We suggest computing students take 6841, law students take 3040, and those from other fields wanting to learn cyber security but without a technical background take 6441. However it is fine for computing students to take 6441 if they prefer - this will not stop you taking further cyber security courses.

We have arranged the operation of these connected courses so all students can see and access the entire content and you are warmly welcome, indeed encouraged, to attend any classes in any course in which they are interested in addition to the official classes for your own course. Security is a multi-disciplinary problem and you will be a more effective security professional if you have a wider base of skills and knowledge.

All cyber security students from all three courses will learn together Security Engineering - which is the engineering principles behind designing and maintaining security. You will analyse selected case studies and the principles behind effective security and how it is designed, built, assessed, and regulated. We cover theory and then we look at how it is applied in current cyber security practice. We'll pay particular attention to systems which fail. The course objective is to help you develop your skills in analysis , critical thinking , and design . A cunning and devious mind will help also. Although our main concern is digital/computer security the many of the principles we cover also apply to security more generally.

3. Teaching style and how to approach the course

Treat this course as a chance to learn the skills and knowledge you wish to have. We want you to succeed and to be proud of how you change over this term. We will all work very hard to provide provide you with opportunities and resources and support to learn and you should seize this opportunity and take control of your own learning so you get out of this course what you are wanting to learn and change in the ways you would like to.

Have fun! Security is an extremely enjoyable and stimulating field. Approach it in a spirit of adventure and a desire to embrace challenge.

Understand and follow the SECedu Good Faith Code. It's below. It's vital you read and understand it. Ask your tutor or the course staff if you have any questions about it. Following it is hurdle a condition for passing the course.

Acknowledge the contributions of others when you submit or create work which is not entirely your own work. Failure to do this is regarded as plagiarism by the university which is treated very seriously. Be specific in the way you acknowledge it - so your assessor can see precisely what is your own work and what was sourced from elsewhere. In general it is professional to make use of the work of others and read widely so we do not mind you doing so (except where we expressly prohibit it e.g. in a closed book exam) but it is essential (and professional) that you do not pass it off as your own work. (Make sure you read the university information about plagiarism if you are unfamiliar with it)

Ideally the assessable activities in the course should be your own work as much as possible, since we are assessing the work that you do and your contributions, but other activities can be done alone or with others as you find most helpful and enjoyable.

Acknowledge AI - In general you cannot use AI such as chat GPT in assessment activities in this course. You can only use A such as chatGPT for assessment activities if it is explicitly allowed. Even if and where AI is permitted outputs and ideas from AI are counted as "work not entirely your own" so it falls under the Acknowledge section above and you must explicitly acknowledge that you have used an AI tool and specify exactly what you used. At a minimum you would need to give the input you provided it, the outputs you got, and how you changed them. Ask your tutor if you are at all unclear unclear. Submitting AI generated work without proper acknowledgement is treated as academic misconduct.

Don't do everything alone - make sure you do some activities collectively and work to help your classmates, as you'll need to demonstrate your ability to work in teams as part of your portfolio.

Work steadily each week - don't fall behind as that can be stressful and tends to lead to surface rather than deep learning when you do get around to trying to catch up. Past students suggest putting aside a regular scheduled time each week to work on the course.

Join in the course community , share ideas and insights, and help others.

Make sure you prepare before each weekly analysis tutorial. The quality of the discussion and analysis depends on the quality of the preparation everyone in the put in. Freeloaders let everyone down and miss out on the opportunity to practice for the exam (the final exam is closely modelled on the weekly tutorial classes and the weekly activities)

Read around and actively extend yourself during the course . If you already know some topics then set yourself challenges to stretch yourself or learn about extension areas. Make sure you come out of this course substantially better than when you came in. Set yourself a challenge to give a lightning presentation, to make the hall of fame, or take the opportunity to learn something non-assessable which you have always wanted to master.

4. Good Faith Code

This course has a "Good Faith Code". This means we expect you to act in good faith at all times. You must not act in any way so as to bring disrepute to the reputation of the course, the course staff, fellow students, the school, the university, or the ICT profession. We expect you to be a good citizen. To not invade, alter or damage the property of others including the university, invade the privacy of others, break any laws or regulations, annoy other people, deprive others of access to resources, breach or weaken the security of any system, or do or omit to do anything else which you know or suspect we would not be happy about. Furthermore you are not to do anything which appears OK by a loophole or a strict interpretation of "the letter of the law" but which is not consistent with the spirit. Mainly - don't be a dick.

If you are unsure, ask!

If, in our sole discretion, we feel you have violated the Good Faith Code you will be awarded 0 Fail for the course. Further penalties may apply also depending on the nature and severity of the violation. Students who have seriously violated the Good Faith Code may not be permitted to re-enrol in future offerings of the course.

Students who are found (or who have previously been found and have not disclosed this ) guilty of academic or computer related misconduct or any other activity in a way which which casts doubt on their ability or willingness to comply with the Good Faith Code will be dis-enrolled and will be not permitted to re-enrol in future offerings of the course. If you have ever been found guilty of such an activity you must disclose it to the course convenor immediately.

5. Help

You can get official help at any time on the Help and FAQ page .

In addition to official help (and often far better than it!) you will probably find that the best most helpful advice and ideas will come from your peers - so if you need help at any time about the content on a course page please ask a question in the comment section at the foot of the relevant page and the course community will likely sort if out for you in a flash. And if you see someone asking a question that you can answer - please do! This course works best when we work as a collaborative community, and we always do (We're very proud of the supportive community character of students and former students of this course).

6. Keeping Informed

Important notices related to this course may be announced on the home page on the course web site on webcms from time to time. It is your responsibility to check this site regularly.

Sometimes urgent information may also be sent to you by email. Make sure you pay careful attention to any email you receive. All official email will be sent to your UNSW email address. If you prefer to read your mail at some other address you will need to redirect your mail, for example by using the UNSW idm *. Ask your tutor if you need help doing this.

Additional information will be provided in lectures and in the relevant sections of the course site as the session progresses. You should read the announcements, the Help and FAQ page, and this page regularly for updates.

7. Automatic Short Extension

All students in these courses may have one no-proof no-penalty extension for their Course Project. The extension can be for up to 72 hours.

If you wish to make use of this extension for an assessment submission you must advise your tutor by email when or before you make your submission and then apply centrally for an automatic short extension. You can also do a more elaborate special consideration if you require more than 72 hours extension.

When you advise your tutor, briefly state why you need the extension and how much you need. That will help us better understand the challenges that are impacting on our students. One or two sentences is fine. If it is a personal reason that you don't want to share you it's fine to just say "Personal reason" as your reason.

8. Course meetings

We are delighted that we have the opportunity to learn and teach together in person this term. For those who enrolled in the online stream you will watch live lecture streams rather than attending Monday and Tuesday lectures in person.

• COMP6441 and COMP6841 students attend all Monday and Tuesday Lectures, and are welcome to attend law seminars (subject to there being space in the room).
• COMP6841 students also attend the Thursday Seminar.
• LAWS students attend all Tuesday lectures, Monday lectures in weeks 1 and 10, and law seminars. They may optionally choose to attend the other Monday lectures and the Thursday seminars (subject to there being space in the room)
• All students attend a weekly face to face tutorial (aka Case Study Analysis session)
• There is an optional Movie session following the Tuesday Lecture (in the same room). SecSoc kindly provides food.

8.1 Monday and Tuesday Lectures

Face to face

We will run face to face Monday and Tuesday lectures this term for those who are registered and wish to have an on campus experience all together. However the largest lecture theatre we could get filled up quickly so we are also running a lecture stream for those who prefer that or didn't manage to get a spot in the face face lecture stream.

After the Tuesday lecture there is an optional movie session where we watch a great movie with relevance to the course and then chat about it afterwards. Free food kindly provided by the wonderful SecSoc.

8.2 Tuesday Law Seminar

The law seminar for LAWS3040 students (Tuesday 2pm) is interactive and face to face only.

Non-law students are also welcome to attend - subject to the room not being full. We do have spare capacity in the room so do come along if you are interested in seeing how lawyers think, communicate, and approach issues.

For law students, there is preparation to be done before the weekly law seminar (a one hour podcast to listen to plus pre-readings) non law student attendees are not required to do this.

8.3 Thursday Applied Security Seminar

The applied seminar for COMP6841 students (Thursday 6pm) is interactive and face to face during the session. You will not be able to watch it live during the session.

Non 6841 students are also welcome to attend - subject to the room not being full. We do have spare capacity in the room so do come along if you are interested in seeing and learning about applied security and technical attacks.

9. What you do in the course

There are three activities you do in the course which contribute to your final grade. These are set out below. More detail will be provided as each is released and they will be discussed in week 1 lectures. You can also get up to two bonus marks for being listed in the Hall of Fame.

1. Weekly Log Book (aka portfolio)
2. Self Selected Project "Something Awesome Project"
3. Exam

Specific details about how these activities are use to produce your overall course result are given on the Information pages for each course:

• COMP6441 specific information (including assessment and attendance)
• COMP6841 specific information (including assessment and attendance)
• LAWS3040 specific information (including assessment and attendance)

10. Bonus Marks

One bonus mark (two in extreme cases) added to your exam if you can get at least one thing into the Hall of Fame (aka the Pool Room). Your tutor (and sometimes the lecturers) will share in the Hall work which they find impressive. Includes great lightning presentations, getting a CVE of your own, impressive analysis posts, basically anything which really impresses. Judges' decision is final.

11. Lightning talks

If you find something interesting - share and teach your tutorial class in a lightning talk (and be eligible for the hall of fame), plus gather great evidence for your portfolio. Arrange with your tutor in advance. Talks go for 3 mins max at the start of the tutorial class. Everyone should aim to do at least one over the term.

12. Planning your time

One of your challenges in this course will be planning and managing your time. On average students should plan to devote 150 hours across weeks 1-10 to the course for credit level mastery.

Suggested 6441 Time Budget (x9 weeks)

• Lectures - 4h per week
• Tutorial, case study and weekly activities - 10h per week (less in week 10)
• Something Awesome project - 30 hours total

Suggested 6841 Time Budget (x9 weeks)

• Lectures - 4h per week
• Extended Seminar - 2h per week
• Tutorial, case study and weekly activities - 9h per week (less in week 10)
• Something Awesome project - 30 hours total

Suggested 3040 Time Budget (x9 weeks)

• Lectures - 2h per week (4h in week 1, 10)
• Law seminars and prep - 5-6h per week (1.5 h seminar; 1 h podcast; 3 h reading/prep approx weeks 2-10)
• Tutorial, case study and weekly activities - 5-6h per week (less in week 10).
• Something Awesome project - 30 hours total

There are many optional parts to this course and we expect and encourage you to make thoughtful choices about what you would like to learn and the skills you would like to develop. If you try to do a Rolls Royce job on every single part of the course there is a risk you will spend too much time on the course and get exhausted.

We suggest you limit yourself to the 150 hour budget above and only do more where you have a particular interest. Past students suggest plan to get the standard activities done first and only do the challenge ones to the extent you have time/interest. If your weekly reflection shows you are having difficulties completing the standard activities then speak to your tutor and your classmates and plan the best plan for you. Ideally you'll be able to do all the standard activities well but if not then we'd certainly rather you did some things well than everything superficially.

Note that you tick yourself off on activities they are not policed and we won't chase you up - so you *could* slack around and do none - but that's not helping you achieve what you wanted to achieve from the course. Don't waste the opportunity to develop, stretch yourself, and become awesome.

13. Assumed Computing Knowledge

• COMP6441 and COMP6841

You don't need to be able to write programs to take 6441, but should have some basic understanding of computing.

You should be able to program in C to take the extended course 6841.

Some of the topics in 6441 and 6841 will use programming concepts such as stack frames. In a few cases we refer to basic concepts from probability theory. Some of the topics involve working with cryptographic protocols require a little knowledge of algebra and modular arithmetic. A course in Discrete Maths is sufficient background for these mathematical topics.

• LAWS3040

LAWS3040 students do not need any particular technical background other than a general knowledge of computers and high school mathematics (being able to double aka calculate powers of 2 (1, 2, 4, 8, 16, 32, 64,...) helps if you attend the optional engineering lectures).

• Everyone :

In general less background than the above is ok PROVIDED THAT you are keen and prepared to teach yourself the things that you lack. Talk to your tutor if you have any questions about this.

14. Text and References

There is no textbook for the course.

Richard, Kris, and Lyria will give optional book/resource recommendations after most lectures for those interested in reading further.

Although there is no textbook for the course a reasonable general introduction to a number of the ideas is provided in

• Security Engineering , Ross Anderson, provides extensive discussion of how to think like a security engineer and many excellent war stories and case studies. It also brings to bear ideas from social science disciplines such as psychology and economics that are emerging as important new approaches to understanding security engineering at the systems scale.
• Applied Cryptography , Bruce Schneier, which is a wonderful compendium of all things cryptographic.

Many other intro cyber courses around the world use Stallings's book. It's ok I guess. Well it's not terrible but it's light and only covers a small number of the important topics. But if you want to check it out it's:

• Computer Security: Principles and Practice , W. Stallings and L. Brown, Pearson International, 2nd Edition, 2011.

A number of security books are available in the UNSW Library. If you find texts which we should ask the library to acquire let us know and we will.

15. Submitted work

This is an open course and we frequently share student submitted material for others to see and learn from. In this course submitting work means you give the university a perpetual royalty free license to use the submitted material in any way it wishes to advance education. This includes but is not limited to comments, assignments, questions, messages, uploaded content, exams, wiki text and activity submissions. If submission sharing might impact on your learning in the course please discuss this with us before you submit.

16. Plagiarism

UNSW takes plagiarism very seriously and if you are found to have engaged in plagiarism there can be terrible penalties. Plagiarism at UNSW means using the words or ideas of others without giving clear credit ie passing them off as your own.

You must (and you really should) read the full text of UNSW's policy regarding academic honesty and plagiarism .

If you have any questions about any of this please ask us. You really don't want to accidentally fall foul of the plagiarism rules.

17. Scaling

Raw exam marks, subjectively marked work such as the portfolio and project, and the overall course marks will be scaled to ensure a consistent standard from year to year, and to moderate any significant differences between individual markers.

18. Special Consideration

Students whose performance is affected by serious and un-foreseeable events outside their control can apply at the student centre for special consideration.

If special consideration is granted for the final exam you will be able to sit the supplementary exam or other supplementary assessment.

Special consideration for an assessment does not mean we adjust your marks for an assessment, it means that we permit you to submit the assessment late, or sometimes we'll require you to submit a supplementary assessment instead.

19. Supplementary Final Examination

If you are granted special consideration for the final exam then you will need to sit the course supplementary examination which is usually held shortly before the start of the following term. We do not schedule or control the Supplementary Examinations from inside the course - there are timetabled and managed centrally. If you may be sitting the supplementary exam it is up you to find out where and when it is held - and to chase this up if you do not think the information has been sent to you.

If you apply for special consideration for the final exam after the cut-off date set by the university then it will not be granted, and in cases where you are granted special consideration after the supplementary exam has already been held, then you will have to wait until the next time the course runs before sitting a supplementary exam. Sometimes we will nominate you for a supplementary examination even if you have not applied for special consideration if we think there is a good chance that will help you pass the course.

If you think there is a chance you might be awarded a supplementary exam then we strongly advise you to start preparing for the supplementary exam at once rather than waiting to receive the formal notification from the university (in case this does arrive until the last minute)

20. Late penalties for COMP6441 and COMP6841 (does not apply to LAWS3040 students)

The following late penalties apply to 6441 and 6841 students. Late penalties for 3040 students will follow Faculty of Law and Justice policies (but adding the no-penalty extension rule above).

Logbook submissions - missing logbook submissions won't be marked, and will be awarded 0.

Students who enrol in the course after Monday in week 1 will have their week 1 logbook assessed at the same time as their week 2 logbook, students who enrol after Monday in week 2 will have their week 1 logbook marked with their week 3 logbook, and their week 2 logbook marked with their week 4 logbook. Advise your tutor so they know this applies to you.

Other assessments - this is covered in the Assessment deadlines and late policy .

---

If you have any questions for staff about the course structure (above), rules, or operation you can ask us in the on the Help and FAQ page