Cybersecurity Supervisions

Course Pages
Past Papers
SEED Labs
Markus Kuhn Exercises
Wenliang Du book
Ross Anderson Book

Blurb

You’re probably seeing this because I will be your supervisor for Cybersecurity this year - welcome!

I set you quite a few questions, but they should be quick to solve, and I’m confident you’ll do well, even with revision looming. Your supervision work will consist of Past Papers, Security Exercises from Markus Kuhn’s edition of the course, and SEED labs.

I trust you already have the SEED lab environments set up, and if not, now is the high time to do so! These labs are a vital part of the course, and you will see some of them assigned in the supervision work. While we will probably not have time to go over the SEED labs in much detail in the supervisions, you are still asked to complete them and show your work by the indicated supervisions. For more detailed help, please make sure you’re available to attend the Intel Lab sessions.

This course has three supervisions, and with exams coming up, we must keep on schedule - we should aim to have the supervisions as soon as you can, to leave time for uninterrupted revision in the last week or two.

I’m happy to supervise Online, in the Computer Lab, or in Churchill. For online supervisions I will be calling you on Teams, I’ll follow this up with you closer to. Please let me know if you have any questions or requests re- course or scheduling. Also, let me know what kind of supervisions you prefer so I can put out more slots like that.

Please book supervisions through KuDoS, and make sure you’re in contact with your supervision partners. If there are any issues, or you are otherwise not on track to complete your work by the time you booked, let me know - I much prefer to postpone the supervision but get complete work.

Supervision 1

To take place after lecture 4

1. Introduction
   • Kuhn Exercises Questions 1-5 (as 3-mark questions)
   • Kuhn Exercises Questions 15-16 (as 5-mark questions)
2. Fundamentals of Access Control
   • 2021 Paper 4 Question 6 (a)
   • Kuhn Exercises Questions 6-8
   • SEED Lab: Environment_Variable_and_SetUID

Supervision 2

To take place after lecture 8

1. Software Security
   • 2024 Paper 4 Question 8
   • SEED Lab: Buffer_Overflow_Setuid
   • SEED Lab: Web_SQL_Injection
2. Authentication
   • 2024 Paper 4 Question 7
3. Human Factors
   • If you wanted to steal my password, how would you go about it?
   • Check your guesses against this bcrypt hash: $2b$12$gAMJML2.9ZtEuA7Q6zh04uQzt9dghaWpYRZa6VF4rsgVMmoYSlT8.
   • Note: the above is a fake but realistic password. If you actually manage to find a real password of mine, I will be very impressed, but please do not go further than that and attempt to edit or read any of my data, lock me out, etc.

Supervision 3

To take place after lecture 12

1. Web and internet security
   • 1997 Paper 9 Question 9
2. Web and internet security
   • SEED lab: Web_XSS_Elgg
3. Human factors
   • 2014 Paper 7 Question 13 (a b e)
4. Additional topics
   • 2023 Paper 4 Question 8

Revision

Things that I am not setting as supervision work, but you should do before exams.

1. Past Papers:
   • 2023 Paper 4 Question 7
   • 2021 Paper 4 Question 6 (b)
   • 2014 Paper 7 Question 13
   • 2016 Paper 7 Question 14
   • 2017 Paper 7 Question 14
   • This is a relatively new course, so as you might not be seeing enough past papers to satisfy your revision apetite, have a look at the following previous courses:
     Security,
     Security I,
     Security II,
     Introduction to Security.
2. SEED labs:
   • Return to libc
   • CSRF
3. Kuhn Exercises:
   • Questions 14, 18, 19, 20, 22, 23.