Courses

I have taken following courses: EECE 512: Topics in Computer Security EECE 571B: Multimedia Info Security EECE 519: Computer-Supported Collaborative Work EECE 511: Special Topics in Software Engineering EECE 412: Computer Security CPSC 421: Introduction to Theory of Computing EECE 512: Topics in Computer Security, Spring 2005, by Prof Konstantin Beznosov "The purpose of this course is to help students in learning the principles of computer and information security in general and of constructing secure systems in particular. Students are expected to learn the research side of the main areas of modern computer security. In this course, the students will make their first steps towards graduate-level research in, or related to, computer and information security." Course project: PARS: A Peer-to-Peer Approach to Authorization Recycling in Large-scale Enterprise Systems EECE 571B: Multimedia Info Security, Spring 2005, by Prof Jane Wang "This course is interdisciplinary and covers issues across a number of areas, including security, multimedia, signal processing, cryptology, coding, and communication theory. It is designed to reflect the challenges of what the multimedia community has to face to meet the needs of multimedia security and distribution." Course project: Steganalysis of Spread Spectrum Data Hiding (with Wing-Keong Woo) Outline: In this project, we will look into the exisitng steganalysis methods of spread spectrum data hiding, and try to come out new method. EECE 519: Computer-Supported Collaborative Work, Spring 2005, by Prof Lee Iverson "This course is designed as a research course covering the essential principles that need to be embodied in computer and network systems designed to facilitate human collaboration. The term Computer-Supported Collaborative Work (CSCW) is often used to refer to the field of research that covers these systems." Course project: Building Decentralized Digital Libraries: A P2P Approach EECE 511: Special Topics in Software Engineering , Fall 2004, by Prof Philippe Kruchten "This course covers advanced topics in software engineering. We will explore in depth some difficult topics in planning and estimating, in software architecture, in software project management, etc. We will examine new emerging approaches, such as agile methods, and some of the social and economical ramifications of software development. " Course project: Software Security: Building Software with Better Security Abstract: While software security is becoming an increasing concern for both business users and individual users, the security solutions to date are mostly disappointing: new flaws are announced everyday, sometime for crucial pieces of software. Conventional solutions are afterthought, such as releasing patches and building firewalls only after the problems are identified. In this paper, we argue that these are not long-time ways to assure software security. Instead, we propose to incorporate security concerns at the early stage of software development. The paper describes a security-enhanced waterfall model: the classic waterfall process with the principles and best practices in security engineering. Furthermore, six other common applied development processes and models are also discussed in the paper. EECE 412: Computer Security , Fall 2004, by Prof Konstantin Beznosov "The purpose of this course is to help students in learning the principles of computer and information security in general and of constructing secure systems in particular. " Course project: A Security Analysis of UBC Wireless Network (with Wing-Keong Woo, Joyce Hsien-Yin Chiang, and Johnson Ming-Che Tsai) Abstract: The security policies of the UBC wireless network are concerned with origin integrity, i.e. authentication, and availability. To enforce origin integrity, users of the UBC wireless network are required to login via one of the three types of authentication mechanisms, known as Quick-Connect, VPN-PPTP and VPN-IPsec. If Quick-Connect is used, we analyzed that an adversary is able to use the authorized user's login to access the network without his knowledge. If VPN-PPTP is used, we analyzed that an adversary may be able to recover the authorized user's account name and password, and hence will be able to access the network. We analyzed that the group password used in the VPN-IPsec may be recovered, which may then lead to a man-in-the-middle and further attacks. To enforce availability, monitoring systems are setup to log users' consumption of bandwidth. However, the correctness of the log is dependent on the correctness of the authentication mechanisms, which are vulnerable. Hence the log may be incorrect and may lead to actions taken against innocent users for over-consumption of bandwidth. We conclude that the security policies may be breached due to the vulnerabilities of the authentication mechanisms, and follow up with discussions to rectify them. CPSC 421: Introduction to Theory of Computing , Fall 2004, by Prof Joel Friedman "This course will cover introductory computer science theory, using the text Introduction to the Theory of Computation by Michael Sipser. "

Home Research Courses Album