Mark Vella - Computer Science Dept.

  • Home
  • Lectures
  • Research
  • Misc.
  • Contacts

CPS1011

CPS2004

CPS2010

CPS3232

CPS5123

CIS3111

CPS5130

DLT5400

CPS1011 - Programming Principles (in C)

This unit is intended as a first programming course and takes the student step by step through a number of fundamental concepts including basic language constructs (assignment, branching and loops) and data types, abstract data types, dynamic memory management, preprocessor directives, debugging and library linking.

Topics:

  1. 1. Programming principles. Reading: [Text] chapters 1,2. Supplementary: [1].[notes]
  2. 2. Data flow. Reading: [Text] chapters 3-5. Supplementary: [2].[notes]
  3. 3. Control flow and standard I/O. Reading: [Text] chapter 6-8. Supplementary: [2].
    4. [notes]
  4. 4. Modularity and an introduction to pointers. Reading: [Text] chapter 9. Supplementary: [2].[notes]
  5. 5. Compound data types. Reading: [Text] chapters 10,11,14. Supplementary: [2].[notes]
  6. 6. File I/O. Reading: [Text] chapter 13. Supplementary: [2].[notes]
  7. 7. Storage classes, allocated memory and dynamic arrays. Reading: [Text] chapter 12. Supplementary: [1].[notes]
  8. 8. Abstract data types, libraries and linking. Reading: [Text] chapter 17, [2] chapter 6. Supplementary: [1].[notes]

Textbook:

  1. [Text] C Primer Plus (6th edition). Stephen Prata. Addison-Wesley, 2013. ISBN 978-0321928429

References:

  1. [1] Expert C Programming: Deep C Secrets. Peter van der Linden. Prentice Hall, 1994. ISBN 978-0131774292
  2. [2] The C Programming Language. BW Kernighan, DM Ritchie. Prentice-Hall, 1988. ISBN 0-13-110362-8

CPS2004 - Object Oriented Programming

This study-unit provides an in-depth view of the object-oriented paradigm with special emphasis on the differences between representative technologies within the paradigm. In particular the study-unit focuses on Java and C++ as two major implementations of the paradigm. Design techniques for OO systems will also be discussed and demonstrated. Students will also gain familiarity with different OO styles, such as Prototype-based programming. Students will be exposed to OO programming tools and practices used in industry today. This course prepares each attendee to undertake programming jobs in industry using Object Oriented programming languages.

Topics:

  1. 1. Object-Oriented Programming (OOP): Concepts and tools. Classes, objects, hierarchies and composition. Messaging. Abstraction, Polymorphism, Ineheritance, Encapsulation. Class anatomy, Multiple inheritance, Object assignment, Exceptions. Toolset: UML, VS Code IDE on Linux/WSL2/MacOS, C++ toolchain: CMake, gcc/clang, Java toolchain: Maven, JDK, sdkman. Reading: [Text-OO] chapters 1-4.[notes]
  2. 2. C++: An introduction and OO language features. Language overview in terms of a C superset Basic language syntax and features. Working with data and memory. OOP language support: from structs to classes Access labels, constructors, destructors, member qualifiers. Single inheritance, implementation inheritance. Reading: [Text-C++] chapters 1-2, 3. (Classes, inheritance).[notes]
  3. 3. OOP in C++: Class hiearchies and composition. Inheritance through subclassing. Method overloading . Multiple inheritance. Polymorphism, virtual functions and dynamic binding. Composition with a first look at the STL container classes. Reading: [Text-C++] chapter 3. (Multiple inheritance, polymorphism, composition).[notes]
  4. 4. C++: Language essentials. Operator overloading. Runtime safety - Copy and move semantics. The Rules of 3/5/0. Smart pointers. Further safety provisions: Safe type casting, protected inheritance and immutable classes. Generic programming. Generic programming with templates. The STL container classes. Reading: [Text-C++] chapters 3. (Operator overloading), 5-6. [notes]
  5. 5. Java: An introduction & OO language features. The Java ecosystem. Basic syntax. Classes and objects. Encapsulation, Inheritance, Interfaces. Overloading, overriding and hiding. Polymorphism. Abstract classes. Memory management and Garbage Collection. Reading: [Text-Java] chapters 1, 2, 9 (Garbage collection, Java Memory Model). [notes]
  6. 6. Java: Further OO language features. Support for interfaces but not for multiple inheritance. Class java.lang.Object. Primitive and reference types. Type conversion. Reading: [Text-Java] chapters 3, 6. [notes]
  7. 7. Java: Language essentials. Runtime safety with Exception handling and Immutable classes. I/O streams. Application packaging with Java Archive (JAR) files. Speeding up Java applications with native code. The Java Native Interface (JNI) and its uses. Native methods, static blocks, JNIEnv* and jobject. JNI types, passing primitive and reference types as arguments. Calling back into Java. Building and executing. Reading: [Text-Java] chapters 4, 5, 9. Reference: [1]. [notes]
  8. 8. OO Design. Designing for code maintenance and reuse. Avoiding dependencies and highly-coupled classes. SOLID principes. An introduction to Design Patterns. Creational design patterns. Reading: [Text-OO] chapters 10-12. [Text-patterns] chapter 3.[notes]
  9. 9. Structural design patterns. Reading: [Text-patterns] chapter 4. Reference: [5]. [notes]
  10. 10. Further OOP: Portable Object Persistence, Distributed Object and OO Scripting. Portable object persistence with protocol buffers in C++ and Java, polyglot. Distributed OOP covering RPC, OO RPC, gRPC in C++ and Java, polyglot. Javascript, Dynamic typing, Duck typing, prototype-based OO, JSON Object serialization. Reference: [2], [3], [4].[notes]

Main texts:

  1. [Text-OO] Weisfeld, M. (2019). The Object-Oriented Thought Process (Developer's library), 5th edition. Addison-Wesley. ISBN-10: 0135181968, ISBN-13: 978-0135181966.
  2. [Text-C++] Grigoryan, V. and Wu, S. (2020). Expert C++: Become a proficient programmer by learning coding best practices with C++17 and C++20's latest features. Packt Publishing. ISBN-10:‎ 1838552650, ISBN-13: 978-1838552657.
  3. [Text-Java] Samoylov, N. (2022). Learn Java 17 Programming: Learn the fundamentals of Java Programming with this updated guide with the latest features, 2nd Edition. Packt Publishing. ISBN-10:‎ 1803241438, ISBN-13: 978-1803241432.
  4. [Text-Patterns] Wengner, M. and Souza, B. (2023). Practical Design Patterns for Java Developers: Hone your software design skills by implementing popular design patterns in Java. Packt Publishing. ISBN-10:‎ 180461467X, ISBN-13: 978-1804614679.

References:

  1. [1] Guide to JNI (Java Native Interface) - https://www.baeldung.com/jni
  2. [2] Svekis, L.L., et al.. (2021) JavaScript from Beginner to Professional. Packt Publishing. ISBN-10:‎ 1800562527, ISBN-13: 978-1800562523.
  3. [3] Protocol Buffers Documentation - https://protobuf.dev
  4. [4] gRPC Documentation - https://grpc.io/docs
  5. [5] Spring Boot Tutorial – Bootstrap a Simple Application - https://www.baeldung.com/spring-boot-start

CPS2010 - Security By Design

The study-unit will introduce students to the foundational concepts of security by design, address the legal aspects of security, and then delve into the Secure Development Lifecycle as a framework for the rest of the unit.

Topics:

  1. 1. Design matters for application security: Security objectives, Shortcomings of the security specialist approach, Driving security through design, Shallow vs Deep modeling: A Case Study [3DS-2], Laws and standards, Scope of this course: Back-ends for connected systems, Shift left vs Security By Design. Reading: [Text-Main] Chapters 1,2. Supplementary [11], [15], [20].[notes]
  2. 2. Reliable application platforms: Reliability, Application frameworks, Cloud-native computing, Application Observability, Case Studies: Spring Boot Application Framework, Kubernetes container orchestration, Observability with Spring Boot Actuator/Prometheus/Grafana and OpenTelemetry/Jaeger. Readings: [Text-Main] Chapter 10, [Text-DevOps] Chapters 1,4,5,6 [Text-Spring] Chapters 1-7. Supplementary: [2], [4], [5], [6], [10], [17].[notes]
  3. 3. Access Control and Robustness: Externalizing cross-cutting security concerns, Identity and Access Management, Cryptography, Operational Security, Robustness, Design for availability, Operational High-Availability. Case study: KrakenD API gateway, Keycloak Identity Provider, OpenSSL PKI. Readings: [Text-Authorization] OAuth2, OIDC, JWT. [Text-Authorization] Chapters 1,5,10,11 [Text-Main] Section 9. Supplementary: [1], [7], [12], [13], [14], [17], [18], [19].[notes]
  4. 4. Design for Resilience: Resilience, Resilience through: Deep modeling, Comprehensive Validation, Secure handling of failures; Auditing, Code constructs;, Case studies: Java records and Lombok's @Builder, JPA Entity Constraints and Java Bean Validation, Domain Invariants in Service Components, Spring Data JPA Auditing, Event Sourcing and Command Query Responsibility Segregation (an introductory overview), Final word: Specialized Security. Readings: [Text-main] Chapters 3-6, Sections 7.2-4, Sections 9.1-4, Chapter 14 [Text-Authorization] Chapter 13. Supplementary: [3], [8], [9], [16], [21]. [notes]

Main texts:

  1. [Text-Main] Daniel Deogun, Dan Bergh Johnsson and Daniel Sawano. "Secure By Design, First Edition". Manning, 2019. ISBN-13: 978-1617294358.
  2. [Text-DevOps] Gaurav Agarwal. "Modern DevOps Practices: Implement, secure, and manage applications on the public cloud by leveraging cutting-edge tools 2nd Edition". Packt Publishing, 2024. ISBN-13: ‎978-1805121824.
  3. [Text-Spring] Juha Hinkula. "Full Stack Development with Spring Boot and React - Third Edition: Build modern and scalable web applications using the power of Java and React". Packt Publishing, 2022. ISBN-13: ‎978-1801816786.
  4. [Text-Authorization] Mike Chapple. "Control and Identity Management (Information Systems Security & Assurance), 3rd Edition". Jones & Bartlett Learning. 2020. ISBN-13: 978-1284198355.

References:

  1. [1] David Wong. "Real-World Cryptography". Manning, 2021. ISB13: 978-1617296710.
  2. [2] https://12factor.net/
  3. [3] https://docs.axoniq.io/reference-guide
  4. [4] https://www.baeldung.com/spring-tutorial
  5. [5] https://www.baeldung.com/spring-boot-12-factor
  6. [6] https://www.baeldung.com/distributed-systems-observability
  7. [7] https://www.baeldung.com/postman-keycloak-endpoints
  8. [8] https://www.baeldung.com/spring-boot-bean-validation
  9. [9] https://www.baeldung.com/axon-cqrs-event-sourcing
  10. [10] https://www.baeldung.com/learn-jpa-hibernate
  11. [11] https://digital-strategy.ec.europa.eu/en/policies/cybersecurity
  12. [12] https://www.golinuxcloud.com/openssl-create-certificate-chain-linux/
  13. [13] https://www.keycloak.org/getting-started/getting-started-kube
  14. [14] https://www.krakend.io/docs/overview/
  15. [15] https://medium.com/@nurtured_tree_dog_201/difference-between-security-by-design-and-shift-left-f3313c2e7a72
  16. [16] Premanand Chandrasekaran and Karthik Krishnan. "Domain-Driven Design with Java - A Practitioner's Guide: Create simple, elegant, and valuable software solutions for complex business problems". Packt Publishing, 2022.
  17. [17] Jones, H. (2021, July). Going beyond reliability to robustness and resilience in space life support systems. 50th International Conference on Environmental Systems.
  18. [18] Arnold, Z., Dua, S., Huang, W., Faisal, M., Qin, M., & Abu Taleb, M. (2020). The Kubernetes Workshop: Learn how to build and run highly scalable workloads on Kubernetes. Packt Publishing.
  19. [19] https://auth0.com/docs/authenticate/protocols
  20. [20] https://www.cisa.gov/resources-tools/resources/secure-by-design
  21. [21] https://www.baeldung.com/database-auditing-jpa

CPS3232 - Applied Cryptography

This study-unit is aimed at providing students with the capability of designing secure systems based on cryptographic principles. Cryptography-based mechanisms are nowadays found at the heart of various security-critical applications ranging from 'traditional' environments such as government, military and banking applications, to 'Internet-age' applications including web and email clients/servers, e-commerce, e-voting, e-gaming and smart phone applications amongst others. Knowledge and practical experience acquired from this study-unit prepares students with the ability to design and implement such applications. Based on the most rigorous type of security mechanisms, these applications inherit the security guarantees associated with the employed cryptographic primitives and protocols.

Topics:

  1. 1. Overview of Applied Cryptography, Classic Ciphers, Introduction to Cryptanalysis, Randomness and cipher security. Reading: [Text] chapter 1. Supplementary: [1,3].[notes]
  2. 2. The One-Time Pad and Perfect secrecy, Cryptographically Strong Pseudo Random Stream Generators, Stream Ciphers, LFSRs, Trivium. Reading: [Text] chapter 2. Supplementary: [1,4,5].[notes]
  3. 3. Pseudo Random Functions/Permutations, Block Ciphers, S-boxes, DES. Reading: [Text] chapter 3. Supplementary: [1,4,5].[notes]
  4. 4. Secure/lightweight DES alternatives, Algebraic S-box design, AES, Block Cipher Modes. [Text] chapters 3, 4, 5.1, 5.3. Supplementary: [1,3,4,5].[notes]
  5. 5. The need for Public Key Cryptography and Cryptographic Hash Functions to complement Symmetric Ciphers. [Text] chapters 6.1, 6.2, 11.1, 11.2, 12.1, 12.2, 10.1. [notes]
  6. 6. Trapdoor one-way permutations based on computational number theory foundations: The Extended Euclidean Algorithm, Fermat's little theorem and Euler's phi. [Text] chapter 6. Supplementary: [1,3,4,5].[notes]
  7. 7. The RSA problem, the RSA cipher, Ancillary algorithms for RSA implementation, Attacks on RSA implementations. [Text] chapter 7. Supplementary: [1,3,4,5].[notes]
  8. 8. The Discrete Logarithm Problem and Group Theory pre-requisites, The Diffie-Hellman Key Exchange, El-Gamal encryption. [Text] chapter 8.1-8.5. Supplementary: [1,3,4,5].[notes]
  9. 9. Public Key Infrastructures and Secure Key Establishment Protocols. [Text] chapter 13. Supplementary: [2,4].[notes]

Textbook:

  1. [Text] Understanding Cryptography: A Textbook for Students and Practitioners: Christof Paar and Jan Pelzl. Publisher: Springer, 1st Edition, 2010, ISBN-10: 3642041000, ISBN-13: 978-3642041006.

References:

  1. [1] Applied Cryptography. Bruce Schneier. Publisher: Wiley, 2nd Edition, 1996, ISBN-10: 0471117099, ISBN-13: 978-0471117094
  2. [2] Cryptographic security protocols: SSL and TLS. https://www.ibm.com/docs/en/ibm-mq/7.5?topic=ssl-overview-tls-handshake
  3. [3] Discrete and combinatorial Mathematics: An Applied Introduction. Ralph P Grimaldi. Publisher: Addison Wesley, 5th Edition, 2003, ISBN-10: 0201726343, ISBN-13: 978-020172634
  4. [4] Handbook of Applied Cryptography. Alfred Menezes, Paul van Oorschot, and Scott Vanstone. Publisher: CRC Press, 1996, ISBN-10: 0849385237, ISBN-13: 978-0849385230
  5. [5] Introduction to Modern Cryptography, 2nd Edition. Publisher: Chapman and Hall/CRC Press, 2014, ISBN-10: 1466570261 ISBN-13: 978-1466570269.

CPS5123 - Systems Security

This study-unit takes a technical approach to computer security, specifically focusing on understanding the adversaries targeting system software in the form of exploits, malware and their launchers. Knowledge of the inner workings of these malicious artifacts is fundamental to understand the limitations of operating system security controls, and to configure intrusion detection systems to prevent and/or detect future security violations, as well as in recovering from past successful ones. This study-unit touches on aspects of systems/low-level programming and debugging, reverse engineering and digital forensics, and therefore an aptitude to carry out practical tasks using these techniques is a must. Given their current popularity and the opportunities provided to attackers to reach their malicious intent, this study-unit currently focuses on Microsoft Windows workstations, Linux application servers and Android smartphones.

Topics:

  1. 1. Operating Systems: Security controls. Readings: [1] - Chapter 9; [3] - Chapter 1; [7] - Metasploit fundamentals, Post exploitation module reference. [notes]
  2. 2. Windows (Workstation) security. Readings: [1] - Chapter 11; [3] - Chapters 4,5. [notes]
  3. 3. Windows (Workstation) adversarial tactics. Readings: [3] - Chapter 6,8,10,12; [5]; [6]; [7] - Post exploitation module reference; [8]; [9]; [10];[notes]
  4. 4. Linux (Application Server) in/security. Readings: [1] - Chapter 10.1-7; [4] - Chapters 1-4; [notes]
  5. 5. Android (Smartphone) in/security. Readings: Chapter 10.8; [2] - Chapters 1-3; [notes]

Main references (books):

  1. [1] Andrew S Tanenbaum and Herber Bos. “Modern Operating Systems, Fourth Edition”, Pearson Eduction, 2014. ISBN-13: 978-1292061429.
  2. [2] Elenkov, N. "Android security internals: An in-depth guide to Android's security architecture", No Starch Press, 2014. ISBN-13: 978-1593275815.
  3. [3] Kleymenov, A and Thabet A. "Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks". Packt Publishing, 2019. ISBN-13 : 978-1789610789.
  4. [4] Ryan O’Neill, “Learning Linux Binary Analysis”, Packt publishing, 2016. ISBN-13 : 978-1782167105.

Main references (misc resources):

  1. [5] Cox, R. (2007). Regular expression matching can be simple and fast (but is slow in java, perl, php, python, ruby,...). Available online at http://swtch. com/rsc/regexp/regexp1.html
  2. [6] Kolosnjaji, B., Zarras, A., Webster, G., & Eckert, C. (2016, December). Deep learning for classification of malware system call sequences. In Australasian Joint Conference on Artificial Intelligence (pp. 137­149). Springer, Cham.
  3. [7] Offensive Security. “Metasploit Unleashed”. Available online at https://www.offensive-security.com/metasploit-unleashed/
  4. [8] Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., & Nicholas, C. K. (2018, June). Malware detection by eating a whole exe. In Workshops at the Thirty­Second AAAI Conference on Artificial Intelligence.
  5. [9] Regéciová, D., Kolář, D., & Milkovič, M. (2021). Pattern Matching in YARA: Improved Aho­Corasick Algorithm. IEEE Access, 9, 62857­62866.
  6. [10] yara. “Writing YARA rules”. Available online at https://yara.readthedocs.io/en/stable/writingrules.html

CIS3111 - Cloud Computing

Unit segment- Container orchestration for secure cloud-native applications. [notes]

CPS5130 - Research Topics in Computer Science

Systems security and diagnostics areas. [research area overview]

CPS5400 - DLT Implementation and Internals

Unit segment- Cryptographic hash functions for DLT. [notes]