INFO2222 · Computing 2 Usability and Security
Computing 2 Usability and Security
INFO2222 Computing 2 Usability and Security is the University of Sydney's second-year, 6-credit-point unit in the School of Computer Science, and it is deliberately built from two connected halves taught by two examiners. Weeks 1-5 are human-computer interaction and usability — the six usability goals (effectiveness, efficiency, safety, utility, learnability, memorability), user experience, user-centred design, prototyping, usability evaluation and the human factors (perception, memory, Fitts' law, accessibility) that constrain any interface. Weeks 6-12 are computer security and cryptography — Kerckhoff's principle and hashing, symmetric and public-key cryptography, Diffie-Hellman key exchange, identification and authentication, TCP/IP and TLS, software and web security (XSS, SQL injection, static/dynamic/symbolic analysis), and the professional and legal frame of IT ethics and data-privacy law. The whole unit of study feeds the final exam, which is worth 50%: a supervised 80-minute (plus 10 minutes reading) closed-book bring-your-own-device Canvas quiz of 40 multiple-answer questions totalling 100 marks (30 questions at 2 marks and 10 at 4 marks), with negative marking, sat in the formal examination period. Continuous assessment is a set of in-class quizzes worth 10% (only your best 5 of 10 count, at 2% each) and a three-phase group project worth 40% (Phase 1 5%, Phase 2 10%, Phase 3 25%). Two hurdles govern the unit: you must score at least 40% on the final exam and reach an overall mark of at least 50 to pass, and each project has a report hurdle. Confirm every weight, hurdle and permitted-materials detail on Canvas and the USyd unit outline, since exact dates shift each year; a steady semester here also protects the Weighted Average Mark (WAM) that later computer-science units build on.
What INFO2222 covers
INFO2222 runs as two connected halves: Weeks 1-5 build human-computer interaction (usability goals, user-centred design, prototyping, evaluation and human factors), while Weeks 6-12 build computer security and cryptography (symmetric and public-key crypto, authentication, network and software/web security, and professional ethics and privacy). Every week feeds the final exam, which is worth 50% and tests both halves as 40 multiple-answer questions with negative marking. Continuous in-class quizzes (best 5 of 10 = 10%) and a 40% team project round out the assessment.
How INFO2222 is assessed
| Component | Weight | Format |
|---|---|---|
| In-class quiz — Week 2 (early feedback) | 0% | In-lecture quiz on Weeks 1-2 content |
| Weekly in-class quizzes — Usability (Weeks 3-6) | 4% | In-lecture quizzes; best 2 of 4 count at 2% each |
| Weekly in-class quizzes — Security (Weeks 7-12) | 6% | In-lecture quizzes; best 3 of 6 count at 2% each |
| Project Phase 1 | 5% | Written group-project proposal (due Week 3) |
| Project Phase 2 | 10% (7% + 3%) | Progress report & designs (7%) + tutorial demo/presentation (3%), due Week 6 |
| Project Phase 3 | 25% (15% + 10%) | Final report, source code & designs (15%) + video/tutorial demo & presentation (10%), due Week 11 |
| Final Exam | 50% | Supervised 80-minute closed-book BYOD Canvas quiz, formal exam period |
Diffie-Hellman: two parties agree a key over a public channel
- +1Alice's public value A = g^a mod p = 5^8 mod 23. Use exponentiation by squaring: 5^2 = 25 ≡ 2, 5^4 ≡ 2^2 = 4, 5^8 ≡ 4^2 = 16. So A = 16 — this is what Alice sends over the public channel.
- +1Bob's public value B = g^b mod p = 5^5 mod 23 = 5^4 · 5 ≡ 4 · 5 = 20. So B = 20 — this is what Bob sends. Note that a and b themselves are never transmitted; only A and B travel over the wire.
- +1Each party raises the value it RECEIVED to its own secret. Alice computes K = B^a mod p = 20^8 mod 23. Since 20 ≡ −3 (mod 23), 20^8 ≡ (−3)^8 = 3^8; and 3^2 = 9, 3^4 ≡ 12, 3^8 ≡ 12^2 = 144 ≡ 6. So Alice gets K = 6.
- +1Bob independently computes K = A^b mod p = 16^5 mod 23. 16^2 = 256 ≡ 3, 16^4 ≡ 3^2 = 9, 16^5 ≡ 9 · 16 = 144 ≡ 6 — the same K = 6 = g^(ab) mod 23. An eavesdropper sees g, p, A = 16 and B = 20 but would have to recover a from A = g^a mod p, which is the Discrete Logarithm Problem — easy to compute forward, believed hard to reverse for a large prime, and the whole basis of the scheme's security.
Key terms
- Usability goals (the six)
- The measurable qualities that make an interface good to use: effectiveness (does what it should), efficiency (supports the task well), safety (protects the user from dangerous or unwanted states), utility (offers the right functionality), learnability (easy to learn) and memorability (easy to remember once learned). Not all can be maximised at once — designers trade them off.
- User-Centred Design (UCD)
- A design approach that places the user at the centre of every activity. Its three Gould & Lewis (1985) principles are an early focus on users and tasks, empirical measurement of real users with prototypes, and iterative design. The cycle runs Requirements → Design alternatives → Prototyping (lo-fi/hi-fi) → Evaluation, looping back.
- CIA triad
- The three core security properties. Confidentiality — data is accessible only to authorised parties; Integrity — data cannot be altered undetected; Availability — the system stays usable by legitimate users. Cryptography adds authentication and non-repudiation on top.
- Kerckhoff's principle
- A system's security should rest on the secrecy of the key alone, not on the design staying hidden. Algorithms should be public and openly reviewed; only the key is secret. The opposite — hoping attackers never learn the mechanism — is 'security through obscurity' and is unsafe.
- Diffie-Hellman key exchange
- A protocol letting two parties agree a shared secret over a public channel. With public g and prime p, Alice sends A = g^a mod p and Bob sends B = g^b mod p; each derives K = g^(ab) mod p by raising the received value to its own secret. Security rests on the hardness of the Discrete Logarithm Problem; the secret is never transmitted.
- SQL injection
- A web attack where malicious SQL is inserted through user input that is concatenated straight into a query — e.g. entering alice' OR '1'='1 makes the WHERE clause always true and bypasses login. Defended with parameterised (prepared) statements and input validation/sanitisation, never string concatenation.
INFO2222 FAQ
Is INFO2222 hard?
It is broad rather than deeply mathematical. The unit deliberately spans two very different halves — human-computer interaction and usability in Weeks 1-5, then computer security and cryptography in Weeks 6-12 — each taught by a different examiner, so the real challenge is keeping a lot of concepts, methods and mechanisms straight rather than mastering one hard idea. The teaching team states the exam will not ask you to write out equations (Fitts' law), calculate statistics or recall specific numbers, so marks go to understanding why a method or control matters, its advantages and disadvantages, and applying it in a scenario. The crypto side involves light modular-arithmetic notation (C = Enc(K, M), K = g^(ab) mod p) but no heavy derivations. Students who keep up with the weekly in-class quizzes and the group project rather than cramming through STUVAC tend to find it manageable, and steady work protects the WAM.
Can AI help me with INFO2222?
Yes, as a step-by-step study aid. Sia is an AI tutor built to mirror how INFO2222 is actually taught and assessed at the University of Sydney: it can walk you through a Diffie-Hellman shared-key computation, explain why only the space of unique salts defeats a rainbow table, trace an SQL-injection payload, or contrast static, dynamic and symbolic analysis one step at a time, and it checks your reasoning as you go. Bring your own tutorial or practice question and ask Sia to explain each step. It does not do graded assessment for you — no quiz answers, no project work — and the University of Sydney academic-integrity policy still applies. Use it to understand the method, not to produce work you submit.
Where can I find past exam papers / practice for INFO2222?
Start on Canvas, where the unit posts its revision material, the Week 12 exam Q&A session and any practice quizzes that mirror the multiple-answer format, and search the University of Sydney Library's past-exam-paper collection for any released papers. Because the final is a bring-your-own-device Canvas quiz, the weekly in-class quizzes are the closest match to its style and are worth rehearsing. This guide also includes a re-authored practice exam that mirrors the paper's shape — usability method selection, cryptography, authentication and software-security items — with fresh numbers, and you can ask Sia to generate extra practice in the same style and explain each step. Treat any third-party 'model answers' with caution and confirm what is officially provided on Canvas.
What are the INFO2222 hurdles and assessment rules?
There are two exam-related conditions to pass the unit: you must score at least 40% on the final exam AND achieve an overall mark of at least 50; failing either can cap your final mark at 45 under School of Computer Science policy. The group project adds report hurdles — Phase 2 requires at least 40% on the progress report and Phase 3 at least 40% on the final report (the demo and presentation sub-parts are not the hurdle). Only your best 5 of the 10 in-class quizzes count (best 2 of 4 usability quizzes plus best 3 of 6 security quizzes, 2% each = 10%); the Week 2 quiz is early feedback at 0%. Confirm the exact weights, hurdles and late-penalty rules on your Canvas Assessments page and the unit outline.
What is on the INFO2222 final exam?
One supervised 80-minute Canvas quiz (plus 10 minutes reading time), worth 50% and sat in the formal examination period. It is closed-book, but you may bring one double-sided A4 sheet of handwritten or typed notes with your SID. The paper is 40 multiple-answer questions totalling 100 marks — 30 questions worth 2 marks (recall-oriented) and 10 worth 4 marks (apply/reflect) — and it uses negative marking, so blind guessing is penalised, especially on the 4-mark items. Expect a roughly even spread across both halves: usability goals, UCD, prototyping, evaluation-method selection and human factors from Weeks 1-5, then cryptography, authentication, TLS, software/web security and IT ethics from Weeks 6-12. The revision guidance is to reason and apply rather than memorise numbers. The exam sits in the University of Sydney Semester 1, 2027 formal exam period (around June 2027) — confirm the exact date, time and permitted materials on Canvas and the USyd exam timetable.
How to study for the exam
Treat INFO2222 as two linked subjects rather than one reading unit, and rehearse both every week instead of cramming through STUVAC. For the Weeks 1-5 usability half, learn to apply and select rather than recite: be able to name the six usability goals, choose an evaluation method for a given constraint (with users vs without users; controlled vs natural vs analytical), justify a prototyping-fidelity choice, and reason qualitatively about Fitts' law and accessibility without writing any equation — the exam explicitly rewards understanding over recall. For the Weeks 6-12 security half, drill the small mechanisms until they are automatic: a Diffie-Hellman shared-key computation, why a unique per-user salt forces per-user work on an attacker, the difference between the hash properties (pre-image, second-pre-image, collision resistance), the TLS and TCP handshakes in order, and how an SQL-injection or XSS payload works and is defended. Because the final is 40 multiple-answer questions with negative marking, practise deciding when you actually know an option versus when you are guessing — on the 4-mark questions a wrong guess costs you. Build a one-page map linking each week to its examinable ideas and use it as your permitted A4 note sheet. Keep up with the weekly in-class quizzes (best 5 of 10) and the three project phases, since the report hurdles and the exam hurdle both gate the unit. When a concept won't click, ask Sia to explain that single step a different way and set you a fresh practice question in the same style; it teaches the method and checks your reasoning, and never substitutes for your own graded work. Confirm the exam date, permitted materials and hurdle rules on Canvas and the University of Sydney exam timetable.
Your AI Computer Science tutor for INFO2222
Stuck on a hard INFO2222 question? Sia is AskSia’s AI Computer Science tutor — ask any INFO2222 Computing 2 Usability and Security question and get a clear, step-by-step explanation grounded in how the course is actually taught and assessed. Read this whole study guide free, then take your hardest questions to Sia.