University of Sydney · S1 2027 · FACULTY OF COMPUTER SCIENCE

INFO2222 · Computing 2 Usability and Security

- one subject, every graph, every model, every mark
50% final exam · hurdle12 Chapters133-page Bible
Our own words - no uploaded lecturer files
Built to mirror S1 2027 · updated this semester
The Complete Exam Bible · S1 2027

Computing 2 Usability and Security

— Every INFO2222 topic worked for the USyd exam — user-centred design, prototyping, evaluation, human factors, cryptography, authentication, TLS, software & web security, and IT ethics & privacy.

INFO2222 Computing 2 Usability and Security is the University of Sydney's second-year, 6-credit-point unit in the School of Computer Science, and it is deliberately built from two connected halves taught by two examiners. Weeks 1-5 are human-computer interaction and usability — the six usability goals (effectiveness, efficiency, safety, utility, learnability, memorability), user experience, user-centred design, prototyping, usability evaluation and the human factors (perception, memory, Fitts' law, accessibility) that constrain any interface. Weeks 6-12 are computer security and cryptography — Kerckhoff's principle and hashing, symmetric and public-key cryptography, Diffie-Hellman key exchange, identification and authentication, TCP/IP and TLS, software and web security (XSS, SQL injection, static/dynamic/symbolic analysis), and the professional and legal frame of IT ethics and data-privacy law. The whole unit of study feeds the final exam, which is worth 50%: a supervised 80-minute (plus 10 minutes reading) closed-book bring-your-own-device Canvas quiz of 40 multiple-answer questions totalling 100 marks (30 questions at 2 marks and 10 at 4 marks), with negative marking, sat in the formal examination period. Continuous assessment is a set of in-class quizzes worth 10% (only your best 5 of 10 count, at 2% each) and a three-phase group project worth 40% (Phase 1 5%, Phase 2 10%, Phase 3 25%). Two hurdles govern the unit: you must score at least 40% on the final exam and reach an overall mark of at least 50 to pass, and each project has a report hurdle. Confirm every weight, hurdle and permitted-materials detail on Canvas and the USyd unit outline, since exact dates shift each year; a steady semester here also protects the Weighted Average Mark (WAM) that later computer-science units build on.

INFO2222 · University of Sydney
An independent, AskSia-authored study guide. AskSia is not affiliated with, endorsed by, or sponsored by University of Sydney; the course code and name are used for identification only.
Contents · the whole subject, one map

What INFO2222 covers

INFO2222 runs as two connected halves: Weeks 1-5 build human-computer interaction (usability goals, user-centred design, prototyping, evaluation and human factors), while Weeks 6-12 build computer security and cryptography (symmetric and public-key crypto, authentication, network and software/web security, and professional ethics and privacy). Every week feeds the final exam, which is worth 50% and tests both halves as 40 multiple-answer questions with negative marking. Continuous in-class quizzes (best 5 of 10 = 10%) and a 40% team project round out the assessment.

Assessment

How INFO2222 is assessed

ComponentWeightFormat
In-class quiz — Week 2 (early feedback)0%In-lecture quiz on Weeks 1-2 content
Weekly in-class quizzes — Usability (Weeks 3-6)4%In-lecture quizzes; best 2 of 4 count at 2% each
Weekly in-class quizzes — Security (Weeks 7-12)6%In-lecture quizzes; best 3 of 6 count at 2% each
Project Phase 15%Written group-project proposal (due Week 3)
Project Phase 210% (7% + 3%)Progress report & designs (7%) + tutorial demo/presentation (3%), due Week 6
Project Phase 325% (15% + 10%)Final report, source code & designs (15%) + video/tutorial demo & presentation (10%), due Week 11
Final Exam50%Supervised 80-minute closed-book BYOD Canvas quiz, formal exam period
Worked example · free

Diffie-Hellman: two parties agree a key over a public channel

Q [4 marks]. Alice and Bob use Diffie-Hellman key exchange with public generator g = 5 and public prime p = 23. Alice's secret is a = 8; Bob's secret is b = 5. Compute the value A Alice sends, the value B Bob sends, and the shared key K each of them derives. State exactly what an eavesdropper who sees g, p, A and B would have to solve to recover the key. (4 marks)
  • +1Alice's public value A = g^a mod p = 5^8 mod 23. Use exponentiation by squaring: 5^2 = 25 ≡ 2, 5^4 ≡ 2^2 = 4, 5^8 ≡ 4^2 = 16. So A = 16 — this is what Alice sends over the public channel.
  • +1Bob's public value B = g^b mod p = 5^5 mod 23 = 5^4 · 5 ≡ 4 · 5 = 20. So B = 20 — this is what Bob sends. Note that a and b themselves are never transmitted; only A and B travel over the wire.
  • +1Each party raises the value it RECEIVED to its own secret. Alice computes K = B^a mod p = 20^8 mod 23. Since 20 ≡ −3 (mod 23), 20^8 ≡ (−3)^8 = 3^8; and 3^2 = 9, 3^4 ≡ 12, 3^8 ≡ 12^2 = 144 ≡ 6. So Alice gets K = 6.
  • +1Bob independently computes K = A^b mod p = 16^5 mod 23. 16^2 = 256 ≡ 3, 16^4 ≡ 3^2 = 9, 16^5 ≡ 9 · 16 = 144 ≡ 6 — the same K = 6 = g^(ab) mod 23. An eavesdropper sees g, p, A = 16 and B = 20 but would have to recover a from A = g^a mod p, which is the Discrete Logarithm Problem — easy to compute forward, believed hard to reverse for a large prime, and the whole basis of the scheme's security.
A = 5^8 mod 23 = 16, B = 5^5 mod 23 = 20, and both parties derive the shared key K = g^(ab) mod 23 = 6 (Alice via B^a, Bob via A^b). An eavesdropper who captures g, p, A and B still cannot get K without solving the Discrete Logarithm Problem (recovering a from g^a mod p), which is believed computationally infeasible for a large prime — so the secret is agreed without ever being sent.
Sia tip — The classic trap is to send or combine the secrets directly: the key is NOT g^(a+b), and neither a nor b ever crosses the channel. Each side raises the OTHER party's public value to its own secret. If you want the modular-exponentiation drill checked line by line, ask Sia to walk the exponentiation-by-squaring — it explains the method and checks your working, it never just hands over the answer.
Glossary

Key terms

Usability goals (the six)
The measurable qualities that make an interface good to use: effectiveness (does what it should), efficiency (supports the task well), safety (protects the user from dangerous or unwanted states), utility (offers the right functionality), learnability (easy to learn) and memorability (easy to remember once learned). Not all can be maximised at once — designers trade them off.
User-Centred Design (UCD)
A design approach that places the user at the centre of every activity. Its three Gould & Lewis (1985) principles are an early focus on users and tasks, empirical measurement of real users with prototypes, and iterative design. The cycle runs Requirements → Design alternatives → Prototyping (lo-fi/hi-fi) → Evaluation, looping back.
CIA triad
The three core security properties. Confidentiality — data is accessible only to authorised parties; Integrity — data cannot be altered undetected; Availability — the system stays usable by legitimate users. Cryptography adds authentication and non-repudiation on top.
Kerckhoff's principle
A system's security should rest on the secrecy of the key alone, not on the design staying hidden. Algorithms should be public and openly reviewed; only the key is secret. The opposite — hoping attackers never learn the mechanism — is 'security through obscurity' and is unsafe.
Diffie-Hellman key exchange
A protocol letting two parties agree a shared secret over a public channel. With public g and prime p, Alice sends A = g^a mod p and Bob sends B = g^b mod p; each derives K = g^(ab) mod p by raising the received value to its own secret. Security rests on the hardness of the Discrete Logarithm Problem; the secret is never transmitted.
SQL injection
A web attack where malicious SQL is inserted through user input that is concatenated straight into a query — e.g. entering alice' OR '1'='1 makes the WHERE clause always true and bypasses login. Defended with parameterised (prepared) statements and input validation/sanitisation, never string concatenation.
FAQ

INFO2222 FAQ

Is INFO2222 hard?

It is broad rather than deeply mathematical. The unit deliberately spans two very different halves — human-computer interaction and usability in Weeks 1-5, then computer security and cryptography in Weeks 6-12 — each taught by a different examiner, so the real challenge is keeping a lot of concepts, methods and mechanisms straight rather than mastering one hard idea. The teaching team states the exam will not ask you to write out equations (Fitts' law), calculate statistics or recall specific numbers, so marks go to understanding why a method or control matters, its advantages and disadvantages, and applying it in a scenario. The crypto side involves light modular-arithmetic notation (C = Enc(K, M), K = g^(ab) mod p) but no heavy derivations. Students who keep up with the weekly in-class quizzes and the group project rather than cramming through STUVAC tend to find it manageable, and steady work protects the WAM.

Can AI help me with INFO2222?

Yes, as a step-by-step study aid. Sia is an AI tutor built to mirror how INFO2222 is actually taught and assessed at the University of Sydney: it can walk you through a Diffie-Hellman shared-key computation, explain why only the space of unique salts defeats a rainbow table, trace an SQL-injection payload, or contrast static, dynamic and symbolic analysis one step at a time, and it checks your reasoning as you go. Bring your own tutorial or practice question and ask Sia to explain each step. It does not do graded assessment for you — no quiz answers, no project work — and the University of Sydney academic-integrity policy still applies. Use it to understand the method, not to produce work you submit.

Where can I find past exam papers / practice for INFO2222?

Start on Canvas, where the unit posts its revision material, the Week 12 exam Q&A session and any practice quizzes that mirror the multiple-answer format, and search the University of Sydney Library's past-exam-paper collection for any released papers. Because the final is a bring-your-own-device Canvas quiz, the weekly in-class quizzes are the closest match to its style and are worth rehearsing. This guide also includes a re-authored practice exam that mirrors the paper's shape — usability method selection, cryptography, authentication and software-security items — with fresh numbers, and you can ask Sia to generate extra practice in the same style and explain each step. Treat any third-party 'model answers' with caution and confirm what is officially provided on Canvas.

What are the INFO2222 hurdles and assessment rules?

There are two exam-related conditions to pass the unit: you must score at least 40% on the final exam AND achieve an overall mark of at least 50; failing either can cap your final mark at 45 under School of Computer Science policy. The group project adds report hurdles — Phase 2 requires at least 40% on the progress report and Phase 3 at least 40% on the final report (the demo and presentation sub-parts are not the hurdle). Only your best 5 of the 10 in-class quizzes count (best 2 of 4 usability quizzes plus best 3 of 6 security quizzes, 2% each = 10%); the Week 2 quiz is early feedback at 0%. Confirm the exact weights, hurdles and late-penalty rules on your Canvas Assessments page and the unit outline.

What is on the INFO2222 final exam?

One supervised 80-minute Canvas quiz (plus 10 minutes reading time), worth 50% and sat in the formal examination period. It is closed-book, but you may bring one double-sided A4 sheet of handwritten or typed notes with your SID. The paper is 40 multiple-answer questions totalling 100 marks — 30 questions worth 2 marks (recall-oriented) and 10 worth 4 marks (apply/reflect) — and it uses negative marking, so blind guessing is penalised, especially on the 4-mark items. Expect a roughly even spread across both halves: usability goals, UCD, prototyping, evaluation-method selection and human factors from Weeks 1-5, then cryptography, authentication, TLS, software/web security and IT ethics from Weeks 6-12. The revision guidance is to reason and apply rather than memorise numbers. The exam sits in the University of Sydney Semester 1, 2027 formal exam period (around June 2027) — confirm the exact date, time and permitted materials on Canvas and the USyd exam timetable.

Study strategy

How to study for the exam

Treat INFO2222 as two linked subjects rather than one reading unit, and rehearse both every week instead of cramming through STUVAC. For the Weeks 1-5 usability half, learn to apply and select rather than recite: be able to name the six usability goals, choose an evaluation method for a given constraint (with users vs without users; controlled vs natural vs analytical), justify a prototyping-fidelity choice, and reason qualitatively about Fitts' law and accessibility without writing any equation — the exam explicitly rewards understanding over recall. For the Weeks 6-12 security half, drill the small mechanisms until they are automatic: a Diffie-Hellman shared-key computation, why a unique per-user salt forces per-user work on an attacker, the difference between the hash properties (pre-image, second-pre-image, collision resistance), the TLS and TCP handshakes in order, and how an SQL-injection or XSS payload works and is defended. Because the final is 40 multiple-answer questions with negative marking, practise deciding when you actually know an option versus when you are guessing — on the 4-mark questions a wrong guess costs you. Build a one-page map linking each week to its examinable ideas and use it as your permitted A4 note sheet. Keep up with the weekly in-class quizzes (best 5 of 10) and the three project phases, since the report hurdles and the exam hurdle both gate the unit. When a concept won't click, ask Sia to explain that single step a different way and set you a fresh practice question in the same style; it teaches the method and checks your reasoning, and never substitutes for your own graded work. Confirm the exam date, permitted materials and hurdle rules on Canvas and the University of Sydney exam timetable.

Study INFO2222 with AI

Your AI Computer Science tutor for INFO2222

Stuck on a hard INFO2222 question? Sia is AskSia’s AI Computer Science tutor — ask any INFO2222 Computing 2 Usability and Security question and get a clear, step-by-step explanation grounded in how the course is actually taught and assessed. Read this whole study guide free, then take your hardest questions to Sia.

A+Everything unlocked
Unlocks this Bible + all 38 of your University of Sydney subjects - and 1,000+ Bibles across every Australian university.
Sia - your INFO2222 tutor, unlimited, worked the way the exam marks it
The full 133-page Bible + practice bank with worked solutions
Chrome extension - sync your LMS so Sia knows your deadlines
Bilingual EN / Chinese on every Bible and every Sia answer
$25/ month
30-day money-back · cancel in one tap · how it works
Unlock the full INFO2222 Bible + 38 University of Sydney subjects解锁完整 INFO2222 Bible + University of Sydney 38 门科目
$25/mo