CS 194-1: Computer Security

Sections:
104. Th 12:00-1:00, 320 Soda
101. Th 1:00-2:00, 320 Soda
102. Th 2:00-3:00, 320 Soda
103. Th 3:00-4:00, 320 Soda

Office Hours:
Joseph: Mondays and Tuesdays 1-2 pm in 675 Soda
Tygar: Mondays 1-2pm by appointment
Vazirani: Mondays 3-4pm in 671 Soda
Wagner: Wednesdays 1-2pm in 629 Soda
Huang: Tuesdays 2-4pm in 511 Soda
Kalvass: Wednesdays 4-6pm in 511 Soda
Sears: Wednesdays 12-2pm in 551 Soda
Tam: Wednesdays 2-4pm in 551 Soda

Announcements

Course Overview

Assignments, Projects, and Exams

Lectures

Readings from the textbooks are indicated as follows: P&P 1.2 denotes Pfleeger & Pfleeger, Chapter 1.2; A 1.2 denotes Anderson, Chapter 1.2. Optional readings are in parentheses.

P&P 4.2. (A 4.3.)

		Topic	Readings
1	Aug 29	Overview; intro to computer security	Slides [pdf 1].
2	Aug 31	Adversaries, threat models, security goals	Notes [ps 2] [pdf 2]. P&P 1.1-1.3. (A 1.5.)
3	Sept 2	Access control, authorization	Slides [pdf 3]. P&P 4.3, 4.4. (A 4.1, 4.2.)
	Sept 5	No class! Labor Day Holiday.
4	Sept 7	Network security intro	Slides [pdf 4]. (A 18.1.)
5	Sept 9	Networking background	Slides [pdf 5]. P&P 7.1.
6	Sept 12	Firewalls	Notes [ps 6] [pdf 6]. P&P 7.4. (A 18.3.1-18.3.3.)
7	Sept 14	Intrusion detection	Slides [pdf 7]. P&P 7.5. (A 18.5.)
8	Sept 16	Symmetric-key cryptography	Notes [ps 8] [pdf 8]. P&P 2.1, 2.5, 2.6. (A 5.1, 5.3.3.)
9	Sept 19	Block ciphers	Notes [ps 9] [pdf 9].
10	Sept 21	Public-key encryption; modular arithmetic	Notes [ps 10] [pdf 10]. P&P 2.7, 10.1 "Properties of Arithmetic" only, 10.3 "RSA Encryption" only. (A 5.3.4, 5.7.1.)
11	Sept 23	Message authentication, public-key signatures	Notes [pdf 11] P&P 2.8 "Digital Signatures" only. (A 5.3.5.)
12	Sept 26	Secure channels	Slides [pdf 12]. P&P 7.3 "Encryption" only. (A 18.3.4.)
13	Sept 28	Implementation flaws, buffer overruns	Notes [ps 13] [pdf 13]. P&P 3.2.
14	Sept 30	Software security: principles	Notes [ps 14] [pdf 14]. P&P 3.1.
15	Oct 3	Software security: defensive programming	Notes [ps 15] [pdf 15].
16	Oct 5	Secret sharing	Notes [ps 16] [pdf 16].
	Oct 7	Midterm 1
17	Oct 10	Cryptographic protocols, zero knowledge	Notes [pdf 17]
18	Oct 12	Zero knowledge protocols	Notes [ps 18] [pdf 18].
19	Oct 14	Authentication protocols	Slides [pdf 19]. P&P 4.5, 7.3 "Strong Authentication" only. (A 2.1, 2.2, 2.6, 3.1-3.3.)
20	Oct 17	Electronic cash protocols	Notes [ps 20] [pdf 20].
21	Oct 19	Random number generation	Notes [ps 21] [pdf 21].
	Oct 21	Project discussions	Notes [ps 22] [pdf 22].
23	Oct 24	E-commerce systems	Slides [pdf 23].
24	Oct 26	Worms and viruses	Slides [pdf 24]. P&P 3.3 "The Internet Worm", "Code Red". (A 18.4.)
25	Oct 28	Distributed denial of service	Slides [pdf 25].
26	Oct 31	Multi-level security, mandatory access control	Slides [pdf 26]. (A 7.1-7.3, 7.5, 23.1-23.3)
27	Nov 2	Database security, side channels	Slides [pdf 27]. P&P 6.1-6.5. (A 8.3.)
28	Nov 4	Database security, inference control (cont.)	Slides [pdf 28].
29	Nov 7	Operating system security, memory protection	Notes [ps 29] [pdf 29].
	Nov 9	Midterm 2
	Nov 11	No class! Veterans Day Holiday.
30	Nov 14	Isolation, sandboxing	Notes [ps 30] [pdf 30].
31	Nov 16	Language-based security; type- and memory-safe languages	(continuing in last lecture's notes)
32	Nov 18	Rights management, spyware, rootkits (case study)	Optional: Wired news article. (A 14.1-14.6.)
33	Nov 21	Web Security	Slides [pdf 31].
	Nov 23	No class! Thanksgiving Holiday.
	Nov 25	No class! Thanksgiving Holiday.
34	Nov 28	Quantum cryptography	Slides [pdf 32].
35	Nov 30	Watermarking	Slides [pdf 33].
36	Dec 2	Rootkits	Slides [pdf 34].
37	Dec 5	Review
38	Dec 7	Electronic voting	Slides [pdf 35]. Optional: Daily Show clip, 60 Minutes clip.
39	Dec 9	Review

Section Notes

Textbooks

The required textbook is Security in Computing (Charles P. Pfleeger, Shari Lawrence Pfleeger, 3rd ed., Prentice Hall, 2003). We will also provide lecture notes for most of the lectures.

The book Security Engineering (Ross Anderson, Wiley, 2001) is optional. It provides extra reading and background.

Note that you should not view the availability of lecture notes as a substitute for attending class: our discussion in class may deviate somewhat from the written material, and you should take your own notes as well.

Prerequisites

Grading Summary

Collaboration and Academic Integrity Policy

Homeworks are to be done individually, on your own (not in groups). Projects will be done in groups. The mechanics of project groups will be announced later in the semester.

For homeworks, you must always write up the solutions on your own. Similarly, you may use references to help solve homework problems, but you must write up the solution on your own and cite your sources. You may not share written work or programs with anyone else. You may not receive help on homework assignments from students who have taken the course in previous years, and you may not review homework solutions from previous years.

In writing up your homework you are allowed to consult the instructors, TAs, assigned texts, posted notes, and any materials cited by them. If you do so, you are required to cite your source(s). Simply copying an answer is not sufficient; you are expected to write it up in your own words, and you must be able to explain it if you are asked to do so. Your answers may refer to course material and to homeworks from earlier in the semester. You are not permitted to consult others in the class; you are not permitted to "Google for the answer" to homework questions.

Copying solutions or code, in whole or in part, from other students or any other source without acknowledgment constitutes cheating. Any student found to be cheating in this class will automatically receive an F grade and will also be referred to the Office of Student Conduct.

You should never read another student's solution or partial solution, nor have it in your possession, either electronically or on paper. You should write your homework solution strictly by yourself.

Presenting another person's work as your own constitutes cheating, whether that person is a friend, an unknown student in this class or a previous semester's class, a solution set from .

Presenting another person's work as your own constitutes cheating, whether that person is a friend, an unknown student in this class or a previous semester's class, a solution set from a previous semester of this course, or an anonymous person on the Web who happens to have solved the problem you've been asked to solve. Everything you turn in must be your own doing, and it is your responsibility to make it clear to the graders that it really is your own work. The following activities are specifically forbidden in all graded course work:

In our experience, nobody begins the semester with the intention of cheating. Students who cheat do so because they fall behind gradually and then panic. Some students get into this situation because they are afraid of an unpleasant conversation with a professor if they admit to not understanding something. We would much rather deal with your misunderstanding early than deal with its consequences later. Even if you are convinced that you are the only person in the class that doesn't understand the material, and that it is entirely your fault for having fallen behind, please overcome your feeling of guilt and ask for help as soon as you need it. Remember that the other students in the class are working under similar constraints--they are taking multiple classes and are often holding down outside employment. Don't hesitate to ask us for help--helping you learn the material is what we're paid to do, after all!

Warning

From time to time, we may discuss vulnerabilities in widely-deployed computer systems. This is not intended as an invitation to go exploit those vulnerabilities. It is important that we be able to discuss real-world experience candidly; students are expected to behave responsibly.

Berkeley policy is very clear: you may not break into machines that are not your own; you may not attempt to attack or subvert system security. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse.

Unethical or inappropriate actions may result in failing the course and being referred for further discipline.

Contact information

If you have a question, your best option is to post a message to the ucb.class.cs161 newsgroup. The staff (instructor and TAs) will check the newsgroup regularly. When using the newsgroup, please do not post answers to homework questions before the homework is due.

If your question is personal or not of interest to other students, you may send email to cs161@cory.eecs.berkeley.edu. Email to cs161@cory is forwarded to the instructor and all TAs. We prefer that you use the cs161@cory address, rather than emailing directly the instructor and/or your TA. If you wish to talk with one of us individually, you are welcome to come to our office hours. If the office hours are not convenient, you may make an appointment with any of us by email.

The instructor and TAs may post announcements, clarifications, etc. to the class newsgroup. Hence you should read the newsgroup regularly whether you post questions to it or not. If you've never done this before, there is online information about how to access UCB newsgroups (see also here for more).

CS 194-1, Fall 2005 Computer Security

People