Instructors:
Anthony Joseph
(675 Soda Hall)
Doug Tygar
(531 Soda Hall)
TAs:
Marco Barreno
(barreno_AT_eecs.berkeley.edu)
Todd Kosloff (koslofto_AT_eecs.berkeley.edu)
Lectures:
MW, 9:30-11am, 306 Soda
Sections:
101. Th 10:00-11:00, 320 Soda
102. Th 11:00-12:00, 320 Soda
103. Th 3:00-4:00, 320 Soda
Office Hours:
Joseph: M, Tu 3-4pm in 675 Soda
Tygar: M 1-2pm in 531 Soda
Barreno: M 2-3pm, Th 1-2pm in 551 Soda
Kosloff: M 3-4pm, Th 4-5pm in 535 Soda
(Or by appointment)
Web page:
http://www.cs161.org/
(previous class web pages can be found at the cs161 archives.)
List of course topics (tentative):
Projects are due at 11:59pm on their due dates. Each project group has 3 late days to spread across project deadlines for the semester.
Homeworks:
There will be two programming projects.
Exams:
The following schedule is tentative and subject to change. Attendance at lectures is mandatory (we may periodically take attendance).
Readings from the textbooks are indicated as follows: G 1.2 denotes Gollmann, Chapter 1.2; A 1.2 denotes Anderson, Chapter 1.2. Optional readings are in parentheses.
| Topic | Readings | ||
| 1 | Aug 28 | Overview; intro to computer security, adversaries, security goals. [J] |
Slides [pdf 1]. G 1.1-2.5. (A 1.5). |
| 2 | Aug 30 | Threat models, access control, authorization. [J] |
Slides
[pdf 2]. G 3.1-4.7, 6.1-7.5. (A 1.5, 4.1, 4.2.) |
| Sept 4 | No class! Labor Day Holiday. | ||
| 3 | Sept 6 | Network security war stories and networking background. [J] |
Slides [pdf 3]. G 13.1-13.3, 13.5. (A 18.1.) |
| 4 | Sept 11 | Symmetric-key cryptography, block ciphers. [T] |
Slides [pdf 4]. G 11.1. (A 5.1, 5.3.3.) |
| 5 | Sept 13 | Public-key encryption, modular arithmetic. [T] |
Slides [pdf 5]. G 11.2. (A 5.3.4, 5.7.1.) |
| 6 | Sept 18 | Message authentication, public-key signatures, secret sharing. [T] |
Slides [pdf 6]. G 11.3-11.5. (A 5.3.5.) |
| 7 | Sept 20 | Cryptographic protocols. [T] |
Slides [pdf 7]. G 11.6-11.7. (A 5.3.5.) |
| 8 | Sept 25 | Zero-knowledge protocols. [T] |
Slides (see last lecture).
(Optional reading: Rabin's original paper, a set of lecture notes from Yale) |
| 9 |
Sept 27 | Authentication protocols. [T] |
Slides [pdf 8]. G 12.1-12.5, 15.6-15.7. (A 2.1, 2.2, 2.6, 3.1-3.3.) |
| 10 | Oct 2 | Firewalls. [J] |
Slides [pdf 9]. G 13.4-6. (A 18.3.) |
| 11 | Oct 4 |
Midterm review [TA] |
Slides Part 1: [Part 1 pdf 10] Part 2: [Part 2 pdf 10]. |
| Oct 9 |
Midterm 1 | |
|
| 12 | Oct 11 | Web security, intrusion detection. [J] |
Slides [pdf 11].
G 13.7. (A 18.5.) |
| 13 | Oct 16 | Implementation flaws, buffer overruns, software security (principles). [J] |
Slides [pdf 12]. G 14.1-14.6. |
| 14 | Oct 18 |
Software security (defensive programming). [J] |
Slides [pdf 13]. G 14.7. |
| 15 | Oct 23 | Isolation, sandboxing, language-based security (type- and memory-safe languages) [J] |
Slides [pdf 14]. G 15.1-15.6. |
| 16 | Oct 25 |
Random number generation. [T] |
Slides [pdf 15]. G 5.1-5.4, 8.1-10.8, 15.8 (A 7.1-7.3, 7.5, 23.1-23.3) |
| 17 | Oct 30 |
Multi-level security. [T] |
Slides [pdf 16]. G 17.1-17.7 (A 8.3.) |
| 18 | Nov 1 | Midterm 2 review [TA] |
Slides Part 1: [Part 1 pdf 17] Part 2: [Part 2 pdf 17]. |
| Nov 6 | Midterm 2 |
||
| 19 | Nov 8 |
Database security (side channels,
inference control). [T] |
Slides (see October 30th). |
| 20 | Nov 13 |
Watermarking, DRM. [T] |
Slides [pdf 18]. |
| 21 | Nov 15 | E-commerce. [T] | Slides [pdf 19]. |
| 22 | Nov 20 | Worms and viruses, Distributed Denial of Service. [J] |
Slides [pdf 20]. (A 18.4.) |
| Nov 22 | No class! Thanksgiving Day Holiday. | |
|
| 23 | Nov 27 |
Operating system security, memory protection, rootkits [J] |
Slides [pdf 21]. |
| 24 | Nov 29 |
Electronic voting [J] |
Slides [pdf 22]. Optional: Daily Show clip, 60 Minutes clip. |
| 25 | Dec 4 | Midterm 3 review [TA] | Slides Part 1: [Part 1 pdf 23] Part 2: [Part 2 pdf 23]. |
| 26 | Dec 6 |
Midterm 3 |
The required textbook is Computer Security, 2nd Edition ( Dieter Gollmann, Wiley, 2006). We will also provide lecture notes for most of the lectures.
The book Security Engineering (Ross Anderson, Wiley, 2001) is optional. It provides extra reading and background. The book is available online, but we encourage you to purchase a copy.
Note that you should not view the availability of lecture notes as a substitute for attending class: our discussion in class may deviate somewhat from the written material, and you should take your own notes as well.
Homeworks are to be written up individually, on your own (not in groups). You may discuss the problems with one another, under the condition that you list your collaborators on your writeup. While you may work together in developing a solution, each student must write up their solution independently. You must never look at another student's written solution. Projects will be done in groups. You are expected to fully collaborate with the other students in your group. You may not share code with other groups. You may discuss your project with other groups, on the condition that you list the names of the people outside your group who you discuss things with on your writeup.
For homeworks, you must always write up the solutions on your own. Similarly, you may use references to help solve homework problems, but you must write up the solution on your own and cite your sources, including any other students you have worked with. You may not share written work or programs with anyone else. You may not receive help on homework assignments from students who have taken the course in previous years, and you may not review homework solutions from previous years.
In writing up your homework you are allowed to consult the instructors, TAs, assigned texts, posted notes, and any materials cited by them. If you do so, you are required to cite your source(s). Simply copying an answer is not sufficient; you are expected to write it up in your own words, and you must be able to explain it if you are asked to do so. Your answers may refer to course material and to homeworks from earlier in the semester. You are not permitted to consult others in the class; you are not permitted to "Google for the answer" to homework questions.
Copying solutions or code, in whole or in part, from other students or any other source without acknowledgment constitutes cheating. Any student found to be cheating in this class will automatically receive an F grade and will also be referred to the Office of Student Conduct.
You should never read another student's solution or partial solution, nor have it in your possession, either electronically or on paper. You should write your homework solution strictly by yourself.
Presenting another person's work as your own constitutes cheating, whether that person is a friend, an unknown student in this class or a previous semester's class, a solution set from a previous semester of this course, or an anonymous person on the Web who happens to have solved the problem you've been asked to solve. Everything you turn in must be your own doing, and it is your responsibility to make it clear to the graders that it really is your own work. The following activities are specifically forbidden in all graded course work:
In our experience, nobody begins the semester with the intention of cheating. Students who cheat do so because they fall behind gradually and then panic. Some students get into this situation because they are afraid of an unpleasant conversation with a professor if they admit to not understanding something. We would much rather deal with your misunderstanding early than deal with its consequences later. Even if you are convinced that you are the only person in the class that doesn't understand the material, and that it is entirely your fault for having fallen behind, please overcome your feeling of guilt and ask for help as soon as you need it. Remember that the other students in the class are working under similar constraints--they are taking multiple classes and are often holding down outside employment. Don't hesitate to ask us for help--helping you learn the material is what we're paid to do, after all!
From time to time, we may discuss vulnerabilities in widely-deployed computer systems. This is not intended as an invitation to go exploit those vulnerabilities. It is important that we be able to discuss real-world experience candidly; students are expected to behave responsibly.
Berkeley policy is very clear: you may not break into machines that are not your own; you may not attempt to attack or subvert system security. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse.
Unethical or inappropriate actions may result in failing the course and being referred for further discipline.
If you have a question, your best option is to post a message to the
ucb.class.cs161 newsgroup.
The staff (instructor and TAs) will check the newsgroup regularly.
When using the newsgroup, please do not post answers to homework
questions before the homework is due.
If your question is personal or not of interest to other students,
you may send email to
cs161_AT_cory.eecs.berkeley.edu.
Email to cs161@cory is forwarded to the instructor and all TAs. We
prefer that you use the cs161@cory address, rather than
emailing directly the instructor and/or your TA.
If you wish to talk with one of us individually, you are welcome
to come to our office hours.
If the office hours are not convenient,
you may make an appointment with any of us by email.
The instructor and TAs may post announcements, clarifications, etc. to the class newsgroup. Hence you should read the newsgroup regularly whether you post questions to it or not. If you've never done this before, there is online information about how to access UCB newsgroups (see also here for more).
Mail inquiries to
cs161_AT_cory.eecs.berkeley.edu.