CS 161, Fall 2008 Computer Security

People

Instructor:
Dawn Song (675 Soda Hall)

TA's:
Prateek Saxena (prateeks@eecs.berkeley.edu)

Lecture:
MW 9:00am-10:30am, 310 Soda

Discussion sections:

102: Th 2:00pm - 3:00pm, 87 Evans (No discussion sections first week - Begin on Sep 4th !)

Office hours:
Song: Tu 3-5pm, 675 Soda
Prateek: F 2-4pm, 517 Soda
(or by appointment)

Note: Please only contact the instructor or TA's directly by email if you have an issue that only relates to you personally. If you have a question about the course or material in general, please post to the newsgroup or send mail to the mailing list. That way the response will be visible to the entire class. Thanks!

Communications

Web page:
Current: http://inst.eecs.berkeley.edu/~cs161/fa08/
Previous semesters: http://inst.eecs.berkeley.edu/~cs161/archives.html

Mailing list:
cs161-fall08@lists.eecs.berkeley.edu
https://lists.eecs.berkeley.edu/sympa/info/cs161-fall08
The mailing list may be used for important announcements, so all students must be on it. If you missed the first lecture or didn't write your email address on the sheet that was passed around, be sure to subscribe yourself.

Usenet:
Newsgroup: ucb.class.cs161
Server: news.berkeley.edu (from campus), authnews.berkeley.edu (off campus)
See http://www.net.berkeley.edu/usenet/.

Course Schedule

The course syllabus includes information on lecture topics, readings, and assignment related deadlines.

Course Overview

This course will cover the most important features of computer security, including topics such as cryptography, operating systems security, network security, and language-based security. After completing this course, students will be able to analyze, design, and build secure systems of moderate complexity.

List of course topics (tentative):

• Introduction to computer security. Basic concepts, threat models, common security goals.
• Cryptography and cryptographic protocols, including encryption, authentication, message authentication codes, hash functions, one-way functions, public-key cryptography, secure channels, zero knowledge in practice, cryptographic protocols and their integration into distributed systems, and other applications.
• Software security. Secure software engineering, defensive programming, buffer overruns and other implementation flaws. Language-based security: analysis of code for security errors, safe languages, and sandboxing techniques.
• Operating system security. Memory protection, access control, authorization, authenticating users, enforcement of security, security evaluation, trusted devices, digital rights management.
• Network security. Firewalls, intrusion detection systems, DoS attacks and defense. Case studies: DNS, IPSec.
• Malicious code analysis and defense. Worms, spyware, rootkits, botnets, etc., and defenses against them.
• Web security. XSS attacks and defenses, etc.
• Advanced topics and case studies, to be chosen according to instructor and student interest. (Possible examples: privacy, mobile code, digital rights management and copy protection, trusted devices, denial of service and availability, network based attacks, security and the law, electronic voting, quantum cryptography, penetration analysis, ethics, full disclosure.)

Prerequisites

You must have taken CS 61C (Machine Structures). Also, you must have taken either Math 55 or CS 70 (Discrete Mathematics).

Assignments, Projects, and Exams

• 2 exams both in class. The first exam (midterm) covers parts 1 and 2 of the course, and the second exam (final) covers parts 3,4,5. Both are closed book. Tentative date for the midterm is 10/22, and the final exam is on 12/10.
  Practice Questions for Midterm Exam
  Midterm Exam
  Practice Questions for Final Exam
  
• 5 Homeworks. A tentative schedule for handout and due dates of homeworks is:
  
  

  	Handout Date	Due Date	Graded By
  Homework 1            Solutions HW1	09/15	09/24	09/28
  Homework 2 Solutions HW2	09/25	10/02	10/05
  Homework 3 Solutions HW3	10/06	10/15	10/19
  Homework 4 Solutions HW4	11/12	11/19	11/23
  Homework 5 Solutions HW5	11/26	12/03	12/05

  
  
• 3 Projects. Projects will be done in groups of two, and will involve substantial implementation of systems security related code. Detailed explainations of the assignements will be handed stating submission requirements and grading details.
  
  

  	Handout Date	Due Date	Graded By
  Project 1	10/01	10/20	10/24
  Project 2	10/27	11/17	11/20
  Project 3 (Hints)	11/19	12/14	--

Grading Summary

• 20% Homeworks (4% each)
• 40% Projects (5% Project 1, 15% Project 2, 20% Project 3)
• 20% Midterm exam
• 20% Final exam

Textbooks

The required textbook is Computer Security, 2nd Edition (Dieter Gollmann, Wiley, 2006). Reading assignments will be given from this book. Security in Computing, 4th Edition , by Charles P. Pfleeger, Shari Lawrence Pfleeger, is an optional textbook. Another optional book is the book Security Engineering (Ross Anderson, Wiley, 2001) is optional. It provides extra reading and background. The book can be accessed online here or you can purchase a copy. We will also provide lecture notes and slides for most of the lectures.

Note on Security Vulnerabilities

From time to time, we may discuss vulnerabilities in computer systems. This is not intended as an invitation to go exploit those vulnerabilities! It is important that we be able to discuss real-world experience candidly; everyone is expected to behave responsibly. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse.