This page is archived. It is kept only for reference purposes, so it is no longer being updated and may not meet accessibility standards. If you need this content in a different format, please email inst@eecs.berkeley.edu.

CS 161, Spring 2008 Computer Security

People

Instructor:
Dawn Song (675 Soda Hall)

TA's:
John Bethencourt (bethenco@cs.berkeley.edu)
Todd Kosloff (koslofto@cs.berkeley.edu)
Rusty Sears (sears@cs.berkeley.edu)

Lecture:
MW 2:30pm-4:00pm, 306 Soda

Discussion sections:
101: Tu 11:00am - 12:00pm, 4 Evans
102: Tu 5:00pm - 6:00pm, 85 Evans
103: W 10:00am - 11:00am, 5 Evans

Office hours:
Song: W 5-6pm, 675 Soda
Bethencourt: F 2-4pm, 517 Soda
Kosloff: M 4-6pm, 711 Soda or 535 Soda
Sears: Tu 12-2pm, 711 Soda
(or by appointment)

Note: Please only contact the instructor or TA's directly by email if you have an issue that only relates to you personally. If you have a question about the course or material in general, please post to the newsgroup or send mail to the mailing list. That way the response will be visible to the entire class. Thanks!

Communications

Web page:
Current: http://inst.eecs.berkeley.edu/~cs161/sp08/
Previous semesters: http://inst.eecs.berkeley.edu/~cs161/archives.html

Mailing list:
cs161-spring08@lists.eecs.berkeley.edu
https://lists.eecs.berkeley.edu/sympa/info/cs161-spring08
The mailing list may be used for important announcements, so all students must be on it. If you missed the first lecture or didn't write your email address on the sheet that was passed around, be sure to subscribe yourself.

Usenet:
Newsgroup: ucb.class.cs161
Server: news.berkeley.edu (from campus), authnews.berkeley.edu (off campus)
See http://www.net.berkeley.edu/usenet/.

Course Schedule

The course schedule includes information on lecture topics, readings, and assignment related deadlines.

Course Overview

This course will cover the most important features of computer security, including topics such as cryptography, operating systems security, network security, and language-based security. After completing this course, students will be able to analyze, design, and build secure systems of moderate complexity.

List of course topics (tentative):

  • Introduction to computer security. Basic concepts, threat models, common security goals.
  • Cryptography and cryptographic protocols, including encryption, authentication, message authentication codes, hash functions, one-way functions, public-key cryptography, secure channels, zero knowledge in practice, cryptographic protocols and their integration into distributed systems, and other applications.
  • Software security. Secure software engineering, defensive programming, buffer overruns and other implementation flaws. Language-based security: analysis of code for security errors, safe languages, and sandboxing techniques.
  • Operating system security. Memory protection, access control, authorization, authenticating users, enforcement of security, security evaluation, trusted devices, digital rights management.
  • Network security. Firewalls, intrusion detection systems, DoS attacks and defense. Case studies: DNS, IPSec.
  • Malicious code analysis and defense. Worms, spyware, rootkits, botnets, etc., and defenses against them.
  • Web security. XSS attacks and defenses, etc.
  • Advanced topics and case studies, to be chosen according to instructor and student interest. (Possible examples: privacy, mobile code, digital rights management and copy protection, trusted devices, denial of service and availability, network based attacks, security and the law, electronic voting, quantum cryptography, penetration analysis, ethics, full disclosure.)

Prerequisites

You must have taken CS 61C (Machine Structures). Also, you must have taken either Math 55 or CS 70 (Discrete Mathematics).

Assignments, Projects, and Exams

  • 2 Exams. The midterm exam covers the first half of the course, and the final exam covers the second half of the course. Both are closed book.
    • Midterm solution and explanation

  • 5 Homeworks. Three homework assignments will be given in the first half of the course and two will be given in the second.
    • HW1, solution HW1

    • HW2, solution HW2

    • HW3, solution HW3

    • HW4, solution HW4

    • HW5, solution HW5

    • HW6, solution HW6

  • 1 Project. The project will be done in groups of four, and will involve substantial implementation of systems security related code. Two milestone submissions will be due during the semester; the first will consist of a design document, timetable, and group work breakdown and the second will consist of updates to these plus working code which implements the most rudimentary features. The final submission of code and writeups will be at the end of the semester.
    • Project description

    • Additional information for Milestone 1

    • Additional information for final submission

    • pstotext-linux-x86

    • pstotext-solaris-x86

    • pstotext-solaris-sparc

Grading Summary

  • 35% Homeworks (7% each)
  • 20% Project
  • 20% Midterm exam
  • 25% Final exam

Textbooks

The required textbook is Computer Security, 2nd Edition (Dieter Gollmann, Wiley, 2006). Reading assignments will be given from this book. The book Security Engineering (Ross Anderson, Wiley, 2001) is optional. It provides extra reading and background. The book can be accessed online here or you can purchase a copy. We will also provide lecture notes for most of the lectures.

Note on Security Vulnerabilities

From time to time, we may discuss vulnerabilities in computer systems. This is not intended as an invitation to go exploit those vulnerabilities! It is important that we be able to discuss real-world experience candidly; everyone is expected to behave responsibly. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse.