Instructor:
Lectures:
Sections:
- Wed 11:00-12:00: 75 Evans (Mobin)
- Wed 12:00-1:00: 71 Evans (Matthias)
- Wed 3:00-4:00: 285 Cory (Devdatta)
- Wed 4:00-5:00: 285 Cory (Devdatta)
- Wed 2:00-3:00: 3 Evans (Matthias)
Office Hours:
Mobin: Thursday 10-11 in 707 Soda (alcove)
Matthias: Thursday 4-6 in 711 Soda (alcove)
Vern: Monday 1:30-2:30 in 737 Soda
Addresses:
Announcements, questions: the class Piazzza site, which you sign up for here.
Feel free to email any question/comment you want to make privately to the instructor at
vern@eecs.berkeley.edu
.
Lectures:
The lecture schedule is subject to change and will be revised as the course progresses.
Data | Topic | Readings | Slides |
---|---|---|---|
Tue 1/18 | Introduction | Pfleeger & Pfleeger Section 1; Anderson Chapter 1 | Slides 1 |
Thu 1/20 | Memory Safety | Notes on Memory Safety. P&P Section 3.0, 3.1, 3.2 Smashing The Stack For Fun And Profit, by Aleph One. | Slides 2 |
Tue 1/25 | Defending Against Memory Safety Vulnerabilities | Notes on Reasoning About Code (and other defensive programming) | Slides 3 |
Thu 1/27 | Principles of Secure Software | Notes on Principles and Design Patterns for Secure Systems. P&P Section 3.5 | Slides 4 |
Tue 2/1 | Background on Networking | P&P Section 7.0, 7.1 (pp. 376-396). | Slides 5 |
Thu 2/3 | Network Attacks | P&P pp. 396-424. | Slides 6 |
Tue 2/8 | Network Attacks, con't | Reliable DNS Forgery in 2008: Kaminsky's Discovery, An Illustrated Guide to the Kaminsky DNS Vulnerability | Slides 7 |
Thu 2/10 | Network Control | P&P Section 7.4; P&P pp. 449-450 (Virtual Private Networks) | Slides 8 |
Tue 2/15 | Review of Network Attacks / Denial-of-Service | P&P pp. 427-432 | Slides 9 |
Thu 2/17 | Web Security | P&P pp. 424-427; Web Security: Are You Part Of The Problem?; SQL Injection Attacks by Example | Slides 10 |
Tue 2/22 | Web Security, con't | P&P pp. 433-437; XSS (Cross Site Scripting) Prevention Cheat Sheet | Slides 11 |
Thu 2/24 | Web Security, con't | P&P Section 4.5; Secure Session Management With Cookies for Web Applications Squigler software | Slides |
Tue 3/1 | Impersonation | A Chapter 2 | Slides 12 |
Thu 3/3 | OS Security | Notes from Prof. Wagner P&P Chapter 4.0-4.4 (pp. 188-219); A Chapter 4 | |
Tue 3/8 | Midterm Exam | ||
Thu 3/10 | Symmetric Key Cryptography | Notes on Symmetric Key Cryptography. P&P Chapters 2.1, 2.4. | Slides 13 (also for 3/15) |
Tue 3/15 | Public Key Cryptography | Notes on Public Key Cryptography. P&P Chapter 2.7. | |
Thu 3/17 | Public Key Cryptography, con't / Message Authentication Codes, Digital Signatures | Notes on Message AUthentication Codes, Digital Signatures. | |
Tue 3/22 | SPRING BREAK | ||
Thu 3/24 | SPRING BREAK | ||
Tue 3/29 | Key Exchange and Management | Notes. | |
Thu 3/31 | Securing Internet Communication | P&P Chapter 7.3 | Slides 14 |
Tue 4/5 | DNSSEC / Privacy | P&P Chapter 10.0-10.6 (pp. 603-638) | Slides 15 |
Thu 4/7 | Anonymity / Sneakiness | P&P pp. 150-160; A Chapter 17 | Slides 16 |
Tue 4/12 | Detecting Attackers | P&P Chapter 7.5 (pp. 484-490); A Chapter 21.4.3/21.4.4 | Slides 17 |
Thu 4/14 | Detecting Attackers, con't | Slides 18 | |
Tue 4/19 | Viruses and Worms | P&P Chapter 3.3 (pp. 111-141); A Chapter 21.3 | Slides 19 |
Thu 4/21 | Worms and Botnets | Slides 20 | |
Tue 4/26 | The Underground Economy | Slides 21 | |
Thu 4/28 | Course Review | Slides 22 | |
Thu 5/12 | Final Exam, 8AM - 11AM |
Homeworks:
No late homeworks accepted.
- Homework 0 (due 1/27 electronically); Homework 0 solution.
- Homework 1 (due 02/09); Homework 1 solution.
- Homework 2 (due 03/04); Homework 2 solution.
- Homework 3 (due 04/06 electronically; updated 04/04); Homework 3 solution.
- Homework 4 (due 05/02 electronically [updated 04/24] - though if you want to assure your homework will be graded and available for pickup several days before the final exam, then you must turn it in by 04/29); Homework 4 solution.
Discussion Sections
Projects
- Project 1 (due 2/22 electronically); Project 1 solution.
- Project 2 (due 5/5 electronically); Project 2 solution.
Exams
There will be one midterm and one final exam.
Grading
We will compute grades from a weighted average, as follows:
- Homeworks: 20%
- Projects: 30%
- Midterm: 20%
- Final exam: 30%
Course Policies
Contact information: If you have a question, the best way to contact us is via the class Piazzza site. The staff (instructors and TAs) will check the site regularly, and if you use it, other students will be able to help you too. Please avoid posting answers to homework questions before the homework is due.
If your question is personal or not of interest to other students,
send email to vern@eecs.berkeley.edu
, or to one of the TAs if
you prefer. If you wish to talk with one of us individually in person,
you are welcome to come to our office hours. If the office hours are not
convenient, you can make an appointment with any of us by email. Please
reserve email for the questions you can't get answered in office hours,
in discussion sections, or through the newsgroup.
Announcements: The instructors and TAs will periodically post announcements, clarifications, etc. to the Piazzza site. Hence it is important that you check the it reguarly throughout the semester.
Prerequisites: The prerequisites for CS 161 are CS 61B, CS61C, and either CS70 or Math 55. We assume basic knowledge of both Java and C. You will need to have a basic familiarity using Unix systems.
Collaboration: Homework assignments will specify whether they must be done on your own or may be done in groups. Either way, you must write up your solutions entirely on your own. You must never read or copy the solutions of other students, and you must not share your own solutions with other students. You may use books or online resources to help solve homework problems, but you must always credit all such sources in your writeup and you must never copy material verbatim. Not only is this good scholarly conduct, it also protects you from accusations of theft of your colleagues' ideas. You must not receive help on homework assignments from students who have taken the course in previous years, and you must not review homework solutions from previous years.
We believe that most students can distinguish between helping other students understand course material and cheating. Explaining a subtle point from lecture or discussing course topics is an interaction that we encourage, but you should never read another student's homework solution or partial solution, nor have it in your possession, either electronically or on paper. You must never share your written solutions, or a partial solutions, with another student, even with the explicit understanding that it will not be copied -- not even with students in your homework group. You must write your homework solution strictly by yourself.
Warning: Your attention is drawn to the Department's Policy on Academic Dishonesty. In particular, you should be aware that copying or sharing solutions, in whole or in part, from other students in the class or any other source without acknowledgment constitutes cheating. Any student found to be cheating risks automatically failing the class and referral to the Office of Student Conduct.
Ethics: We will be discussing attacks in this class, some of them quite nasty. None of this is in any way an invitation to undertake these attacks in any fashion other than with informed consent of all involved and affected parties. The existence of a security hole is no excuse. These issues implicate not only professional ethics, but also UCB policy and state and federal law. If there is any question in your mind about what conduct is allowable, contact the instructors first.
Computer accounts:
We will use 'class' accounts this semester.
You will need to obtain an account form with a username and
password from us.
When you first log into your account, you will be prompted to
enter information about yourself; that will register you with our
grading software.
If you want to check that you are registered correctly with our
grading software, you can run check-register
at any time.
Textbook: The class does not have a required textbook. Two books are optionally recommended as partial resources: Security in Computing, 4th ed. (Charles P. Pfleeger, Shari Lawrence Pfleeger; Prentice Hall, 2007); and Security Engineering, 2nd ed. (Ross Anderson; Wiley, 2008). The first edition of this second book is also available online at Ross Anderson's web site.
Lecture notes: We will provide lecture notes or slides for many of the lectures. You should not view the availability of lecture notes or slides as a substitute for attending class, as our discussion in class may deviate from the written material.
Discussion sections: Attendance at discussion sections is expected, and sections may cover important material not covered in lecture. Please enroll in a discussion section via Telebears, if you have not already. You may only enroll in a discussion section that has space available; see the online schedule. You may switch discussion sections only with the approval of the TA of the section you want to switch to, and only if that section is not full. Outside of your discussion section, you should feel free to attend any of the staff office hours (not just your section TA's office hours) and ask any of us for help.
Re-grading policies: Any requests for grade changes or re-grading must be made within one week of when the work was returned. To ask for a re-grade, staple to your work a cover page that specifies:
- The problem(s) you want to be re-graded.
- For each of these problems a clear description of why you think the problem was misgraded.