The lecture schedule is subject to change and will be revised as the course progresses.
| Data | Topic | Readings | Slides |
|---|---|---|---|
| Wed 1/22 | Introduction | G&T § 1.1, Craft § 1-1.1, 1.3 | slides 1 |
| Fri 1/24 | Injection vulnerabilities, buffer overflows, and memory safety | Memory Safety Notes. G&T § 3.4, Craft § 6.1-6.3 | slides 2 |
| Mon 1/27 | Software security | Notes on Reasoning About Code and Secure Software Development. Craft § 6.5-6.7 | slides 3 |
| Wed 1/29 | Access control, OS security | Patterns Notes. G&T § 1.2, Craft § 1.2 | slides 4 |
| Fri 1/31 | Malware | G&T § 4.3-4.4, Craft § 6.4 | slides 5 |
| Mon 2/3 | Security principles | Security Principles Notes G&T § 1.1.4, Craft § 3.4 | slides 6 |
| Wed 2/5 | Security principles | slides 7 | |
| Fri 2/7 | Web security: access control, same-origin policy | G&T § 7.1.1, 7.1.3, Craft § 12.1.1, 12.1.2, 12.1.3 | slides |
| Mon 2/10 | Web security: injection vulnerabilities | G&T § 7.3.1, 7.3.2, 7.3.3 | slides 8 |
| Wed 2/12 | Web security: XSS | G&T § 7.2.6, 7.3.6 | slides 9 |
| Fri 2/14 | Web security: session management | G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4 | slides 10 |
| Mon 2/17 | holiday | ||
| Wed 2/19 | Web security: browsers | G&T § 7.2.3 | slides 11 |
| Fri 2/21 | Authentication and impersonation | G&T § 7.2.2, Craft § 18.1, 18.2 | slides 12 |
| Mon 2/24 | Midterm Exam | ||
| Wed 2/26 | Background on networking | G&T § 5.1, 5.2.1, 5.2.2, 5.3.1, 5.4.0, 5.4.1, 5.4.2, Craft § 5.1, 5.4.1 | slides 13 |
| Fri 2/28 | Network-level attacks | G&T § 5.2.3, 5.3.3, 5.3.4, 5.4.4, Craft § 5.3.1 | slides 14 |
| Mon 3/3 | Attacks on DNS | G&T § 6.1.1-6.1.3 (Optional:) Kaminsky attack on DNS, Illustrated guide to the Kaminsky attack | slides 15 |
| Wed 3/5 | Denial of service | G&T § 5.5.0, 5.5.1, 5.5.2, 5.5.4 | slides 16 |
| Fri 3/7 | Network security: firewalls | Firewalls Notes. G&T § 6.2, Craft § 5.3.2 | slides 17 |
| Mon 3/10 | Network security: intrusion detection | G&T § 6.4, Craft § 5.3.2 | slides 18 |
| Wed 3/12 | Symmetric-key encryption | Symmetric-key Encryption Notes. G&T § 8.1.0, 8.1.1, 8.1.3, 8.1.6, 8.1.7, Craft § 7.1, 7.3.2, 7.3.3 | slides 19 (partial) |
| Fri 3/14 | Public-key key exchange | Public-key key Exchange Notes. G&T § 8.2.1, 8.2.4, 8.2.3, Craft § 7.5 |
|
| Mon 3/17 | Public-key encryption, and integrity | ||
| Wed 3/19 | Integrity, authentication, and public-key signatures | Signatures Notes. G&T § 8.2.3, 8.4.1, 8.4.3, Craft § 7.4.2 |
|
| Fri 3/21 | Key management | PKI Notes. G&T § 1.3, Craft § 10.1-10.3, 10.5, 10.7, 9.7.1, 9.7.2 |
|
| Mon 3/24 | Spring Break | ||
| Wed 3/26 | Spring Break | ||
| Fri 3/28 | Spring Break | ||
| Mon 3/31 | Password hashing | Passwords Notes G&T § 8.3 |
|
| Wed 4/2 | Most common cryptography mistakes | Craft § 8.1 | slides 20 |
| Fri 4/4 | Midterm Exam | ||
| Mon 4/7 | Crypto mistakes, cont., and TLS | slides 21 | |
| Wed 4/9 | Securing Internet communications: TLS | slides 22 | |
| Fri 4/11 | Securing Internet communications: DNSSEC | slides 23 | |
| Mon 4/14 | TLS and DNSSEC wrap-up | slides 24 | |
| Wed 4/16 | Bitcoin | slides 25 | |
| Fri 4/18 | Bitcoin, cloud security, big data | slides 26 | |
| Mon 4/21 | Secure multi-party computation, covert channels | slides 27 | |
| Wed 4/23 | Side channels and tamper-resistant hardware | slides 28 | |
| Fri 4/25 | Electronic voting | slides 29 | |
| Mon 4/28 | Tracking on the web | slides 30 | |
| Wed 4/30 | Cybercrime and the underground economy | slides 31 | |
| Fri 5/2 | Internet freedom and anonymity | slides 32 | |
| Wed 5/14 | Final Exam 7-10pm |
glookup or PandaGrader.
Homework solutions must be legible;
we may mark off for difficult-to-read solutions, or even refrain
from grading them entirely.
Schedule for homeworks:
Note that this late policy applies only to projects, not homeworks (which cannot be turned in late).
Schedule for projects:
The slides from the CSUA's C review session are available in pdf and Powerpoint format.
There will be two midterms and one final exam.
The midterms will be given on
Monday February 24 and Friday April 4 during regular
class hours, 3:00-4:00pm, in the regular lecture room.
The final will be held Wednesday May 14, 7:00-10:00pm. Students with last name starting with A-L, please go to 230 Hearst Gym; those with last name starting with M-Z, go to 237 Hearst Gym.
All exams are mandatory. If you will be unable to attend any of these dates, you must contact the instructor (via a message on Piazza) at some point during the first week of classes.
A review worksheet is available to help study for the final exam.
We will compute grades from a weighted average, as follows:
Contact information: If you have a question, the best way to contact us is via the class Piazza site. The staff (instructors and TAs) will check the site regularly, and if you use it, other students will be able to help you too. Please avoid posting answers or hints on homework/project questions before the homework/project is due.
If your question is personal or not of interest to other students, you are encouraged to mark the question as private on Piazza. If you wish to talk with one of us individually in person, you are welcome to come to any of our office hours. We prefer that use these methods instead of sending us email; email regrettably does not scale well to a class of this size.
Announcements: The instructors and TAs will periodically post announcements, clarifications, etc. to the Piazza site. Hence it is important that you check it reguarly throughout the semester.
Prerequisites: The prerequisites for CS 161 are CS 61B, CS61C, and CS70. We assume basic knowledge of both Java and C. You will need to have a basic familiarity using Unix systems.
Collaboration: Homeworks will specify whether they must be done on your own or may be done in groups. Either way, you must write up your solutions entirely on your own. For homeworks, you must never read, see, or copy the solutions of other students, and you must not allow other students to see your solutions. For projects, you must never read, see, or copy the code or solutions of other students (except for your project partner, for group projects), and you must not allow other students (except for your project partner) to see your solutions or code.
You may use books or online resources to help solve homework problems, but you must always credit all such sources in your writeup and you must never copy material verbatim. Not only is this good scholarly conduct, it also protects you from accusations of theft of your colleagues' ideas. You must not receive help on homeworks or projects from students who have taken the course in previous years, and you must not review homework or project solutions from previous years.
You must ensure that your solutions will not be visible to other students. If you use Github or another source control system to store your solutions electronically, you must ensure your account is configured so your solutions are not publicly visible. If you use Github, Github offers free student accounts that allow you to keep your solutions private; please use one.
We believe that most students can distinguish between helping other students understand course material and cheating. Explaining a subtle point from lecture or discussing course topics is an interaction that we encourage, but you should never read another student's homework/project solution or partial solution, nor have it in your possession, either electronically or on paper (except for your project partner, for group projects). You must never share your solutions, or partial solutions, with another student (other than your project partner, for group projects), even with the explicit understanding that it will not be copied -- not even with students in your homework group. You must write your homework solution strictly by yourself.
Warning: Your attention is drawn to the Department's Policy on Academic Dishonesty. In particular, you should be aware that copying or sharing solutions, in whole or in part, from other students in the class or any other source without acknowledgment constitutes cheating. Any student found to be cheating risks automatically failing the class and referral to the Office of Student Conduct.
Ethics: We will be discussing attacks in this class, some of them quite nasty. None of this is in any way an invitation to undertake these attacks in any fashion other than with informed consent of all involved and affected parties. The existence of a security hole is no excuse. These issues concern not only professional ethics, but also UCB policy and state and federal law. If there is any question in your mind about what conduct is allowable, contact the instructors first.
Computer accounts:
We will use 'class' accounts this semester.
You will need to obtain an account form with a username and
password from your discussion section TA.
When you first log into your account, you will be prompted to
enter information about yourself; that will register you with our
grading software.
If you want to check that you are registered correctly with our
grading software, you can run check-register at any time.
Textbook: The class does not have a required textbook. That said, we particularly recommend Introduction to Computer Security by Michael Goodrich & Roberto Tamassia (ISBN-10: 0321512944, ISBN-13: 9780321512949). We also recommend The Craft of System Security by Sean Smith and John Marchesini. We will list optional readings from these textbooks which you can use to help learn the course topics.
Lecture notes: We will provide lecture notes and/or slides for many of the lectures. Lecture notes and slides are not a substitute for attending class, as our discussion in class may deviate from the written material. You are ultimately resposible for material as presented in lecture and section.
Discussion sections: Attendance at discussion sections is expected, and sections may cover important material not covered in lecture. Outside of your discussion section, you should feel free to attend any of the staff office hours (not just your section TA's office hours) and ask any of us for help.
Re-grading policies: Any requests for grade changes or re-grading must be made within one week of when the work was returned. To ask for a re-grade, staple to your work a cover page that specifies:
Bear in mind that a primary aim in grading is consistency, so that
all students are treated the same. For this reason, we are unlikely to adjust
the score of individual students on an issue of partial credit if the score
allocated is consistent with the grading policy we adopted for that
problem.
More on homeworks:
If a problem can be interpreted in more than
one way, clearly state the assumptions under which you solve the
problem.
In writing up your homework you are allowed to consult any book,
paper, or published material, except solutions from previous
classes or elsewhere, as stated under the Collaboration section.
If you consult external sources, you must cite your source(s).
We will make
model solutions available after the due date, and feedback will be
available via Late homework policy:
We will give no credit for homework turned in after the deadline.
Please don't ask for extensions.
We don't mean to be harsh, but we prefer to make model
solutions available shortly after the due date, which makes it
impossible to accept late homeworks.
Don't be afraid to ask for help!
Are you struggling? We'd much rather you approached us for help
than gradually fall behind over the semester until things become
untenable. Sometimes this happens when students fear
a possibly unpleasant conversation with a professor if they admit to
not understanding something. We would much rather resolve/remedy your
misunderstanding early than have it expand into further problems later. Even if
you are convinced that you are the only person in the class that
doesn't understand the material, and think it must be entirely your fault
for falling behind, please overcome this concern and
ask for help as soon as you need it.
Remember, helping you learn the material is
in fact what we're paid to do, after all!
Advice:
The following tips are offered based on our experience with CS 161:
1. Don't wait until the last minute to start projects!
The projects can be time-consuming. Pace yourself.
Students who procrastinate generally suffer.
2. Make use of office hours! The instructors and TAs hold
office hours expressly to help you. It is often surprising how many
students do not take advantage of this service. You are free to
attend as many office hours as you wish. You are not constrained just
to use the office hours of your section TA. You will likely get
more out of an office hour visit if you have spent some time in advance
thinking about the questions you have, and formulating them precisely.
(In fact, this process can often lead you to a solution yourself!)
3. Participate actively in discussion sections!
Discussion sections are
not auxiliary lectures. They are an opportunity for interactive
learning. The success of a discussion section depends largely on the
willingness of students to participate actively in it. As with office
hours, the better prepared you are for the discussion, the more you are
likely to get out of it.
glookup or PandaGrader.