CS 161, Spring 2012 Computer Security
Dawn Song (675 Soda Hall)
Chia Yuan Cho
MW 4:00-5:30P 390 Hearst Memorial Mining Building (HMMB)
Mon 2:00-3:00pm 611 Soda (TA)
Tue 2:00-3:00pm 611 Soda (TA)
Wed 5:30-6:30pm 675 Soda (Dawn)
Thu 2:00-3:00pm 283E Soda except Feb 9, Feb 16 and Mar 1 (TA)
Fri 11:00-12:00pm 611 Soda (TA)
Feb 10, 2012: The slides from Wed Feb 8 are now available (click on Lecture Slides).
Feb 7, 2012: The final video capsule on static analysis and program verification (IV) is now live and is due Thu Feb 9. Video capsules (on Isolation) due Wed Feb 8 were made live yesterday.
Feb 6, 2012: This week the discussion session will be on symbolic execution & constraint solving. It will be held during normal lecture hours this Wed (4-5.30pm HMMB).
Feb 6, 2012: Lab 2 is now live (click on Labs) and is due next Fri 17 Feb 23:59. You may make any number of submissions from now till the dateline. You'll need to learn new tools in this lab. Start early!
Feb 4, 2012: Video capsules due Mon Feb 6 have been made live.
Feb 2, 2012: Lab 1 Submission has been made live. Please post in the Lab forums under the submission thread if there are any problems.
Jan 30, 2012: There will be no office hours tomorrow. Instead Steve will be holding section covering defenses in 11:00-12:00PM in 87 Evans, 2:00-3:00P in 285 Cory, 3:00-4:00PM in 105 Latimer.
Jan 26, 2012: Everyone should be working on labs with a partner. Sign up lab partnerships by Fri Jan 27 here.
Jan 26, 2012: Lab 1 has been updated. The VM image was changed.
Jan 25, 2012: Lab 1 is released. We will announce any updates to the document here and on the web platform.
Jan 23, 2012: The slides for today's lecture are now online
Jan 23, 2012: The video lectures for Wed Jan 25 and Mon Jan 30 are now online (click on "Video Lectures").
Jan 23, 2012: Please indicate if you plan on coming to the C/GDB tutorial Tomorrow, Tuesday Jan 24, 2012 by filling out this
Jan 19, 2012: The slides for the first lecture is now online
- Jan 17, 2012: The class web platform is now online! Join us at
- Jan 5, 2012: Welcome to CS161! The enrollment is currently full. If
you have any questions regarding to whether the class is suitable to
you or whether you can still get into the class, please come to the
first lecture on Jan 18.
syllabus includes information on lecture topics, readings, and
assignment related deadlines.
In this class you will learn how to design secure systems and write
secure code. You will learn how to find vulnerabilities in code and how
to design software systems that limit the impact of security
vulnerabilities. We will focus on principles for building secure systems
and give many real world examples. In addition, the course will cover
topics such as:
- memory safety vulnerabilities
- techniques and tools for vulnerability detection and defense
- security principles such as sandboxing, isolation and least privilege
- mobile platform and application security
- basic crypto concepts
- web security
- network security
- malware detection and defense
Course homework and labs will help students practice the concepts and
techniques learned in class, such as how to find vulnerabilities and how
to fix them. The labs and projects are designed to help students
practice the principles of secure system design.
You must have taken CS 61C (Machine Structures). Also, you must
have taken either Math 55 or CS 70 (Discrete Mathematics).
Labs, Projects, Midterms and Exams
There will be 6 labs, 1 class project and 1 midterm and online quizzes. There will be no final exam.
Details will be announced in class.
The grades will be computed from the following weights:
|Lab 1:||Buffer overflow exploits ||8%|
|Lab 2:||Program verification & vulnerability discovery ||8%|
|Lab 3:||Android security ||8%|
|Lab 4:||Cryptography ||5%|
|Lab 5:||Web security ||11%|
|Lab 6:||Network security ||5%|
This class does not have a required textbook. We will provide lecture
notes, slides and videos for material covered (when applicable).
The above material is subject to change.
From time to time, we may discuss vulnerabilities in computer
systems. This is not intended as an invitation to go exploit those
vulnerabilities! It is important that we be able to discuss
real-world experience candidly; everyone is expected to behave
responsibly. Breaking into other people's systems is inappropriate,
and the existence of a security hole is no excuse.