CS 261: Computer Security


CS 261 is a graduate class on computer security offered in the Fall 2000 semester.

Instructor: David Wagner.
Time: 9:00--10:30am, Mondays and Wednesdays.
Location: 310 Soda.
Prerequisites: CS 162 or equivalent. Familiarity with basic concepts in operating systems and networking.
Web page: http://www.cs.berkeley.edu/~daw/teaching/cs261-f00/

The class was offered in the Fall 2000 semester, and is now over.

For announcements, see the class newsgroup, ucb.class.cs261.

Course description

CS261: Security in Computer Systems. Prerequisite: CS162. Graduate survey of modern topics in computer security, including: protection, access control, distributed access control, Unix security, applied cryptography, network security, firewalls, secure coding practices, safe languages, mobile code, and case studies from real-world systems. May also cover cryptographic protocols, privacy and anonymity, and/or other topics as time permits. Term paper or project required. Three hours of lecture per week. (3 units)

A list of course topics is available, as is the syllabus handed out the first day of class.


Class project: 45%
Problem sets: 40%
Paper summaries and class discussion: 15%

There will be no final or midterm.


There will be a term project. You will do independent research in small groups (e.g., teams of 2--3). Projects may cover any topic of interest in systems security, interpreted broadly (it need not be a topic discussed in class); ties with current research are encouraged. A conference-style report and a project presentation on your results will be due at the end of the semester.

You are encouraged to start thinking of topics of interest early. Be ambitious! I expect that the best papers will probably lead to publication (with some extra work).

More details may be found here.

The list of groups and what projects they have signed up to do is also available.

Problem sets

There will be approximately three to five homework assignments throughout the semester, to appear on the course webpage as they are assigned.

The first homework was due on Monday, 25 September; a sample solution set is now available.

The second homework was due on Wednesday, 4 October; a sample solution set is now available.

The third homework was due on Wednesday, 30 October; a sample solution set is now available.

Reminder: Turn in your homeworks on paper at the beginning of class on the appropriate day. This deadline will be enforced strictly. Late homeworks will not be accepted.

You may discuss the questions on the homeworks with others, but the writeup you turn in must be your own. You may use any source you like (including other papers or textbooks), but if you use any source not discussed in class, you must cite it.


There is no required textbook. All reading will be from papers. Whenever possible, handouts and papers will be placed online on the web page; papers not available online will be handed out in class. A schedule of assigned readings is available online.

You will be required to write a very brief summary of each paper you read, listing the two most important contributions of the paper and its most significant flaw, to be handed in at the beginning of the class when the reading is due.

Returned paper summaries are available outside 765 Soda.


From time to time, we may discuss vulnerabilities in widely-deployed computer systems. This is not intended as an invitation to go exploit those vulnerabilities. It is important that we be able to discuss real-world experience candidly; students are expected to behave responsibly.

Berkeley's policy (and my policy) on this should be clear: you may not break into machines that are not your own; you may not attempt to attack or subvert system security. Breaking into other people's systems is inappropriate; and the existence of a security hole is no excuse.

Other notes

Office hours: 10:30--11:30am Monday mornings, or by appointment if you can't make that time slot.

David Wagner, daw@cs.berkeley.edu, http://www.cs.berkeley.edu/~daw/.