CS 261, Fall 2009
Computer Security

  David Wagner (daw@cs, 629 Soda Hall, 642-2758)

  Mon Wed, 10:30-12:00, 310 Soda

Office Hours:
  Wagner: Tuesdays 4-5pm, 629 Soda


The following schedule is tentative and subject to change.

Topic Readings Notes
8/26 Overview; intro; threat models (Manohar)
8/31 Access control; protection Thibaud
9/2 Software vulnerabilities Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns, Pincus, Baker.
Basic Integer Overflows, blexim (no paper summary).
9/7 No class!
9/9 Runtime defenses Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors, Akritidis, Costa, Castro, Hand.
Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks, Xu, Bhatkar, Sekar.
9/14 Static analysis and bugfinding Finding Security Vulnerabilities in Java Applications Using Static Analysis, Livshits, Lam.
EXE: Automatically Generating Inputs of Death, Cadar, Ganesh, Pawlowski, Dill, Engler.
9/16 Inline reference monitors Evaluating SFI for a CISC Architecture, McCamant, Morrisett.
Vx32: Lightweight User-level Sandboxing on the x86, Ford, Cox.
9/21 Sandboxing A secure environment for untrusted helper applications: confining the wily hacker, Goldberg, Wagner, Thomas, Brewer. Peter
9/23 Privilege separation Preventing Privilege Escalation, Provos, Friedl, Honeyman.
9/28 Privilege management Extensible security architectures for Java, Wallach, Balfanz, Dean, Felten.
9/30 Capabilities The Confused Deputy, Hardy.
Access Control (v0.1), Laurie.
10/5 Network security A look back at Security Problems in the TCP/IP Protocol Suite, Bellovin. partial notes from Brad
10/7 Firewalls A quantitative study of firewall configuration errors, Wool. Cho
10/12 DNS security Using the Domain Name System for System Break-Ins, Bellovin.
Reliable DNS Forgery in 2008: Kaminsky's Discovery, Matasano blog.
Optional: An Illustrated Guide to the Kaminsky DNS Vulnerability, Friedl.
10/14 Attacks The underground economy: priceless, Thomas, Martin.
10/19 Web security - browsers The Security Architecture of the Chromium Browser, Barth, Jackson, Reis, Google Chrome Team.
Robust Defenses for Cross-Site Request Forgery, Barth, Jackson, Mitchell.
Optional background on cross-site request forgeries: Cross-Site Request Forgeries: Exploitation and Prevention, Zeller, Felten.
10/21 Web security - servers Background: Security for GWT Applications (no paper summary)
Efficient Character-level Taint Tracking for Java, Chin, Wagner.
10/26 Usable security The psychology of security, West.
Why Phishing Works, Dhamija, Tygar, Hearst.
10/28 Usable security You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings, Egelman, Cranor, Hong Devdatta
11/2 E-voting Security Analysis of the Diebold AccuVote-TS Voting Machine, Feldman, Halderman, Felten Hong
11/4 Cryptography primer No readings Brad
11/9 Kerberos Designing an Authentication System: a Dialogue in Four Scenes, Bryant. Noah
11/11 No class!
11/16 Cryptographic protocols Prudent engineering practice for cryptographic protocols, Abadi, Needham. slides
11/18 Cryptography - lessons learned Why Cryptosystems Fail, Anderson.
11/23 Untrusted platforms How to Hurt the Hackers: The Scoop on Internet Cheating and How You Can Combat It, Pritchard
On the Security of Digital Tachographs, Anderson
11/25 Copy protection; TBD (none)
11/30 Privacy Privacy, economics, and price discrimination on the internet, Odlyzko
How Much is Location Privacy Worth?, Danezis et al.
Optional: Privacy Oracle: A System for Finding Application Leaks with Black Box Differential Testing, Jung et al
12/2 Economics Why Information Security is Hard - An Economic Perspective, Anderson Emil

Course Description

CS261: Security in Computer Systems. Prerequisite: CS162. Graduate survey of modern topics in computer security, including: protection, access control, distributed access control, Unix security, applied cryptography, network security, firewalls, secure coding practices, safe languages, mobile code, and case studies from real-world systems. May also cover cryptographic protocols, privacy and anonymity, and/or other topics as time permits. Term paper or project required. Three hours of lecture per week. (3 units)

Prerequisites: CS 162 or equivalent. Familiarity with basic concepts in operating systems and networking.

Course topics

An approximate list of course topics (subject to change; as time permits):

Basic concepts
Trust, trusted computing base, trusted path, transitive trust. Reference monitors. Policy vs. mechanism. Assurance. Lessons from the Orange Book.
Access control
Authorization, policy, access matrix. Subjects and objects. ACLs, capabilities. Rings, lattices. Revocation. Groups. The role of crypto. Distributed access control. Mandatory vs. discretionary access control, compartmentalization, covert channels.
Traditional OS centralized protection: address spaces, uids, resource management. The Unix security model: file permissions, the super-user, setuid programs, system calls, password security. How networks change the problem space.
Secure coding
Design principles: code structure, least privilege, small security kernels, small interfaces. Tools: language support, type-safe languages, static checking. Common vulnerabilities: buffer overruns, setuid programs, the confused deputy, race conditions, improper canonicalization. Object capabilities.
Symmetric key, public key, certificates. Choosing an algorithm. Protocols. Integrity, authenticity confidentiality, availability. Non-repudiation.
Intro to Network security
TCP/IP. Attacks on network protocols: address spoofing, hijacking, DNS attacks, routing vulnerabilities. Firewalls: packet filtering, application proxying.
Confining untrusted code
Motivation: the mobile code problem, implementing least privilege. Mechanisms: signed code, interpreted code, software fault isolation, proof-carrying code, virtualization, extensible reference monitors. Practical experience: ActiveX, Java, Javascript.
Case studies
Kerberos. PGP and the web of trust. SSL and centralized certification authorities. SSH. IPSEC. Cellphones. Therac-25. Phishing and cybercrime. Practical issues: risk management, key management, smartcards, copy protection systems, social engineering.
Extra topics
Privacy: Anonymity and traffic analysis; remailers and rewebbers; practical experience. Cryptographic protocols: protocol failures, design principles; logics of authentication; Formal methods. Others as time permits and according to student interest.


Class project: 40%
Problem sets: 35%
Scribe notes: 15%
Paper summaries and class discussion: 10%


There will be a term project. You will do independent research in small groups (e.g., teams of 2--3). Projects may cover any topic of interest in systems security, interpreted broadly (it need not be a topic discussed in class); ties with current research are encouraged. You will present your work at a poster session and prepare a conference-style paper describing your work.

A project proposal is due Friday Oct 30. See the project page. The list of project groups is available (only accessible from Berkeley IPs). A conference-style report on your results is due on Thursday Dec 17th at 11:59pm. The poster session will be held on Friday December 11, 1-3pm, on the 6th floor.

Problem Sets

There will be approximately two to four homework assignments throughout the semester, to appear on the course webpage as they are assigned.

Homework due dates will be enforced strictly. Late homeworks will not be accepted.

Work on your own when doing homeworks. You may use any source you like (including other papers or textbooks), but if you use any source not discussed in class, you must cite it.

Scribe notes

You will be expected to write scribe notes for one lecture. Email me an PDF file with your scribe notes within one week after the lecture you are assigned to scribe.


There is no required textbook. All reading will be from papers. Whenever possible, handouts and papers will be placed online on the web page; papers not available online will be handed out in class. A schedule of assigned readings is available below.

You will be required to write a brief summary of each paper you read. Your summary should list:

Your summary does not need to be formal (you may use bullet lists, incomplete sentences, etc.), and it may be brief, but it should reflect a thoughtful critical assessment of the paper.

You must enter your paper summary into the course wiki. (I don't plan to accept paper summaries on paper or by email.) You'll need to use your CalNet password to log into BSpace to get access to the course wiki. Paper summaries are due by midnight the evening before the class when the reading is due.


From time to time, we may discuss vulnerabilities in widely-deployed computer systems. This is not intended as an invitation to go exploit those vulnerabilities without informed consent of all involved parties. If it is not clear where to draw the line, please talk to me first.


I always welcome any feedback on what I could be doing better. If you would like to send anonymous comments or criticisms, please feel free to use an anonymous remailer to send me email without revealing your identity, like this one or this one.

David Wagner, daw@cs.berkeley.edu, http://www.cs.berkeley.edu/~daw/.