CS 161, Spring 2012 Computer Security


Dawn Song (675 Soda Hall)

Devdatta Akhawe
Kevin Chen
Chia Yuan Cho
Steve Hanna
Emil Stefanov
Joel Weinberger

MW 4:00-5:30P 390 Hearst Memorial Mining Building (HMMB)

Office hours:
Mon 2:00-3:00pm 611 Soda (TA)
Tue 2:00-3:00pm 611 Soda (TA)
Wed 5:30-6:30pm 675 Soda (Dawn)
Thu 2:00-3:00pm 283E Soda except Feb 9, Feb 16 and Mar 1 (TA)
Fri 11:00-12:00pm 611 Soda (TA)


Course Schedule

The course syllabus includes information on lecture topics, readings, and assignment related deadlines.

Course Overview

In this class you will learn how to design secure systems and write secure code. You will learn how to find vulnerabilities in code and how to design software systems that limit the impact of security vulnerabilities. We will focus on principles for building secure systems and give many real world examples. In addition, the course will cover topics such as:

Course homework and labs will help students practice the concepts and techniques learned in class, such as how to find vulnerabilities and how to fix them. The labs and projects are designed to help students practice the principles of secure system design.


You must have taken CS 61C (Machine Structures). Also, you must have taken either Math 55 or CS 70 (Discrete Mathematics).

Labs, Projects, Midterms and Exams

There will be 6 labs, 1 class project and 1 midterm and online quizzes. There will be no final exam. Details will be announced in class.

Grading Summary

The grades will be computed from the following weights:


This class does not have a required textbook. We will provide lecture notes, slides and videos for material covered (when applicable).

The above material is subject to change.

Note on Security Vulnerabilities

From time to time, we may discuss vulnerabilities in computer systems. This is not intended as an invitation to go exploit those vulnerabilities! It is important that we be able to discuss real-world experience candidly; everyone is expected to behave responsibly. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse.