CS177: Computer Security

We are living in a world that has increasingly moved online. We shop and bank via the Internet, share information with family and friends via social networks, and stream the latest movies. We have put devices into our homes that listen to what we say and control real-world "things," such as light bulbs and door locks. And, increasingly, we have connected critical infrastructure to the Internet as well. These changes have resulted in many novel services, and they provide great convenience. Unfortunately, this reliance on networked computer systems has also a downside. Attackers continuously exploit vulnerabilities and gain access to our systems, stealing money and sensitive data. We are tracked online, and our private information is leaked. Cyberattacks now have consequences in the real world and disrupt our daily lives.

Computer security deals with the protection of computer systems and information from harm, theft, and unauthorized use. In this course, we will look at a broad overview of modern computer security, covering topics that are related to both systems security and cryptography. The class will start with basic definitions and fundamental concepts in security. We will then look at the security of core components of interconnected systems, such as networks, operating systems, applications, and the world wide web. We will also introduce basic concepts from cryptography, such as public and private key encryption, digital signatures, passwords, and authentication.

The course aims to make students security aware. That is, the goal is to help students understand what they can do to design and build more secure systems. What are common programming mistakes, and how can we avoid them? What are key considerations that we need to think about when designing secure systems? Following a long-standing tradition in security courses, there is no official textbook: security is a (too) fast moving field. We will provide the slides for the lectures. In addition, there will be a number of practical lab assignments where students can apply their theoretical knowledge to practical problems.

• The final will be in CHEM 1171 (class room) on Wednesday, June 14 from 12pm - 2:00pm. This is a closed book exam.
• The deadline for Project 4 has been extended by one day to Friday, May 26, 2023, 23:59:59 PST.
• There will be a GUEST LECTURE on Tuesday, May 16. Giovanni Vigna will talk about blockchain security.
• The midterm will be in-class on Tuesday, May 9 (from 11am - 12:15pm). This is a closed book exam.
• There will be NO CLASS on Tuesday, April 25
• First CS177 class on Tuesday, April 4 at 11am in CHEM 1171

• Security Basics and Terminology
• Network Security (TCP/IP)
• DNS and Routing Security
• Web Security
• Memory Corruption
• Authentication
• Malicious Code
• Private Key and Public Key Cryptography
• Cryptanalysis
• Smart Contract and Web3 Security

The grading for CS177 is based on two exams (midterm and final) and several programming projects.

Project assignments are due at 11:59:59PM on the night it is due. For details on how to submit your assignments, you should read the project pages.

A note on cheating. We encourage you to talk with your classmates and discuss your approaches on projects, but any actual copying of code is cheating. Cheating will result in a 0 on the assignment, and depending on severity, can result in a failing grade or possible administrative action by UCSB.