CS 161: Computer Security

Announcements

Discussion sections and office hours will begin this week. You can find the appropriate schedules on our course calendar.
- As a reminder, there is no required attendance for discussion sections (attendance is highly encouraged). You can attend any section that you want. If you are unable to make it to a section, we will post a recorded walk-through of the worksheet to the website by the end of the week.
- We will be holding a BRIDGE discussion section as well as an exam-prep discussion section starting next week, so be on the lookout for those as well!
  - BRIDGE will be an extended time discussion section to connect the previous week’s lectures to the previous week’s discussion worksheet/topic via minilectures and extra question time
- For now, we are not planning to hold any hybrid sections, we’ll make an announcement if that changes.
- While we highly encourage attending office hours in person, we will have support for remote office hours too as all our office hours will be held in a hybrid format meaning that TAs will take both online and in-person tickets. However, TAs will prioritize in-person tickets.
Homework 1 has been released on Gradescope and will be due Friday, February 3rd at 11:59 PM PT. Please ask all homework 1 related questions in #20.
Project 1 will be released in a separate post tomorrow in which you can find the details, so keep an eye on that as well!

Past Announcements

2023-01-06:

Pre-Semester FAQ

Enrollment

Q1: I’m on the waitlist. What are the odds of the class expanding, and will I get in the class?

We expanded the class capacity to 705 last week, so we anticipate (though can’t promise) that everyone interested in the class will be able to enroll.

Q2: I’m not a declared CS major or CS minor. Can I enroll in the class?

Sorry, course staff is not in charge of enrollment. We have to follow the department’s enrollment policies, which restricts CS 161 enrollment to declared CS majors and CS minors only. We don’t have enrollment codes to hand out or any other way to circumvent this policy; if you have further questions, please reach out to the emails listed in the linked document.

Q3: I plan to declare CS this spring. Can I enroll in the class after I declare?

If your declaration is processed in time, and the enrollment system lets you enroll in the class this semester, we can let you enroll. However, we are not offering assignment extensions if you enroll late. If you plan to enroll in the class this spring, you need to keep up with the class before you enroll; we can give you access to all the assignments while you wait to enroll (see Q5 below).

Q4: I’m a concurrent enrollment student. When can I enroll in the class?

We accepted all concurrent enrollment applications last week. We plan to continue accepting applications as they come in, as long as the department approves and we have capacity/budget.

Q5: I want to audit the class and/or keep up with assignments before I officially enroll. Can I audit the class?

Sure, we can add you to the course Gradescope and Ed forum. Send an email to cs161-staff@berkeley.edu with 1) your name, 2) your SID, and 3) whether you’re auditing or plan to enroll later.

If you’re just auditing and don’t ever plan on enrolling, please do not submit any assignments that would require staff effort to grade (e.g. problem sets, exams). If you’re auditing and we spend extra staff time grading your work, we will drop you from the class.

Q6: I officially enrolled in the class, but I don’t have access to Gradescope/Ed.

We sync the rosters once a day, so you may need to wait a bit before being automatically added to the class. If you’ve been officially enrolled for 48 hours and haven’t been added, send an email to cs161-staff@berkeley.edu. Please don’t ask us about being added until 48 hours have passed; we don’t have time to manually add each student.

Exams

Q7: When are the exams?

The midterm is on Monday, March 13, 2023, 7–9pm PT.

The final exam is on Friday, May 12, 2023, 3–6pm PT.

Q8: Can I take this class remotely? Do you offer remote exams?

We don’t mandate in-person attendance. However, generally we have found that students learn best through highly interactive discussions and office hours, and we definitely do hope to see you in the classroom at some point during the semester!

We are offering remote exams only at the same time as the scheduled exam. There will be no remote exams starting at any other time. We’ll release a form closer to the exams for you to sign up for a remote exam.

Q9: Do you offer alternate time exams?

If you are unable to take the exam at the scheduled time, we will be offering only one alternate exam time, in-person only, immediately after the scheduled exam. Specifically, the alternate midterm time is Monday, March 13, 2023, 9–11pm PT. The alternate final exam time is Friday, May 12, 2023, 6–9pm PT (we’ll give you a few minutes to walk between exams). There are no other alternate exam times. There are no remote exams at alternate times. We’ll release a form closer to the exams for you to sign up for an alternate-time exam.

Other questions

If you have a question that wasn’t answered above, you can email cs161-staff@berkeley.edu. Please don’t email instructors directly; you will get a faster answer by emailing cs161-staff@berkeley.edu.

Instructors: Raluca Ada Popa and Peyrin Kao

Lecture:

M/W, 5:00–6:30 PM PT in Dwinelle 155

Skip to current week

Date	Lecture	Discussion	HW	Project
Wed 01/18	1. Introduction and Security Principles Slides Recording Ch. 1	No discussion	HW1
Mon 01/23	2. x86 Assembly and Call Stack Slides Recording Ch. 2 x86/GDB Cheat Sheet	61C Review, Security Principles
Wed 01/25	3. Memory Safety Vulnerabilities Slides Recording Ch. 3	61C Review, Security Principles		Project 1 Checkpoint
Mon 01/30	4. Mitigating Memory Safety Vulnerabilities Slides Ch. 4	Memory Safety
Wed 02/01	5. Intro to Cryptography Slides Ch. 5	Memory Safety
Mon 02/06	6. Block Ciphers and Modes of Operation Slides Ch. 6	Memory Safety Mitigations	HW2
Wed 02/08	7. Cryptographic Hashes and MACs Slides Ch. 7 Ch. 8	Memory Safety Mitigations
Mon 02/13	8. PRNGs and Diffie-Hellman Key Exchange Slides Ch. 9 Ch. 10	Symmetric-Key Cryptography		Project 1
Wed 02/15	9. Public-Key Encryption and Digital Signatures Slides Ch. 11 Ch. 12	Symmetric-Key Cryptography
Mon 02/20	Presidents' Day (no lecture)	Integrity, Authenticity, and Diffie Hellman	HW3
Wed 02/22	10. Certificates, Passwords, and Case Studies Slides Ch. 13 Ch. 14	Integrity, Authenticity, and Diffie Hellman
Mon 02/27	11. Bitcoin Slides Ch. 16	Public Key Cryptography, Certificates, and Passwords
Wed 03/01	12. Intro to Web Slides Ch. 18 Ch. 19	Public Key Cryptography, Certificates, and Passwords
Mon 03/06	13. Cookies and CSRF Slides Ch. 20 Ch. 21	No discussion	HW4
Wed 03/08	14. XSS and UI Attacks Slides Ch. 22 Ch. 23	No discussion		Project 2 Design
Mon 03/13	Midterm (7–9pm PT)	Cookies and CSRF
Mon 03/13	15. SQL Injection and CAPTCHAs Slides Ch. 17
Wed 03/15	16. Intro to Networking Slides Ch. 25
Mon 03/20	17. Low-Level Network Attacks Slides Ch. 26 Ch. 28 Ch. 27	SQL Injection and XSS	HW5
Wed 03/22	18. Transport Layer (TCP and UDP) Slides Ch. 29 Ch. 30	SQL Injection and XSS
Mon 03/27	Spring Break	No discussion		Project 2
Wed 03/29	Spring Break	No discussion
Mon 04/03	19. TLS Slides Ch. 31	DHCP, ARP, and WPA	HW6
Wed 04/05	20. DNS Slides Ch. 32	DHCP, ARP, and WPA
Mon 04/10	21. DNSSEC Slides Ch. 33	TLS and TCP		Project 3
Wed 04/12	22. Denial of Service and Firewalls Slides Ch. 34 Ch. 35	TLS and TCP
Mon 04/17	23. Intrusion Detection Slides Ch. 36	DNS	HW7
Wed 04/19	24. Malware Slides Ch. 38	DNS
Mon 04/24	25. Tor Slides Ch. 39	Intrusion Detection, Malware, and Tor
Wed 04/26	26. Overflow/Special Topics	Intrusion Detection, Malware, and Tor
Mon 05/01	RRR week
Wed 05/03	RRR week
Fri 05/12	Final Exam (3–6pm PT)