CSE 127, Spring 2005


Intro to Computer Security

Lectures: MW  5:00-6:20pm  CENTER 216

Instructor: Stefan Savage  - savage@cs.ucsd.edu
Office Hours: Tu 1:00-2:00pm (or by appt); AP&M 5220

Teaching Assistant:  Walter Phillips - whphilli@ucsd.edu
Office Hours: TBD

Course overview

This course focuses on computer and network security, covering a wide range of topics on both the "defensive" and "offensive" side of this field. Among these will be basic cryptography and cryptographic protocols, code security and exploitation (buffer overflows, race conditions, SQL injection, etc), access control and authentication, covert channels, protocol attacks, firewalls, intrusion detection/prevension, viruses/worms and bots, spyware and phising, denial-of-service, privacy/anonymity, and computer forensics. The goal of the course is to provide an appreciation of the fundamental challenges in designing and implementing secure systems as well as and understanding of the base technologies and threats in today's intereconnected environment.


Homeworks are due by the end of class on the day specified. We will reduce homework grades by 20% for each day that they are late. You must hand in a hardcopy of your homework.  We will generally post homework solutions within a week after they are due.


To complete the projects in this course, you will need the ability to develop software programs using the C language.  If you have not used C recently, you may want to refresh your knowledge using one of the many good books on the topic.  In particular I recommend the classic, The C Programming Language, by Kernighan and Ritchie.

These projects and their components with be announced on this Web page as they become availabley.


Your grade for the course will be based on your performance on the homework, programming projects, midterm and final exams using the following weights:

Web board

Class Webboard


Date Lecture Readings Homework Project
3/28 Preliminaries
3/30 What is Security/Intro to Crypto
4/4 Private Key Ciphers
4/6 Public Key Ciphers
4/11 Integrity/Authenticity
4/13 Key Distribution & real protocols
4/18 Passwords/Biometrics
4/20 Side channel attacks
4/25 Software Vulnerabilities I: Buffer Overflows
Smashing the Stack
by Aleph One
4/27 Software Vulnerabilities II
Format String Vulnerabilities
by scut/Team Teso
Homework #1  
5/2 Midterm (answers)     Buffer Overflow Project
5/4 Class cancelled (sick day)      
5/9 Malicious Code
5/11 Malicious Code continued
5/16 Malicious Code continued
5/18 NATs and Firewalls
5/23 DoS and Intrusion Detection
5/25 Protocol Vulnerabilities
5/31 Popourri (but it won't be on the final)
  Homework #2