Please ensure Javascript is enabled for purposes of website accessibility

Administrative Information

Important: All students are required to read the Syllabus, which outlines the major course policies, and Collaboration Policy, which describes the rules surrounding collaboration with other students and referencing external sources outside of the course. Please make sure you understand these policies well! (The section below elaborates more on some additional policies that aren’t covered in either of those documents.)

What's this course about?

This is a course on computer systems security through a balanced mixture of theory and practice.

We’ll start out with building the foundations of security through an exploration of cryptography. From there, we’ll move to more complex, multi-faceted systems such as web applications, operating systems, and networks. Along the way, we’ll explore complementary topics such as authentication, physical security, social engineering, privacy, anonymity, usability, and the security of emergent systems such as blockchains and machine learning.

By learning about security through these multiple domains, you’ll concretely learn how various classes of attacks appear in a vast variety of scenarios and how they work in practice. You’ll also learn how to evaluate systems adversarially, from writing precise security analyses about subtle issues in protocols to discovering and exploiting vulnerabilities in concrete technical systems for yourself.

Through all of these activities, you’ll ultimately work to develop a specific kind of intuition—a “security mindset”—that will give you the knowledge, vocabulary, and confidence to critically analyze and effectively defend the software and systems you approach as a computer scientist even after the course.

CS162: The Lab

We strongly encourage you to consider taking CS162, the additional half-credit “lab”. If you take CS162, you’ll have the opportunity to work on advanced challenges that will provide you with a greater appreciation of systems security and the “security mindset” as a whole:

CS162 is intended to be taken concurrently with CS166 and provides students with a deeper understanding of the material by doing advanced versions of the CS166’s projects and advanced questions on the written assignments (homeworks and midterms). These advanced versions focus on real-world skills: performing attacks that are more difficult and rely on less serious vulnerabilities, performing attacks against systems with more real-world constraints, and creating attacks that achieve a higher standard of quality than a mere proof of concept.

In previous years, CS162 students report spending approximately 8 to 20 extra hours on each project throughout the semester, though they also note that the additional components are more front-loaded so the second half of the semester is much more flexible. (We anticipate that this will be the same this year.) You do not need any additional experience on the base prerequsites of the course to succeed in CS162—anyone who feels comfortable taking CS166 and is able to put in the extra time should also feel comfortable taking CS162.

If you’re interested, undergraduate and PhD students should register for CS162 as normal on Courses@Brown. (Senior undergraduates are eligible to capstone with CS162—email the HTA list if you intend to capstone.) If you’re a Masters student, you may earn 2000-level credit for CS166 by completing the CS162 requirements—email the HTA list if you want to do this.

Prerequisites

You should have an intro-sequence’s worth of programming experience (016, 018, or 019) and have a good understanding of systems programming (030, 033, 131, or 133). This concretely means that:

  • You should be comfortable writing programs and scripts in the language of your choice (such as Python, Ruby, Bash, Go, C++, etc.), be comfortable in a Unix command-line environment (running binaries, filesystem navigation, etc.) and using SSH with the Brown CS filesystem, have a basic understanding of systems programming concepts such as memory management and networking.
  • You also should have heard of the terms “race condition”, “packet”, “TCP”, “UDP”, “buffer overflows”, and “DNS”. (If you forget what these are, don’t worry—we’ll describe them again when they come up in the latter half of the course.)
  • You should also be at least somewhat comfortable (and very willing) to learn new programming languages and reading code in languages and programs that you’ve never used before. (You’ll get lots of practice with this in this course!)

If you don’t meet the official prerequisites but still want to take the course, talk to the HTAs (they can advise you on your particular situation).

Your willingness to challenge yourself is perhaps the most important prerequsite for the course. Security can be frustrating at times, but the rewards are great—in exchange for engaging with some difficult intellectual challenges, you’ll have the opportunity to gain concrete insights about systems and security and become a better computer scientist by the end of the course.

Lecture Policy

We will have live lecture on Tuesdays and Thursdays @ 1pm - 2:20pm ET using Zoom. The information needed to access the lectures is available on the Piazza board.

Attendance Policy: Attending lectures synchronously and active class participation is highly encouraged, but not required. While lecture will be recorded, class participation will help the instructor better assess your understanding of the topics in determining the final grade.

The instructor determines overall letter grades by taking into account the final numerical grade and, in borderline cases, class participation in both lecture and sections. If you can’t attend lectures, we recommend that you try to attend one of the sections each week (though section attendance is not required). In other words, not attending lecture and section won’t directly impact your grade, but you might get more out of lecture and section if you’re able to participate (and, if you’re at a letter grade boundary, class participation and attendance might positively impact your final letter grade at the instructor’s discretion).

If you’re unable to attend lecture on a given date, you don’t need to notify us. (If you’ll routinely be unable to attend lecture—for instance, due to time zone constraints—email Bernardo briefly explaining why in the first two weeks of the course.)

Asking Questions: During the lecture all students will be muted, but we encourage signaling your questions via Zoom chat. This helps us maintain a queue of student questions. You can either ask your question directly in the chat, or, if you want to ask your question verbally, simply type the word "question" in the chat and Bernardo will signal to you when you can unmute and ask your question.

Recording Policy: Lectures will be recorded and made available to all registered students within 24 hours of the lecture date via this Panopto folder (during shopping period, if you are not officially registered, you need to have CSCI1660 in your Primary Cart on Courses@Brown in order to see the Panopto folder). We will also post lecture slides for each lecture. For organizational and privacy reasons (some course content covers sensitive topics), the lecture recordings (not the slides) will be automatically removed three weeks after each lecture is given. However, if you have extenuating circumstances that prevent you from watching a given lecture within three weeks, email Bernardo to request a one-off extension to view a given lecture past that time.

“Chatting Time”: The 10 minutes following the end of lecture are “Chatting Time”. During “Chatting Time”, Bernardo (and, occassionally, some of your TAs) will remain in the Zoom call and will be available to answer any questions about the lecture material, talk about course logistics, or, in general, just chat with students and other course staff members before the call ends. (“Chatting Time” won’t be included in the Zoom recording.)

Recitation Sections

Zachary and William will lead synchronous weekly recitation sections on most weeks. Sections are optional, but attendance is highly recommended—many students in previous years find that they’re directly helpful on for working on the assignments in the course in preparing for the midterms. (They’re also designed to give you an opportunity to get to work with and meet some of your fellow classmates in the course.) Please see Sections for more information.

Collaboration

The Collaboration Policy details the rules surrounding collaboration on all aspects of the course and plays a major role in the pedagogical goals of the course. Please read it in its entirety and make sure you understand its contents before working on any assignment in this course.

To emphasize the points related to collaborating with other students in the course:

  • Midterms: Must be completed entirely independently. Any form of collaboration on midterms is strictly prohibited other than that detailed in the Collaboration Policy.

  • Projects: Whenever you’re actively interacting with project systems, you must do so entirely independently. “Actively interacting” includes having the project systems (binary, website, etc.) within sight or interacting with them, exploring system source code, writing your deliverables (solutions, writeup, exploit code, video, etc.), and so on. You also may not share your deliverables with others, and you may not read others’ deliverables.

    That said, we allow discussion of projects with other students as long as no student in the discussion is actively interacting with the project systems. You should treat project-based discussions like going to TA hours—that is, focus on high-level hints, prodding questions, and occasional debugging help on narrowly scoped technical issues, but don’t give away full answers. Finally, when you talk to other students about projects, you must cite those students in your handin. See the Policy for more details.

  • Homeworks: You’re permitted to (and encouraged to) discuss any aspect of the homework problems with other students currently in CS166. In this course, the homework problems generally will require you to approach problems from different angles and are designed to encourage discussion amongst students.

    However, you must write your homework solutions entirely independently. You may not share your solutions with anyone (or read solutions written by others). You should not write your solutions while working with other students, and when you’re writing your solutions, you should ensure that you independently understand and can reproduce your answers without referring to notes from collaboration sessions and consulting with other students. (Homework Clinics are not exempt from this policy.) Finally, when you talk to other students about homeworks, you must cite those students in your handin. See the Policy for more details.

Even if you’ve read the above summary, please read the remainder of the Collaboration Policy, since it covers more policies on referencing external sources, how to cite other students in your handins, etc. If you have any questions about the Policy, please ask on Piazza.

All assignments have a due time of 11:59 PM ET with the exception of Midterm 2, which is due at 5:00 PM ET. Solution passwords are at /course/cs1660/pub/solution-passwords.txt.
Tasks
HomeworksOutIn
Homework 0 Jan 22 Jan 28
Homework 1 (solution) Jan 29 Feb 11
Homework 2 (solution) Feb 12 Feb 25
Homework 3 Mar 9 Mar 22
Homework 4 Mar 23 Apr 5
ProjectsOutIn
Cryptography Jan 26 Feb 8
Flag Feb 9 Feb 28
Handin Mar 5 Mar 17
Dropbox Mar 18 Mar 26, Apr 8
MidtermsOutIn
Midterm 1 Mar 1 Mar 4
Midterm 2 Apr 10 Apr 13
Lectures take place on Tuesdays and Thursdays at 1:00pm ET on Zoom. Instructions on how to join the lecture meetings are available on the course Piazza. Lectures, readings, and demos are subject to change, so check the lecture schedule once the slides are posted.
—  X 
/lectureLog.exe
Jan 21 Course Intro: Logistics, Security Principles

Textbook chapters: 1.1, 1.3.1, 1.3.3, 1.3.4, 1.4
In-class demo: Windows XP Key Cracking (w/ Bernardo and William)

w/ Bernardo, William, Zachary
Jan 26 Cryptography I: Symmetric Crypto, OTP, Hash Functions w/ Bernardo, Sierra, Lilika
Jan 28 Cryptography II: Block / Stream Ciphers, Public Key Crypto, Signatures w/ Bernardo, Zachary, Lilika
Feb 2 Cryptography III: MACs, IND-CPA / Authentication I: Passwords, AAA

Textbook chapters: 1.4.2
In-class demo: Windows XP Key Cracking, Explained (w/ Bernardo and William)
Reading: Sections 1–2 and 4–7 of “Defective Sign & Encrypt”

w/ Bernardo, Lilika, William, Zachary
Feb 4 Web Security I: Browser Security, SOP

Textbook chapters: 7.1, 7.2.3
In-class demo: Client-Side Checks on WebGoat (w/ Bernardo)
Reading: Same-origin policy

w/ Bernardo, Lilika, William, Zachary
Feb 9 Web Security II: Session Management, CSRF w/ Bernardo, Lilika, William, Abby
Feb 11 Web Security III: SQL Injection, XSS w/ Lilika, Zachary
Feb 16 Long Weekend (No Class)
Feb 18 Web Security IV: Frameworks / Authentication I.5: Passwords, Again w/ Bernardo, Lilika, Zachary
Feb 23 Authentication II: MFA w/ Bernardo, Lilika, William
Feb 25 Systems I: Malware w/ Bernardo, Lilika
Mar 2 Systems II: Storage Encryption w/ Bernardo, Lilika, Charlotte
Mar 4 Systems III: Operating Systems

Textbook chapter: 3
Reading: CS166 Handin Wiki

w/ Bernardo, Lilika, Charlotte
Mar 9 Networks I: The Layers, MAC, IP, Routing

Textbook chapters: 5.1, 5.2.1, 5.2.2, 5.3.1, 5.3.2
In-class demo: traceroute and ping

Mar 11 Networks II: ARP, TCP, UDP

Textbook chapters: 5.2.3, 5.3.3, 5.3.4, 5.4.1, 5.4.2, 5.5.3
In-class demo: Wireshark

Mar 16 Networks III: NAT, DNS, SSL, TLS

Textbook chapters: 6.1

Mar 18 Networks IV: Cloud Security

Textbook chapters: 7.1.2, 8.2.4

Mar 23 Networks V: Distributed Blockchains, Cryptocurrencies
Mar 25 Networks VI: BGP, Anonymization

In-class demo: Tor

Mar 30 TBA
Apr 1 Social Engineering / Usable Security
Apr 6 TBA
Apr 8 TBA
Apr 13 Reading Period (No Class)
Apr 15 Reading Period (No Class)
Starting with the March 10 section, Zachary or William will hold a single live section at Wednesdays @ 8pm ET.

Starting with the March 10 section, we’ll be switching the section schedule to once per week at Wednesdays @ 8pm ET and the sections will mostly be entirely led in lecture format (i.e. no practice problems) for the remainder of the semester. In each section, we’ll review course content from the past week, cover new content that may be helpful on the assignments, and/or give advice on approaching the technical projects——see below for specific content. As usual, slides will be posted and sections will be recorded for later viewing for those who are unable to attend live.

Jan 27 / 28 Cryptography A Handout Video: Zachary / William
In this section, we’ll go over a few hints and tips for the Cryptography project and, more generally, how to think about the "security mindset". We'll also cover some additional material on hash functions. (This week's practice handout will focus on the Cryptography I lecture.)
Feb 3 / 4 Cryptography B Handout Video: Zachary / William
In this section, we’ll review the second half of the Cryptography lectures. (This week's practice handout will focus on the second half of the Cryptography lectures.)
Feb 10 / 11 Web Security A Handout Video: Zachary / William
In this section, we’ll extend our discussion of CSRF and session-focused vulnerabilities to some new web attacks. We'll also give some advice on how to approach the Flag project. (This week's practice handout will focus on the first half of the Cryptography lectures—with the exception of SOP content, which you'll review more on Homework 2!)
Feb 17 / 18 Web Security B Handout Video: Zachary / William
In this section, we'll focus on "code injection"-related attacks similar to the XSS and SQLI exploits we discussed in lecture. We'll also use this background to motivate discussion about client-side modification attacks. Finally, we'll give some hints and tips for the Bob's Router part of the project.
Feb 24 / 25 Review: Midterm 1 Handout Video: Zachary
In this section, we'll spend a little bit of time reviewing the Authentication lectures, but we’ll spend most of the remaining time hosting an open Q&A to review previous content from the course in preparation for Midterm 1.
Mar 3 / 4 No Section (Midterm)
Mar 10 Unix Security + Handin
In this section, William will connect our discussion from the Systems III lecture to a much broader security idea we've previously seen in the course ("code as data") and talk about some tips for the Handin project. This section covers new material that relies on past lecture content, so make sure you're up-to-date on the lectures before attending. (No section handout this week.)
Mar 17 DNSSEC
In this section, Zachary will extend our discussion from the Networks III lecture to DNSSEC and cover the more intricate details about the protocol; relevant to Homework 4. This section covers new material that relies on past lecture content, so make sure you're up-to-date on the lectures before attending. (No section handout this week.)
Mar 24 Summing It All Up: Dropbox
In this section, we'll recap some ideas from the Cryptography, Networks, Cloud Security, and Blockchains lectures to show how you might find some inspiration in past course material for the Dropbox project. (No section handout this week.)
Mar 31 No Section
Apr 7 No Section
There will be no Midterm 2 review section, but the Homework Clinics will remain open during this time for general questions in preparation for the midterm (even though there is no homework out during this time)—if you have questions about course content, please attend one of the Homework Clinics this week!
Apr 14 No Section (Midterm)

We have two types of TA office hours in CS166.

In Project Hours, you can ask for help on anything related to the projects (clarifications, code, etc.), lecture material, or general concepts. Any questions about homework content should be directed to Homework Clinic or Piazza (exception: CS162 students may ask about CS162-only homework content at Project Hours).

In Homework Clinics, students collaborate on homework problems in a group-work environment under the guidance of the TAs. Homework Clinics are designed specifically to help students on the homework problems or any conceptual problems related to the homework. Any questions outside of the homework content should be directed to TA Hours or Piazza.

SUNLAB
All emails below have a @cs.brown.edu suffix, though please do not write to individual course staff unless they have asked you to do so. Most questions related to the course should be posted on Piazza, though for sensitive matters you can contact the Head TAs and the professor at cs1660headtas@lists.brown.edu.
Who Is The Impostor?
Bernardo Palazzi
bernardo@cs - Instructor - he/him
If you look hard enough around the spaceship, you might just find a clue...
Lilika Markatou
emarkato@cs - Grad TA
If you look hard enough around the spaceship, you might just find a clue...
William Schor
wschor@cs - Head TA - he/him
William is 100% sure Zachary is The Impostor. He even saw him pop out of a vent! Plus, Zachary seems to suspect him and that is very suspicious. If he can survive this round, he will continue to enjoy studying cryptography, watching the Denver Nuggets, and skiing.
Zachary Espiritu
zespirit@cs - Head TA - he/him
Zachary doesn't remember exactly where he was when the body was found, and he knows that sounds really suspicious, but he's definitely not The Impostor since he's sure that William must be it instead. Despite some close calls in the last voting rounds, he's survived long enough to Head TA CS166 for the third time. When he's not stranded in the middle of space, he's interested in structural encryption, multi-party computation, theater lighting design, cooking seafood dishes, and rhythm games.
Abigail (Abby) Siegel
as130@cs - UTA-STA - she/her
Abby was in Security completing a grading task when the meeting was called, so there's no way she could be The Impostor. She was also with Charlotte for while, so is pretty sure Charlotte's not The Impostor either. This is Abby's second year as a TA for CS166. When she's not playing Among Us, Abby likes playing piano and playing ping-pong.
Charles Somerville
csomerv1@cs - UTA - he/him
Charles has honestly just been doing tasks. Outside of the close call with Marcus at cameras where they gave each other the universal nod of non-violence, he doesn't have much suspicion on anyone. After the last few votes he's focused on helping out The Impostor and with his previous knowledge of CS166 he probably won't be caught off guard. When he's not skating around the ship, you can find him studying how cryptography and technological legislation affects marginalized groups of people.
Charlotte Whatley
cwhatley@cs - UTA - she/her
Charlotte was on cams when the body was found...and she definitely saw Abby vent. When she’s not spying on her crew-mates, she enjoys working with Full Stack @ Brown, drumming with Gendo Taiko, cooking, rock climbing, and playing the cello!
Erica Li
eli32@cs - UTA - she/her
Erica has a hard time navigating the map and finding where to go to complete the tasks, and it's not because she's The Impostor...Erica is lost on the ship and is suspicious of everyone.
Jian Cong Loh
jloh4@cs - UTA - he/him
Unable to function and complete his tasks without his daily cup of coffee, JC was in the cafeteria buying a drink when the body was reported. As a huge foodie, he can in fact be found in the cafeteria most of the time, making him an unlikely suspect for any murders (but also a poor Crewmate).
Kento Nambara
knambara@cs - UTA - he/him
Kento was adjusting the temperature when the body was found, yet many of his crew mates accuse him of being The Impostor. They frequently find that his location is unpredictable and his actions are suspicious, even though in reality, he just enjoys leisurely going on runs and is often confused with the ship's mechanics. After many stressful days of evading The Impostor(s) with limited food supply, he is longing for some Japanese cuisine.
Marcus Mitchell
mmitch15@cs - UTA - he/him
As much as he feels like he doesn’t belong in the department sometimes, there’s no way Marcus is The Impostor; he says he was too busy catchin' hands online in Ninja Storm 4 to sneak up on anyone. When he’s not eating and procrastinating laundry, u can prolly find him masked up rollerblading around Providence.
Sierra Rowley
srowley2@cs - UTA - she/her
Sierra was wandering the ship alone when the dead body was reported. She really enjoys long dimly lit walks through the corridors and staring out at the starry sky. She claims she was just leaving electrical after finishing up a task, but who is to really say?
Willem Speckmann
wspeckma@cs - UTA-STA
If you look hard enough around the spaceship, you might just find a clue...

Resources

Course Documents

All students are responsible for the contents of the following documents and registering for the following external services used in the course:

  • Syllabus and Collaboration Policy: All students are required to read the Syllabus and Collaboration Policy. By working on any assignment in this course, you agree to the contents of both documents.

  • Textbook: The textbook for the course is Introduction to Computer Security by Michael T. Goodrich and Roberto Tamassia, 1st Edition. The lecture schedule includes supplementary readings from the textbook, and you’ll find the textbook directly helpful on most assignments in this course.

  • Gradescope: We use Gradescope for collecting certain assignments and grade distribution. We add students to our Gradescope page manually based on waitlist signups and course registration—if you’re trying to hand in but aren’t able to access the page, please email the HTA list.

  • Piazza: Join our Piazza board to ask questions about course content (see the Collaboration Policy for question guidelines). The course staff will also post announcements and assignment clarifications to this board. All Piazza questions must be posted privately by default, though the course staff will make posts public when necessary.

  • Regrade Policy: Before submitting a regrade request, please read the Regrade Policy.

Forms

Extension Requests: If there are extenuating circumstances preventing you from completing an assignment on time (e.g., illness), you may use this form to request an extension (without using late days) before the assignment is due. (Dean’s Notes and SEAS Accomodations should not go through this form—any inquires of the sort should be sent directly to Bernardo.)

Anonymous Feedback: If you have feedback that you’d wish to share anonymously, you can use this form. Emails are tracked on this form, but these email addresses cannot be viewed by the course staff (including the professor) and are only viewable by Thomas Doeppner (Director of Undergraduate Studies).

Department Resources

Undergraduate Missive: The Computer Science department’s Undergraduate Missive contains lots of helpful information regarding asking for help from TAs, Sunlab Consultants, and more. (Some information is useful for graduate students as well.)

Diversity and Inclusion: In addition to the following resources, you can email the Student Advocates for Diversity & Inclusion at diversity.advocates@lists.cs.brown.edu:

Health and Wellness: In addition to the following resources, you can email the Student Advocates for Health & Wellness at wellness.advocates@lists.cs.brown.edu:

Student Groups: The department sponsors or is affiliated with several student groups:

  • CS for Social Change: Focuses on the intersection of computer science and social impact.
  • CS DUG (Department Undergraduate Group): Seeks to increase undergraduate participation in the department and continue the Brown legacy of involved undergraduates.
  • Mosaic+: Student-led diversity initiative to create an inclusive space for racially and ethnically underrepresented minority (URM) students.
  • oStem@Brown: Student group that aims to empower LGBTQ people studying or working in STEM fields to succeed personally, academically, and professionally.
  • WiCS (Women in Computer Science): Student group that aims to support and increase the participation of women in the field of Computer Science.
  • Full Stack @ Brown: A Brown University club committed to promoting the education of full stack software engineering by working on applications for the Brown community and beyond.

University Resources

Writing Center: The Writing Center offers free consultations for students who would like to improve the quality of their writing; this is relevant in CS166 since the written components of the course involve communicating complex technical ideas clearly, concisely, and precisely. Appointments can be scheduled on the Writing Center website or by emailing writing_center@brown.edu.

CAPS (Counseling and Psychological Services): If you feel yourself falling behind, needing to talk to someone about personal problems, or, in general, want a supportive ear, you may find CAPS helpful—they provide a range of mental health services to the Brown community. The office can be reached at 401-863-3476 or counseling@health.brown.edu.

SAS (Student Accessibility Services): Brown University is committed to full inclusion of all students. Students who, by nature of a documented disability, require academic accommodations should contact the professor. The staff of the SAS office can be reached at 401-863-9588 or seas@brown.edu to discuss the process for requesting accomodations.

Ombudsperson Office: The Ombuds Office provides a safe, informal, and confidential service independent from the University administration for students involved in a University-related problem (academic or administrative), acting as a neutral complaint resolver and not as an advocate for any of the parties involved in a dispute. The Ombudsperson can provide information on policies and procedures affecting students, facilitate students’ contact with services able to assist in resolving the problem, and assist students navitgate conflicts concerning improper application of University policies or procedures. All matters referred to this office are held in strict confidence (with the exception of cases where there appears to be imminent threat of serious harm).

Student Support Services: Student Support Services assists students with a wide-range of issues and concerns that might arise during their time at Brown. The Student Support Services Deans provide 24-hour crisis services for undergraduate, graduate, and medical students with personal or family emergencies, and are available by appointment to consult with individual students about their personal questions/concerns, thus allowing students to succeed and thrive in their academic pursuits.

Administrator on Call: The Student Support Services office manages Brown’s Administrator On Call (AOC) system which provides a mechanism for Brown students to seek assistance in emergency situations after business hours. An AOC is able to respond to students, connect them with resources and referrals, consult with colleagues as needed, and gather information for additional follow-up during business hours. To reach the AOC, call 401-863-3322 and ask to speak to the Administrator-On-Call.

FAQs

How do I get on the waitlist?

See Waitlist.

What’s the difference between 166 and {151, 165, 180, 239}?

Each of these courses cover relatively disjoint material, and you’ll learn completely different things in all of them. (If you haven’t taken any of them—great! CS166 is a great introduction to the field, and you’ll learn a lot through this course. If you have taken a subset of these courses—also great! A lot of CS166’s material will still be new to you, and all of these courses are useful in terms of honing your security mindset for the long-term.)

  • 151 focuses on cryptography from a theoretical and more formal perspective by building on the concepts learned in 101 and involves proving that cryptosystems are secure under defined, precise notions of security.
    • In comparison, 166 looks at a small slice of applied cryptography, and we generally assume the cryptographic tools that we’re using are “secure”. We instead focus on the practical applications of conventional cryptography as it applies to computer systems.
  • 165 is a deep-dive into software security, which focuses on low-level memory vulnerabilities (i.e. on the stack), and coursework primarily focuses on developing attacks.
    • In comparison, 166 looks at higher-level abstractions (cryptography, browser and web applications, networks, etc.) and principles of systems security. Our coursework also focuses on a mix of discovering attacks and designing defenses. (We don’t really look at software security / stack-based code execution vulnerabilities at all.)
  • 180 looks at cybersecurity from a more historical and policy-driven perspective.
    • In comparison, 166 motivates much of its content with historical examples (but is primarily about technical details).
  • 239 is about privacy engineering—making sure that the data is either not collected in the first place or, if collected, not misused.
    • In comparison, 166 focuses on the whole of the “CIA” mnemonic of “confidentiality”, “integrity”, and “availability”; some of the techniques used in privacy engineering overlap with 166 content, but our usage and analysis of those techniques differs.

Can I use this course as a ugrad capstone?

If you’re a 7th semester (or greater) undergraduate, then you can use CS166 as a capstone by completing the CS162 requirements—you’ll need to register for CS162, and you need to email the HTA list.

Can I use this course for 2000-level credit?

If you’re a graduate student, then you can use CS166 for 2000-level credit by completing the CS162 requirements.

  • If you’re a Masters student and want 2000-level credit, you should not register for CS162 (since it’ll cost you more tuition!). Instead, you should email the HTA list indicating that you intend to complete the CS162 requirements for 2000-level credit.

  • If you’re a PhD student and want 2000-level credit, then you should register for CS162. (No need to email the HTA list in this situation.)

Do I have to attend lectures synchronously?

Please read the Lecture Policy. If you are looking to request Simultaneous Enrollment Permission on ASK to register for another class in the same timeslot as CS166, please email the instructor—we will approve such requests, but please note that lecture attendance and class participation in CS166 can help your final grade in borderline cases.