Welcome guest,
This is a course on computer systems security through a balanced mixture of theory and practice. We’ll start out with building the foundations of security through an exploration of cryptography. From there, we’ll move to more complex, multi-faceted systems such as web applications, operating systems, and networks. Along the way, we’ll explore complementary topics such as authentication, trust, and social engineering, and the security of emergent systems such as cloud security and machine learning. In learning about security in these various domains, you’ll work to develop a “security mindset” that will help you to critically and adversarially analyze the software and systems you approach as a computer scientist even after the course.
We hope you enjoy your stay.
– the cs166 course staff
| Name | Out | In |
|---|---|---|
| Homework 1 | Jan 24 | Feb 3 |
| Homework 2 | Feb 4 | Feb 13 |
| Homework 3 | Feb 14 | Feb 27 |
| Homework 4 | Mar 6 | Apr 1 |
| Homework 5 | Mar 30 | Apr 13 |
| Homework 6 | Apr 14 | Apr 24 |
| Name | Out | In |
|---|---|---|
| Cryptography | Jan 28 | Feb 10 |
| Flag | Feb 11 | Feb {24,27} |
| Handin | Mar 3 | Apr 1 |
| Dropbox | Mar 30 | Apr {9,28} |
| Name | Out | In |
|---|---|---|
| Midterm 1 | Feb 28 | Mar 3 |
| Midterm 2 | Apr 29 | May 5 |
| Jan 23 | Cryptography I: Security Goals, Attacker Models, OTP | w/ Roberto |
| Textbook chapters: 1.1, 1.3.1, 1.3.3, 8.1.1, 8.1.2, 8.1.3, 8.1.6 | ||
| Jan 28 | Cryptography II: Block / Stream Ciphers, Hashes | w/ Roberto, Lilika |
| Textbook chapters: 1.3.4, 8.1.4, 8.1.7, 8.3 | ||
| Jan 30 | Cryptography III: Public Key Cryptography | w/ Roberto |
| Textbook chapters: 1.3.2, 1.3.5, 8.2.1, 8.2.2, 8.4 (except 8.4.2), 7.1.2 | ||
| Feb 4 | Physical Security | w/ Roberto |
| Textbook chapters: 1.2, 2.1, 2.2, 2.6, 9.1 | ||
| Feb 6 | Web Security I: Browser Security, SOP | w/ Roberto |
| Textbook chapters: 7.1, 7.2.3 | ||
| Feb 11 | Web Security II: Session Management, CSRF | w/ Roberto |
| Textbook chapters: 7.2.5, 7.2.7 | ||
| Feb 13 | Web Security III: SQL Injection, XSS | w/ Lilika |
| Textbook chapters: 7.2.6, 7.3.3 | ||
| Feb 18 | Long Weekend (No Class) | |
| Feb 20 | Authentication I: Passwords | w/ Roberto |
| Textbook chapter: 1.4.2 | ||
| Feb 25 | Authentication II: MFA | w/ Roberto |
| Textbook chapter: 2.3.3 Nethanel Gelernter, Senia Kalma, Bar Magnezi, Hen Porcilan: The Password Reset MitM Attack. IEEE Symp. on Security and Privacy, 2017. |
||
| Feb 27 | Malware | w/ Roberto |
| Textbook chapter: 4 Symantec's 2019 Internet Security Threat Report |
||
| Mar 3 | Operating Systems Security | w/ Lilika |
| Textbook chapter: 3 | ||
| Mar 5 | Storage Encryption | w/ Roberto |
| Textbook chapter: 9.7 | ||
| Mar 10 | Networks I: Introduction | w/ Roberto |
| Textbook chapters: 5.1, 5.2.1, 5.2.2, 5.3.1, 5.3.2 | ||
| Mar 12 | Networks II: ARP, IP, TCP, UDP | w/ Roberto |
| Textbook chapters: 5.2.3, 5.3.3, 5.3.4, 5.4.1, 5.4.2, 5.5.3 | ||
| Mar 17 | COVID-19 Break (No Class) | |
| Mar 19 | COVID-19 Break (No Class) | |
| Mar 24 | Spring Break (No Class) | |
| Mar 26 | Spring Break (No Class) | |
| Mar 31 | Networks III: DNS | w/ Lilika |
| Textbook chapters: 6.1 | ||
| Apr 2 | Networks IV: SSL/TLS | w/ Roberto |
| Textbook chapters: 7.1.2, 8.2.4 | ||
| Apr 7 | Cloud Security | w/ Roberto |
| Apr 9 | Blockchains and Cryptocurrencies | w/ Roberto |
| Apr 14 | Privacy and Censorship (Guest Lecture) | w/ Bernardo Palazzi |
| Apr 16 | Adversarial Machine Learning | w/ Roberto |
| Apr 21 | Social Engineering (Guest Lecture) | w/ Ernesto Zaldivar |
| Apr 23 | Usable Security | w/ Olivia, Zachary |
| Apr 28 | Reading Period: Cyber-Physical Security | w/ Lilika |
| Apr 30 | Reading Period (No Class) | |
| May 5 | Reading Period (No Class) |
Sections used to be held Wednesdays @ 8:00pm in CIT 165 (Motorola); starting after March 31, they will now be released as video lectures on the dates listed in the calendar below. They mainly cover topics that’ll be helpful on the course assignments, but we’ll also occassionally discuss other material to complement that discussed in lecture. Attendance is optional and slides will be posted, but some sections contain interactive components (such as demos and whiteboards) that aren’t posted to the website. We’ve provided estimates for how long each section will last below.
| Jan 29 | Cryptography (w/ Olivia) | 20min |
| In this section, we’ll go over a few hints and tips for the Cryptography project. | ||
| Feb 12 | Web Attacks A (w/ Zachary) | 60min |
| In this section, we’ll extend our discussion of CSRF and session-focused vulnerabilities through a broad survey of some advanced web attacks. Along the way, we'll cover complementary tactics such as resource access and business logic. We'll also give some advice on how to approach the Flag project. | ||
| Feb 19 | Web Attacks B (w/ Zachary) | 60min |
| In this section, we'll focus on "code injection"-related attacks similar to the XSS and SQLI exploits we discussed in lecture. We'll also use this background to motivate discussion about client-side modification attacks. Finally, we'll give some hints and tips for the Bob's Router part of the project. | ||
| Feb 26 | Review: Midterm 1 (w/ Zachary) | 75min |
| In this section, we'll review topics from the first half of the course in preparation for Midterm 1. | ||
| Mar 4 | Linux Security / Scripting (w/ Zachary) | 45min |
| In this section, we'll give some advice on how to start working on the Handin project and, more generally, operating systems-based security pentesting. We'll also give a brief primer on Bash scripting and attack automation. | ||
| Apr 12 | Security Design and Dropbox (w/ Olivia) | 20min |
| In this section, we'll discuss the Dropbox support code and some tips for getting started with the implementation phase of the project. | ||
| Apr 26 | Review: Midterm 2 (w/ Zachary) | 75min |
We have two types of TA office hours in CS166—TA Hours and Homework Clinics.
In TA Hours, you can ask for help on anything related to the projects (concepts, clarifications, code, etc.), homework problems, lecture material, or general concepts.
In Homework Clinics, students collaborate on homework problems in a group-work environment under the guidance of the TAs. Homework Clinics are designed specifically to help students on the homework problems or any conceptual problems related to the homework. Any questions outside of the homework content should be directed to TA Hours or Piazza.
@cs.brown.edu suffix, though please do not write to individual course staff unless they have asked you to do so. You can contact the Head TAs and the professor at cs1660headtas@lists.brown.edu.
All students are responsible for the contents of the following documents and registering for the following external services used in the course:
Syllabus: All students are required to read the Syllabus and Collaboration Policy.
Textbook: The textbook for the course is Introduction to Computer Security by Michael T. Goodrich and Roberto Tamassia, 1st Edition.
Gradescope: We use Gradescope for collecting certain assignments and grade distribution. We add students to our Gradescope page manually based on waitlist signups and course registration—if you’re trying to hand in but aren’t able to access the page, please email the HTA list.
Piazza: Join our Piazza board to ask questions about course content (see the Collaboration Policy for question guidelines). The course staff will also post announcements and assignment clarifications to this board.
TopHat: We use TopHat to facilitate “clicker questions” during class. These instructions describe how to set up your personal device for TopHat usage.
Extension Requests: If there are extenuating circumstances preventing you from completing an assignment on time (e.g., illness), you may use this form to request an extension (without using late days) before the assignment is due. (Dean’s Notes and SEAS Accomodations should not go through this form—any inquires of the sort should be sent directly to Roberto.)
Anonymous Feedback: If you have feedback that you’d wish to share anonymously, you can use this form. Emails are tracked on this form, but these email addresses cannot be viewed by the course staff (including the professor) and are only viewable by Thomas Doeppner (Director of Undergraduate Studies).
Undergraduate Missive: The Computer Science department’s Undergraduate Missive contains lots of helpful information regarding asking for help from TAs, Sunlab Consultants, and more. (Some information is useful for graduate students as well.)
Diversity and Inclusion: In addition to the following resources, you can email the Student Advocates for Diversity & Inclusion at diversity.advocates@lists.cs.brown.edu:
Health and Wellness: In addition to the following resources, you can email the Student Advocates for Health & Wellness at wellness.advocates@lists.cs.brown.edu:
Student Groups: The department sponsors several student groups:
CAPS (Counseling and Psychological Services): If you feel yourself falling behind, needing to talk to someone about personal problems, or, in general, want a supportive ear, you may find CAPS helpful—they provide a range of mental health services to the Brown community.
SEAS (Student and Employee Accessibility Services): Brown University is committed to full inclusion of all students. Students who, by nature of a documented disability, require academic accommodations should contact the professor. The staff of the SEAS office can be reached at 401-863-9588 or seas@brown.edu to discuss the process for requesting accomodations.