Same-Origin Policy

Cryptography

Diffie-Hellman key exchange

Bitcoin

UI Attacks

WPA (WiFi Protected Access)

DNS (Domain Name System)

Malware

Cookies

Memory Safety Vulnerabilities

Pseudorandom Number Generator (PRNG)

Passwords

Cross-Site Scripting (XSS)

DHCP (Dynamic Host Configuration Protocol)

Transport Layer Security (TLS)

Intrusion Detection

Asymmetric Key Cryptography

x86 assembly language

Cryptographic Hashes

Digital signature

Session Management

Networking

TCP (Transmission Control Protocol)

Denial-of-Service (DoS) Attacks

Message authentication code (MAC)

Call stack

Certificates

Cross-Site Request Forgery (CSRF)

ARP (Address Resolution Protocol)

UDP (User Datagram Protocol)

Firewalls

Memory Safety

Security Principles

Public-key cryptography

DNSSEC

Anonymity

SQL Injection

Symmetric-key Cryptography

Border Gateway Protocol (BGP)

CS 161: Computer Security UC Berkeley Summer 2022 This course offers an introduction to computer security, including cryptography, operating system security, network security, and software security. It uses case studies from real-world systems. Prerequisites include experience working with large codebases and a basic understanding of modular arithmetic/set notation. Introduction to computer security. Cryptography, including encryption, authentication, hash functions, cryptographic protocols, and applications. Operating system security, access control. Network security, firewalls, viruses, and worms. Software security, defensive programming, and language-based security. Case studies from real-world systems.  The prerequisites for CS 161 are:

- CS 61B (Data Structures), for experience working with large codebases (500–1000 lines of code) and basic data structures. This is relevant for Project 2.
- CS 61C (Machine Structures), for understanding of C memory layout and hex/binary number representation. This is relevant for the memory safety unit (Project 1). All necessary CS 61C content will be reviewed during lecture.
- CS 70 (Discrete Math and Probability Theory), for basic understanding of modular arithmetic/set notation and some mathematical intuition. This is relevant in the cryptography unit. We will review any necessary CS 70 content in lectures, so don’t worry if you don’t feel very comfortable with all the CS 70 material.

We assume basic knowledge of C and Python. Some basic familiarity with Unix systems is helpful for Project 1. Project 2 is done in Go and we won’t have any lectures on Go syntax, so we expect students to be able to learn the basics of the language on their own. The readings are all linked on [the course website](https://su22.cs161.org/) and freely available. The majority of readings come from the [course textbook](https://textbook.cs161.org/), which is freely available for you to use as a study and review resource. All readings are optional (but recommended) unless otherwise indicated.

CS 161: Computer Security

Computer Security and Cryptography

Web Technologies

Web Protocols

Denial-of-service attack (DoS attack)

Transport Protocols

Stream ciphers

Operating System Security

Physical Security

OS Isolation

Authorization

Cloud Security

Accounting

Storage Encryption

Web Security Model

Networks

One-time pad

Hash functions

Scanning

Block cipher

Authentication

OS Privileges

Browser Security

CS1660: Computer Systems Security Brown University Spring 2022 CS1660 delivers a balanced mix of theory and practice in computer systems security. Starting with the foundational aspects of cryptography, the course navigates through security aspects of web applications, operating systems, and networks. Students will hone their "security mindset," learning to identify vulnerabilities and understand defenses across different domains. CS1660 (formerly called CS166) is a course on **computer systems security** through a balanced mixture of theory and practice.

We’ll start out with building the foundations of security through an exploration of **cryptography**. From there, we’ll move to more complex, multi-faceted systems such as **web applications**, **operating systems**, and **networks**. Along the way, we’ll explore complementary topics such as authentication, physical security, social engineering, privacy, anonymity, usability, and the security of emergent systems such as blockchains and machine learning.

By learning about security through these multiple domains, you’ll concretely learn how various classes of attacks appear in a vast variety of scenarios and how they work in practice. You’ll also learn how to evaluate systems adversarially, from writing precise security analyses about subtle issues in protocols to discovering and exploiting vulnerabilities in concrete technical systems for yourself.

Through all of these activities, you’ll ultimately work to develop a specific kind of intuition—a ***“security mindset”***—that will give you the knowledge, vocabulary, and confidence to critically analyze and effectively defend the software and systems you approach as a computer scientist even after the course. - Provide an introduction to computer security
    - Overview security threats and defenses
- Help you develop a security-aware mindset:
    - Take the big picture and understand the details
- Learning by practicing
    - Consider ethical implications and tradeoffs of using, building, and testing secure systems You should have an intro-sequence’s worth of programming experience ([0160](https://cs.brown.edu/courses/info/csci0160/), [0180](https://cs.brown.edu/courses/info/csci0180/), or [0190](https://cs.brown.edu/courses/info/csci0190/)) and have a good understanding of systems programming ([0300](https://cs.brown.edu/courses/info/csci0300/), [0330](https://cs.brown.edu/courses/info/csci0330/), [1310](https://cs.brown.edu/courses/info/csci1310/), or [1330](https://cs.brown.edu/courses/info/csci1330/)). This concretely means that:

- You should be comfortable writing programs and scripts in the language of your choice (such as Python, Ruby, Bash, Go, C++, etc.), be comfortable in a Unix command-line environment (running binaries, filesystem navigation, etc.) and using SSH with the Brown CS filesystem, have a basic understanding of systems programming concepts such as memory management and networking.
- You also should have heard of the terms “race condition”, “packet”, “TCP”, “UDP”, “buffer overflows”, and “DNS”. (If you forget what these are, don’t worry—we’ll describe them again when they come up in the latter half of the course.)
- You should also be at least somewhat comfortable (and very willing) to learn new programming languages and reading code in languages and programs that you’ve never used before. (You’ll get lots of practice with this in this course!)
 
*If you don’t meet the official prerequisites* but still want to take the course, please feel free to ask the instructors–we are happy to discuss your individual situation to determine if the course is right for you!

Your willingness to challenge yourself is perhaps the most important prerequsite for the course. Security can be frustrating at times, but the rewards are great. In exchange for engaging with some difficult intellectual challenges, you’ll have the opportunity to gain concrete insights about systems and security and become a better computer scientist along the way! 

CS1660: Computer Systems Security