This page is organized by the weeks of the quarter in which lectures were given. The weeks are in inverse order, on the assumption you will most often be looking for the most recent week.
This class will be taught by Peter Reiher. The textbook is Computer Security: Art and Science, by Matt Bishop. Assigned readings are from this book, unless otherwise indicated. Dr. Bishop has also published a second textbook that contains selected sections of this book, with a similar title. I can't guarantee that all material assigned will actually be in this other book, and it will definitely be at different pages if it's there at all.
I will be lecturing on these subjects during the class.
The TA for the course is Mevlut Turker Garip -- mtgarip@cs.ucla.edu. The labs for this course will consist of 5 hands-on, practical and exploratory projects covering security-related topics, plus a short introduction to the lab software. Office hour and discussion section information will be determined following the first recitation section and posted here.
Instructions for accessing the homework will be given out via email early in the second week of classes and will be discussed during the first recitation sections. Due to travel issues, the first recitation sections will be on Friday, October 4, which is the second week of class. The lab manual and all necessary materials for the labs are located here (login information for these resources will be provided via email).
The final exam for CS 136 will be offered in the scheduled exam slot, Thursday December 12, from 8-11 AM. It will be held in our usual classroom. It will be closed book, closed notes. The exam will be similar in format to the midterm exam, consisting of multiple choice and short answer questions. The exam covers all material from the class, including the weeks prior to the midterm exam. All material on slides, lectured on, or in assigned reading materials could appear on the exam, except for web links to readings that were explicitly accompanied by a note saying they would not be covered.
Here is a sample final exam. Some material on this sample final exam was not covered in this year's class, and thus would not appear on this year's final exam.
Here are the answers to the sample final exam.
Slides:
No readings assigned for this class.
Slides:
No readings assigned for this class.
Since I was delayed on Friday November 22 by a flat tire, we will cover the lecture I intended to give then on Tuesday November 26, instead. Therefore, there will be no new readings and the slides will be the same as those for that earlier lecture.
There will be a recitation section today, instead of a lecture.
Instead of a recitation section, there will be a lecture on Friday, November 22, from 8-10. There will be no recitation section in the afternoon on this Friday.
Slides:
No readings assigned for this Friday class.
There will be a recitation section today, instead of a lecture.
Slides:
No readings assigned for Thursday.
I've fallen nearly a full lecture behind, so there will be no new slides or readings for today. We will complete lecture 13, which I just started last Thursday.
Slides:
CERT's Top 10 Secure Coding Practices.
Apple's recommendations on avoiding buffer overflows.
The following web link is NOT required reading and isn't even related to the topic of this lecture. Instead, it's a brief analysis of the password file that Adobe recently lost, which contained some 38 million customer passwords. Given earlier lectures and readings on the subject, you should be able to readily understand what terrible mistakes Adobe made in keeping its passwords. There are good lessons here on applying cryptography, cryptographic modes, and the use of techniques like password hashing and salting. Recommended reading, though, again, not required; and it goes along with a recommendation that, in your future careers, you NEVER make these mistakes: Adobe's password storage blunders.
Slides:
Textbook: Chapter 22 (pages 613-641)
Slides:
Textbook: Chapter 25 (pages 723-767)
Web link (not required reading; not on the final exam):
SANS' frequently asked question page on intrusion detection contains links to a lot of useful information, without trying to sell you on a particular product.
Midterm.
Slides:
Textbook: Chapter 26 (pages 773-799)
Slides:
Textbook: Chapter 24. (Pages 689-719)
Slides:
Textbook: Chapter 17, Sections 17.1 - 17.2.2 (pages 439-446), introduction to Section 17.3 (pages 446-448), Section 17.3.3 (pages 467-470).
A white paper on full disk encryption.
Slides:
Textbook: Chapter 12 (pages 309-335)
Web links:
A discussion on choosing secure passwords.
A short essay on the limits of using biometrics by Bruce Schneier. This essay is embedded in a longer newsletter. You need only read the section titled "Biometrics in Airports".
Slides:
Textbook: Chapter 10, section 10.2 (pages 246-252).
Slides:
Textbook: Chapter 10, sections 10.1, 10.3, 10.4, and 10.5 (pages 245-246, 252-266)
Slides:
Textbook: Chapter 9, sections 9.2.3-9.7 (pages 228-241)
NOTE: As described in email, there will be an extra lecture this week, on Friday September 27 from 8-10 in the usual classroom. So there will be three lectures during week 1. The materials for the third lecture will be posted before the weekend.
Slides:
Textbook: Introduction to Section IV and Chapter 9, sections 9.1-9.2.2.2 (pages 215-227).
Textbook: Chapter 2 (pages 31-44) and Chapter 15 (pages 381-396).
Slides:
Textbook: Chapter 4, Sections 4.1-4.6 (pages 95-114)
Chapter 5, Sections 5.1-5.2.2 (pages 123-132)
Chapter 6, Sections 6.1-6.2 (pages 151-155)
Chapter 7, Section 7.1 (pages 169-177)
Slides:
Textbook: Chapter 1 (pages 1-25)
Web links:
Improving the Security of Networked Systems, Julia Allen, Christopher Alberts, Sandi Behrens, Barbara Laswell, and William Wilson.
Why Computers Are Insecure, Bruce Schneier. (The link leads to an entire web page on various security subjects. Read it all, if you want, but the assignment is only this essay, which is around a page and a half.)
Social Engineering Fundamentals, Part I: Hacker Tactics Sarah Granger.
The Stuxnet worm was discussed in class. This article talks about how it was analyzed and determined to be intended for taking control of certain kinds of facilities.