CMPS 122: Computer Security, Winter 2019


This course introduces computer security to students already familiar with reasonably advanced computer science concepts. Four main areas are covered: System Security, Cryptography, Network Security, and Web Security, with additional miscellaneous topics being covered as time allows. Examples drawn from a range of modern computing systems illustrate these concepts and project work provides practical experience in the design and implementation of security attacks.


Meeting time and place

Lecture meets Tuesdays and Thursdays from 3:20pm to 4:55pm in Kresge Clrm 321.

Discussion section 01A meets Tuesdays from 1:30pm to 2:35pm in Nat Sci Annex 103.

Discussion section 01B meets Wednesdays from 10:40am to 11:45am in Soc Sci 1- 161.

Jump to schedule

Canvas and Piazza

We will use the Canvas site for assignments and submissions, and the Piazza site for communication, discussion, and announcements.

Course Staff

Name Position Email Phone Office/consulting hours
Owen Arden Instructor Turn on JavaScript to view the email address 2-7044 E2-349A, Wednesdays 4:30pm - 5:30pm
(please make a 15-min appointment)
Ana McTaggart TA BE 118, Tuesdays 11am-12
Nitesh Singh TA BE 118, Fridays 11am-12


CMPS 111 or equivalent


Students who pass this course should be able to explain:

  • The principles of computer security
  • Principles and application of basic cryptography including Public-key cryptography
  • Authentication and trusted operating systems
  • Secure network protocols including Kerberos and SSL
  • Attacks and defenses on computer systems
  • Firewalls, intrusion detection, and countermeasures
  • Program security and bug exploits
  • Malicious code: viruses, worms, trojan horses, and more
  • Legal, ethical, governmental, and societal issues in computer security

Students who pass this course should be able to explain:

  • Experience in writing simple to moderately complex security attacks.
  • An appreciation of the impact upon performance of design choices including the selection of algorithms with which a security attack might obfuscate its presence.
  • Increased familiarity with Unix/Linux; C programming, APIs, and System Calls.

Personal responsibility / Legal Liability

In this course we will be discussing in detail attacks that can do significant damage to computer systems. This is in no way an invitation to undertake these attacks or derivations thereof other than with the informed consent of all involved parties.

Always remember that the existence of a security hole is not an excuse to exploit it.

If you want to hack your own machine, that's fine - but if an exploit escapes and damages another computer, you may be prosecuted and potentially imprisoned. These concerns regard simple ethics, UCSC policy, and Californian, United States, and international law.

The UCSC Baskin School of Engineering computing policy clearly states that “Attempts to gain unauthorized access to any information facility, whether successful or not” and “Attempts to alter, damage, delete, destroy or otherwise abuse any computer or network resource” are grounds for disiplinary action. More details here


Students are evaluated on the basis of homeworks, labs, and a final exam.
Written Homework x 5 25% (5% each)
Lab 1 5%
Lab 2 15%
Lab 3 20%
Final Examination 35% ( closed book )
Administration tasks (not graded, but mandatory)
Regrades must be requested within 2 weeks of receiving graded assignment.

Mandatory Course Requirements

You must pass every component (administration, homeworks, labs, and final) to pass the course.

For example, doing well on the homeworks and final but submitting poor (or no) lab solutions will see you fail the class. Similarly, doing well on the labs and homeworks but failing the final will result in you failing the class. Note that if you do not undertake the administration tasks, you will fail the class, regardless of how good the remainder of your work is.

Late submissions


No late submissions


0-24 hours late -15%
24-48 hours late -30%
48-72 hours late -45%
>72 hours late no credit

It is your responsibility to submit your work on time. If exceptional circumstances arise before the due date and time, notify me as soon as you become aware of the issue and it will be taken into consideration. Extension requests received after the submission deadline will be ignored.

Schedule (subject to change)

# Date Topic/notes Assignments
1 Tue 01/08/19 Course overview and introduction (slides)
2 Thu 01/10/19 Principles of Computer Security (slides | big slides)
3 Tue 01/15/19 Policies & Enforcement / Software Security I (slides | big slides)
4 Thu 01/17/19 Smashing Stacks: Offense and Defense (slides | big slides )
demo files
HW 1 due
5 Tue 01/22/19 Web Security I (slides | big slides )
6 Thu 01/24/19 Web Security II (slides | big slides ) Lab 1 due, Lab 2 and HW 3 out
7 Tue 01/29/19 Cryptography I - Symmetric-Key (slides | big slides | additional slides)
8 Thu 01/31/19 Cryptography II - MACs and Public-Key (slides | big slides) HW 2 due
9 Tue 02/05/19 Cryptography III - Digital Signatures & Key Distribution (slides | big slides) HW 3 out
10 Thu 02/07/19 Network Security I - Introduction (handout | slides)
11 Tue 02/12/19 Network Security II - Physical, Network, and Transport Layer Threats ( slides) HW 3 due
12 Thu 02/14/19 (cancelled) Lab 2 due, Lab 3 out
13 Tue 02/19/19 Network Security III - DNS operation and attacks ( slides)
14 Thu 02/21/19 Network Security IV - TLS and DNSSEC
15 Tue 02/26/19 Network Security V - Denial of service ( slides)
16 Thu 02/28/19 Intrusion Detection ( slides)
Fri 03/01/19 Lab 3 Phase I due
17 Tue 03/05/19 Cloud Security ( slides) HW 4 out
18 Thu 03/07/19 Malware ( slides)
Fri 03/08/19 Patrick Wardle (guest speaker) -- E&M B210 @ 2:40pm Lab 3 Phase II due
19 Tue 03/12/19 Final Prep I ( slides | big slides) HW 4 due
20 Thu 03/14/19 Final Prep II ( slides | big slides)
Fri 03/15/19 Lab 3 Phase III due
Based on course materials developed by David Harrison