The Course
In this class you will learn how to design secure systems and write secure code. You will learn how to find vulnerabilities in code and how to design software systems that limit the impact of security vulnerabilities. We will focus on principles for building secure systems and give many real world examples. In addition, the course will cover topics such as:
- memory safety vulnerabilities,
- techniques and tools for vulnerability detection,
- sandboxing and isolation,
- web security,
- network security,
- malware detection and defense, and
- mobile platform security.
Course homework and labs will teach students how to find vulnerabilities and how to fix them. The labs are designed to help students practice the principles of secure system design.
Prerequisites
This course is intended for Computer Science students who have some programming background in C and C++.
Frequently Asked Questions
- What is the format of the class?
The class will consist of lecture videos, which are broken into small chunks, usually between eight and twelve minutes each. Some of these may contain integrated quiz questions. There will also be standalone quizzes that are not part of video lectures, and other assignments. There will be approximately two hours worth of video content per week.
- Will the text of the lectures be available?
We hope to transcribe the lectures into text to make them more accessible for those not fluent in English. Stay tuned.
- Do I need to watch the lectures live?
No. You can watch the lectures at your leisure.
- Can online students ask questions and/or contact the professor?
Yes, but not directly There is a Q&A forum in which students rank questions and answers, so that the most important questions and the best answers bubble to the top. Teaching staff will monitor these forums, so that important questions not answered by other students can be addressed.
- How much programming background is needed for the course?
The course assumes knowledge of programming languages such as C and C++ as well as an understanding of basic concepts from operating systems such as processes and threads. While we will try to make the lectures self contained, students without the necessary pre-requisites will need to make up the material by referring to online resources.
- Will other Stanford or Berkeley resources be available to online students?
No.
The Instructors
Professor Dan Boneh heads the applied cryptography group at the Computer Science department at Stanford University. Professor Boneh's research focuses on applications of cryptography to computer security. His work includes cryptosystems with novel properties, web security, security for mobile devices, digital copyright protection, and cryptanalysis. He is the author of over a hundred publications in the field and a recipient of the Packard Award, the Alfred P. Sloan Award, and the RSA award in mathematics. Last year Dr. Boneh received the Ishii award for industry education innovation. Professor Boneh received his Ph.D from Princeton University and joined Stanford in 1997.
Professor John Mitchell is the Mary and Gordon Crary Family Professor in the Department of Computer Science at Stanford University. His research focuses on web security, network security, privacy, programming language analysis and design, formal methods, and applications of mathematical logic to computer science. He is Editor-in-Chief of the Journal of Computer Security and his past awards include a Director's Award from the U.S. Secret Service for his efforts in connection with the Electronic Crimes Task Force. Prof. Mitchell is the Stanford principal investigator for the TRUST NSF Science and Technology Center and Chief Computer Scientist of the SHARPS Center for Healthcare IT Security and Privacy.
Professor Dawn Song is Associate Professor of Computer Science at UC Berkeley. Prior to joining UC Berkeley, she was an Assistant Professor at Carnegie Mellon University from 2002 to 2007. Her research interest lies in security and privacy issues in computer systems and networks, including areas ranging from software security, networking security, database security, distributed systems security, to applied cryptography. She is the recipient of various awards including the MacArthur Fellowship, the Guggenheim Fellowship, the NSF CAREER Award, the Alfred P. Sloan Research Fellowship, the MIT Technology Review TR-35 Award, and Best Paper awards.
