This course makes use of Athena, MIT's UNIX-based computing environment. OCW does not provide access to this environment.
Course Meeting Times
Lectures: 2 sessions / week, 1.5 hours / session
Prerequisites
6.033 Computer System Engineering
Description
6.858 Computer Security studies the design and implementation of secure computer systems. Lectures cover threat models, attacks that compromise security, and techniques for achieving security, based on recent research papers. Topics include operating system (OS) security, capabilities, information flow control, language security, network protocols, hardware security, and security in web applications. Assignments include labs that involve implementing and compromising a secure web server and web application, and a group final project.
6.858 is primarily intended for seniors and Masters of Engineering students who want to learn about how to build secure computer systems in detail. Ph.D. students are also welcome. Students can use 6.858 to fulfill the engineering concentration requirements for Computer Systems.
Lectures
Each lecture will cover a paper in systems security. Read the paper before lecture, and submit by 10PM the night before:
- An answer to the homework reading question.
- Your own question about the paper (will try to answer in lecture).
We'll discuss the paper in class. Please interrupt, ask questions, and point out mistakes.
Quizzes
There will be two quizzes during our regular lecture time slot. No "final exam" during finals week; second quiz near end-of-term.
Assignments
There are 6 labs and a final project in this course. Labs will look like real-world systems, in some respects: There are many interacting parts written in different languages. We'll look at / write x86 asm, C, Python, Javascript, etc…
There will be a final project at the end of the course (groups of 3–4 people), and presentations during the last week of class. Think of projects you'd like to work on as you're reading papers. Either attack or defense-oriented projects are possible. It is ok to combine this project with other class projects or your own research.
Grading
| ACTIVITIES | PERCENTAGES |
|---|---|
| 2 Quizzes | 20% |
| Lab Exercises | 35% |
| Final Project and Presentation | 25% |
| Homework and Class Participation | 20% |
Lab exercises will be graded on the correctness based on both the lab assignment and whether they fulfill the specifications imposed by the grading / checking scripts. Grading will be done with a staff-version of the Makefile and grading scripts, so you should pass all the tests without any modifications to those files.
Turn-In Policy
You are required to turn in each lab; if you have not turned in all of the labs, you will receive an F. Labs that are turned in but score 0 points will receive a D. You have a total of 72 late hours to use throughout the semester. After you have used up your late hours, each additional day late will incur a full letter grade penalty. Saturday and Sunday both count as days. (Late days are tracked automatically, so you don't need to email before using one.)
Collaboration
You may not collaborate on quizzes. You are welcome to discuss the labs with other students, but you should complete all assignments on your own, and you should carefully acknowledge all contributions of ideas by others, whether from classmates or from sources you have read. Final projects will be in groups, where you should collaborate.
Warning About Security Work / Research on MITnet (and in General)
You will learn how to attack systems so that you know how to defend them. Just because something is technically possible, doesn't mean it's legal.