This course focuses on computer and network security, covering a wide range of topics on both the "defensive" and "offensive" side of the field. Among these will be application security and exploitation (buffer overflows, race conditions, SQL injection, etc), access control and authentication, covert channels, web and website security, network protocol attacks, intrusion detection/prevention, viruses/worms and bots, spyware and phishing, denial-of-service, privacy/anonymity, and computer forensics. The goal of this course is to provide both an appreciation for how to think adversarially with respect to computer systems as well as how to reason about (and implement) a handful of well known attacks and defenses against existing systems.
To complete the projects in this course, you will need to have (or gain) familiarity with C, assembly, JavaScript, PHP, SQL, and Python. We will not explicitly teach these in class and you will be expected to pick up what you need for each project on your own.
Lecture: Tu/Th 8:00–9:20 AM. Pepper Canyon Hall 122.
Discussion: M 4:00–4:50 PM. Center Hall 212.
Instructor: Deepak Kumar
Office Hours: Tuesday 11:00 AM–12:00 PM, or by appointment, CSE 3248.
Teaching Assistant: Bella Jeong, ljeong@ucsd.edu
Office Hours:
Tutor: Manan Patel, mbp001@ucsd.edu
Office Hours:
Tutor: Arul Mathur, armathur@ucsd.edu
Office Hours:
Communication: We use Canvas for announcements; discussion happens on Piazza. You can find the syllabus here.
Submissions: All course assignments will be submitted through Gradescope, accessible through Canvas.
The tentative schedule and readings for the class are below:
Introduction, definitions, reflections on trusting trust, logistics.
How to adopt the security mindset in practical scenarios.
PA1 Due!
Control flow vulnerabilities: Format strings, integer overflows
Readings:
Isolation and privilege in operating systems
Readings:
Side channels, covert channels, attacks and defenses
Readings:
PA2 Due!
Introduction to web models, protocols, architecture
Attacks on the web
Defenses on the web; web measurements today
PA3 Due!
Introduction to networks, TCP/IP, basic attacks
DNS, DDoS, defenses, firewalls, perimeter defense
Users, passwords, multi-factor authentication
Introduction, symmetric-key cryptography
PA4 Due!
Asymmetric-key cryptography, key-exchange
TLS, HTTPS, and the modern web
Usable security and privacy, why Johnny (still) can't encrypt.
PA5 Due!
Sociotechnical security and the beyond.
Discussions happen Mondays from 4 - 5 in Center Hall 212. Discussions will be primarily PA focused and slides from discussion will appear here weekly.
This is a typical project and exam structured course. Grading is based on the following components:
Programming Assignments (40%)
There are five programming assignments (PAs) in the course. The first is worth 4% of your grade and the remainder are each worth 9% of your grade. The schedule of release and due dates for PAs are displayed below. All assignments MAY be done in teams of two, but no more than two per team. Teams can change from PA to PA.
Midterm (25%)
There will be one in-class midterm (90 minutes) in week 6 on 2/12. The midterm will cover both lecture and project material from PA1 – PA3.
Final (35%)
The final exam will be on March 19th, 2026 from 8am–11am. The final exam will be comprehensive for the course, but with material weighted towards the second half of the course.