General Information


Matt Bishop
Office: 2209 Watershed Sciences
Phone: (530) 752-8060
Office Hours: MWF 2:10pm–3:00pm

Teaching Assistant

Tina Mashhour
Office:(Tuesday) 53 Kemper Hall; (Thursday) 55 Kemper Hall
Office Hours: TuTh 9:30am–11:00am


MWF 4:10pm–5:00pm in 6 Wellman

Discussion Sections

ECS 153-A01: T 2:10pm–3:00pm in 1 Wellman
ECS 153-A02: W 5:10pm–6:00pm in 147 Olson0.

Course Outline

Introduce principles, mechanisms, and implementations of computer security; learn how attacks work, how to defend against them, and how to design systems to withstand them

Course Goals

Some goals we hope you achieve:


The prerequisites for this course are ECS 150, Operating Systems, and ECS 152A, Computer Networks. Students who have not taken these courses are at a serious disadvantage in this class, and will be dropped unless the instructor approves them taking the class. To make your case, please complete a Missing Prerequisite Form\footnote{} and give it to the instructor. On this form, state which prerequisite(s) you are missing and why it (they) should be waived.


M. Bishop, Computer Security: Art and Science, Addison-Wesley, Boston, MA (2003). ISBN 0-201-44099-7.
Some updated chapters will be made available on the campus learning management system, Canvas.

Before Each Class

Please do the readings for each class period before the class. We will discuss material from the readings, and if you haven’t done the readings, you might have trouble following along!

Class Web Site

The class web site is on Canvas. To access it, go to and log in using your campus login and password. Then go to ECS 153 in your schedule. Announcements, assignments, handouts, and grades will be posted there, and you must submit assignments there. The alternate web site, has everything except grades, and you cannot submit work there.


All registered students have been given an account on the computer science instructional machines in the basement (the Computer Science Instructional Facility, CSIF). You are also welcome to use your own laptops or desktops, but any programs you turn in will be graded on the CSIF systems. So, be sure they run on the CSIF!


For written homework, please turn in PDF or text files; we will not accept files in other formats (specifically, no DOC or ODT files allowed). As we grade these on a variety of systems, other formats may not print correctly, in which case we will be unable to grade them correctly. All homework is due at 11:55pm on the date stated on the homework, unless otherwise specified. The handout All About Homework discusses homework.

Laboratory Exercises

These exercises will cover handling attacks and programming. The labs involving attacks will require the use of VirtualBox, which is available for free from Oracle at You are free to run it on any system you can; the exercises will be done using virtual machines with specific configurations. The labs involving programs will require you to write programs. They must work on the CSIF systems, as that is where we will grade them. The handout All About Programs discusses programs.

Extra Credit

Extra credit is tallied separately from regular scores. It counts in your favor if you end up on a borderline between two grades at the end of the course. But, not doing extra credit will never be counted against you, because grades are assigned on the basis of regular scores. You should do extra credit if you find it interesting and think that it might teach you something. Remember, though, it is not wise to skimp on the regular assignment in order to do extra credit!


Midterm: to be arranged (in class)
Final: Thursday, December 8 at 8:00am–10:00am in 6 Wellman
No early or late exam will be given; if you miss an exam for medical reasons (you must document this; no other excuses are acceptable), you may be allowed or required to take a make-up exam, or the other parts of the course will be counted proportionally more (the choice is the instructor’s). In particular, forgetting the time or place of an exam is not an excuse for missing it!


Homework  25%
Lab Exercise  25%
Midterm Exam  25%
Final Exam  25%

Academic Integrity

The UC Davis Code of Academic Conduct, available at, applies to this class. In particular, for this course, all work submitted for credit must be your own. You may discuss your assignments with classmates, with the instructor, or with the teaching assistant in the course to get ideas or a critique of your ideas, but the ideas and words you submit must be your own. Unless explicitly stated otherwise, collaboration is considered cheating and will be dealt with accordingly.

Be sure to read the description of plagiarism in the Code of Conduct. In this class, as in every class at the University, plagiarism is absolutely forbidden.

For written homework, you must write up your own solutions and may neither read nor copy another student’s solutions.

For programs, you must create and type in your own code and document it yourself. Note that you are free to seek help while debugging a program once it is written.

A good analogy between appropriate discussion and inappropriate collaboration is the following: you and a fellow student work for competing software companies developing different products to meet a given specification. You and your competitor might choose to discuss product specifications and general techniques employed in your products, but you certainly would not discuss or exchange proprietary information revealing details of your products. Ask the instructor for clarification beforehand if the above rules are not clear.

You can also obtain a PDF version of this. Version of September 20, 2016 at 8:28PM