Prereq.: 6.1020 and 6.1800
Design and implementation of secure computer systems. Lectures cover attacks that compromise security as well as techniques for achieving security, based on recent research papers. Topics include operating system security, privilege separation, capabilities, language-based security, cryptographic network protocols, trusted hardware, and security in web applications and mobile phones. Labs involve implementing and compromising a web application that sandboxes arbitrary code, supporting TLS certificates, and adding two-factor authentication.
Lectures will be held TR 2:30-4 in 26-100.
6.5660 is primarily intended for seniors, M.Eng., and PhD students who want to learn about how to build secure computer systems in detail. 6.5660 counts as a systems TQE subject.
We will distribute assignments and announcements on the course web site. We expect students to check the 6.5660 schedule and Piazza frequently. If you hear a rumor, check it there.
Grades in 6.5660 will be based on the results of two quizzes (one in the middle of the term and one in final's week, 35% in total), labs 1-5 (55%), and class participation and homeworks (e.g., lecture question and reading answer) (together 10%). We expect students to attend the two quizzes at the time/location posted on the schedule.
Lab exercises will be graded on the correctness based on both the lab assignment and whether they fulfill the specifications imposed by the grading/checking scripts. Grading will be done with the unmodified Makefile and grading scripts, so you should pass all the tests without any modifications to those files.
Labs are due by 5pm on their due date (typically Friday). Lecture reading questions are due before lecture (2:30pm).
If you need an extension on a lab assignment due to extenuating circumstances, please contact MIT S3; we will give an extension on recommendation from an S3 dean. We will not accept late submissions of lecture reading questions.
If you have scheduling conflicts (e.g., need to attend a job interview, an athletic event), please plan in advance to turn in the assignments on time. If your plan failed and S3 will not recommend an extension, we will give a total of 3 late days for labs throughout the semester, to be used as whole days. You will need to contact the course staff to explain your situation and to get the extension added in Gradescope.
You may not collaborate on quizzes. You are welcome to discuss the labs with other students, but you should complete all assignments on your own, and you should carefully acknowledge all contributions of ideas by others, whether from classmates or from sources you have read.
You'll learn how to attack computer systems in this class in order to better understand how to design defenses. Please don't attack other people's computers or information without their prior permission. As well as being a bad idea, it may be illegal or a violation of MIT network rules and can get you into serious trouble. Don't do it.
|Srini Devadas||devadas at csail.mit.edu||32-G844|
|Nickolai Zeldovich||nickolai at csail.mit.edu||32-G994|
|Anish Athalye||aathalye at mit.edu|
|Ben Kettle||bkettle at mit.edu|
|Richard Liu||rtliu at mit.edu|
|Ariel Szekely||arielck at mit.edu|
|Michael Wang||mi27950 at mit.edu|
TA office hours
Course mailing list:
Use this mailing list to contact all the 6.5660 staff.