General Information

Catalog description | Class meetings | Who should take 6.566 | Communication | Grading | Turn-in | Collaboration | Warning | Staff

MIT catalog description

Prereq.: 6.102 and 6.180

Design and implementation of secure computer systems. Lectures cover attacks that compromise security as well as techniques for achieving security, based on recent research papers. Topics include operating system security, privilege separation, capabilities, language-based security, cryptographic network protocols, trusted hardware, and security in web applications and mobile phones. Labs involve implementing and compromising a web application that sandboxes arbitrary code, supporting TLS certificates, and adding two-factor authentication.

Class meetings

Lectures will be held TR 2:30-4 in 45-230.

Who should take 6.566?

6.566 is primarily intended for seniors, M.Eng., and PhD students who want to learn about how to build secure computer systems in detail. 6.566 counts as a systems TQE subject.


We will distribute assignments and announcements on the course web site. We expect students to check the 6.566 schedule and Piazza frequently. If you hear a rumor, check it there.

Grading policy

Grades in 6.566 will be based on the results of two quizzes (one in the middle of the term and one in final's week, 35% in total), labs 1-5 (55%), and class participation and homeworks (e.g., lecture question and reading answer) (together 10%). We expect students to attend the two quizzes at the time/location posted on the schedule.

Lab exercises will be graded on the correctness based on both the lab assignment and whether they fulfill the specifications imposed by the grading/checking scripts. Grading will be done with the unmodified Makefile and grading scripts, so you should pass all the tests without any modifications to those files.

Turn-in policy

Labs are due by 5pm on their due date (typically Friday). Lecture reading questions are due before lecture (2:30pm).

If you need an extension on a lab assignment due to extenuating circumstances, please contact MIT S3; we will give an extension on recommendation from an S3 dean. We will not accept late submissions of lecture reading questions.

If you have scheduling conflicts (e.g., need to attend a job interview, an athletic event), please plan in advance to turn in the assignments on time. If your plan failed and S3 will not recommend an extension, we will give a total of 3 late days for labs throughout the semester, to be used as whole days. You will need to contact the course staff to explain your situation and to get the extension added in Gradescope.


You may not collaborate on quizzes. You are welcome to discuss the labs with other students, but you should complete all assignments on your own, and you should carefully acknowledge all contributions of ideas by others, whether from classmates or from sources you have read.


You'll learn how to attack computer systems in this class in order to better understand how to design defenses. Please don't attack other people's computers or information without their prior permission. As well as being a bad idea, it may be illegal or a violation of MIT network rules and can get you into serious trouble. Don't do it.


E-Mail Office
Nickolai Zeldovich 32-G994

Teaching assistants
Anna Arpaci-Dusseau
Sanjit Bhat
Kelly Lam
Bill Wang
Derek Leung

TA office hours
Time Location TA
Monday 2p-4p 24-319 Kelly
Monday 4p-6p 24-115 Anna
Tuesday 9a-11a 24-319 Sanjit
Wednesday 11a-1p 24-321 Kelly
Wednesday 1:30p-5:30p 24-319 Derek
Thursday 9a-11a 24-323 Sanjit
Thursday 12p-2p 24-323 Anna
Saturday 9:30a-11:30a 24-121 Bill
Sunday 9:30a-11:30a 24-121 Bill

Course mailing list:
Use this mailing list to contact all the 6.566 staff.