The prerequisites for CS 161 are:

We assume basic knowledge of C and Python. Some basic familiarity with Unix systems is helpful for Project 1. Project 2 is done in Go and we won’t have any lectures on Go syntax, so we expect you to be able to learn the basics of the language on your own.


We will have a 90-minute live lecture on Tuesdays and Thursdays, 12:30pm-2:00pm PT, over Zoom.

Students wanting to access the Zoom lecture live will need to be logged in to their Zoom account. The lectures are designed to be interactive: please use the Zoom chat to both communicate amongst participants and ask questions. One discovery we learned last semester is that text-based chat actually improves the lecture feedback loop.

During the lecture all students will be muted and cameras-off, but after lecture there will be an opportunity where all microphones are unmuted and cameras can be enabled as a substitute for the “post-lecture” discussion where people would come up to the front.

Lecture attendance is optional, but minor extra credit (1% of your total grade) may be available for attendance. Recordings will be posted afterward.

Discussion Sections

Discussion sections will be held at scheduled times in Zoom meetings. The discussion schedule will be posted on the course calendar when the semester starts.

We will encourage (but NOT require) students to enable the camera and microphone for discussion. Since the point of discussion is to replicate as much as possible the in-person experience and there is a lot of communication bandwidth in the visual channel, we want to keep as much of that as possible.

Discussion attendance is optional, but minor extra credit (1% of your total grade) may be available for attendance. You can attend any discussion section you want. Walkthrough recordings of discussion worksheets will be available.

Office Hours

Office hours will be held at scheduled times in Zoom meetings. We will manage office hours by using an online queue. When it is your turn, the queue system will notify you and you will be able to join the meeting with the TA.


The required readings are all linked on the course website and freely available.

The class does not have a required textbook. We have listed readings for Introduction to Computer Security by Goodrich & Tamassia and The Craft of System Security by Smith & Marchesini, but these are entirely optional.


There will be one midterm exam and a final exam. Exams are mandatory and synchronous (everyone takes them at the same time).

We will offer an alternate exam time if you can’t take the exam at the scheduled time.

Both exams will be video proctored. Please see the exam logistics page for more details.

Collaboration is not allowed on exams.


There will be 7 homeworks, usually due on Friday night (11:59pm PT). Homeworks will be submitted electronically via Gradescope.

No late homeworks will be accepted, but we will drop your lowest homework score.

If you encounter extenuating circumstances, please let us know by filling out this form.


There will be three course projects. Projects can be done in groups of two or individually.

You have 6 slip days to use on projects. Slip days are rounded up to the nearest day (i.e. if you submit one minute past the deadline, it counts as using one slip day).

For projects with multiple submissions (e.g. code + write-up), slip days will be applied using the latest submission (i.e. if you submit code one day late and the write-up two days late, it counts as using two slip days).

We will automatically apply slip days at the end of the semester to maximize your total project score.

We will penalize late project submissions with no remaining slip days as follows:

If you encounter extenuating circumstances, please let us know by filling out this form.


There are two optional labs. These are shorter than projects, but longer than homeworks. You can replace your lab grade with your homework or project grade (whichever is greater).


We will compute grades from a weighted average, as follows:

The class as a whole is typically curved to the department guidelines for upper-division CS classes. Previous grade distributions on Berkeleytime are also good indicators of the curve.


If you have a question, the best way to contact us is via the class Piazza site. The staff (instructors and TAs) will check the site regularly.

If your question is personal or not of interest to other students, please mark the question as private: select “Post to: Individual Student(s)/Instructor(s)” at the top and then type “Instructors” in the field underneath it.

Collaboration Policy

We believe that most students can distinguish between helping other students understand course material and cheating. Explaining a subtle point from lecture or discussing course topics is an interaction that we encourage, but you must write your homework solution strictly by yourself. You must not ask for homework/project solutions on Stack Overflow or other online sites; although you may ask for help with conceptual questions. You must not receive help on assignments from students who have taken the course in previous years, and you must not review homework or project solutions from previous years.

You must ensure that your solutions will not be visible to other students. If you use Github or another source control system to store your solutions electronically, you must ensure your account is configured so your solutions are not publicly visible. If you use Github, it offers free private repositories that allow you to keep your solutions private; please use one.

Warning: Your attention is drawn to the Department’s Policy on Academic Dishonesty. In particular, you should be aware that copying or sharing solutions, in whole or in part, from other students in the class or any other source without acknowledgment constitutes cheating. Any student found to be cheating will (1) be referred to the Office of Student Conduct, (2) receive negative points on the assignment (i.e., worse than not doing it at all), and, depending on severity, (3) fail the course.


We will be discussing attacks in this class, some of them quite nasty. None of this is in any way an invitation to undertake these attacks in any fashion other than with informed consent of all involved and affected parties. The existence of a security hole is no excuse. These issues concern not only professional ethics, but also UCB policy and state and federal law. If there is any question in your mind about what conduct is allowable, contact the instructors first.