Computer Systems Security

Instructor Insights

Instructor Interview

Below, Prof. Nickolai Zeldovich describes various aspects of how he teaches 6.5660 Computer Systems Security.

OCW: How do you use computer scripts to automate grading of student work in the course?

Nickolai Zeldovich: We try to automate as much of the grading process as possible: we try to write test cases that will check that the students address all of the challenging cases in their lab solutions, and give students full access to these test cases. This helps students understand what they might be doing wrong, in debugging why their lab solutions are failing our tests. This also provides a quick feedback cycle for the students, helping them iterate on their lab. We use Gradescope to run the same tests when students submit their lab, using them to compute the grade.

OCW: What is the role of the TAs, and how do you coordinate their teaching so that it complements your own?

Nickolai Zeldovich: The TAs in this class largely help students through office hours, which are a mix of in-person and Zoom-based. Zoom-based office hours work well in this class, since student questions often concern specific implementation problems they’re running into, and it’s easy for students to share their screen with the TA via Zoom. We have weekly staff meetings to sync up on the upcoming course material, what topics the TAs are encountering in office hours, and what issues from office hours we should bring up at upcoming lectures. The TAs also sometimes run “hands-on” lectures focusing on pragmatics of doing lab assignments, which is effectively a preemptive office hours session that tries to cover the issues we expect students might run into.

OCW: The syllabus includes a warning that the skills you teach in the class could potentially be used in unethical or illegal ways. How could computer science education be designed to ensure that students go on to be responsible users of technology?

Nickolai Zeldovich: From the perspective of this class, I think it’s important for students to understand what security vulnerabilities look like, how attacks work, what it takes to build a secure system and protect from attacks, etc. This helps students have an informed viewpoint on the responsibilities of building a secure system, on what might be reasonable measures that should be taken to protect security and privacy, etc.

OCW: What would you like to share about teaching 6.5660 that we haven’t yet addressed?

Nickolai Zeldovich: One broader point is that security provides a cross-cutting view of computer systems, since security vulnerabilities and attacks often cut across traditional layers of abstraction that developers use in building systems, both in hardware and software. As a result, understanding computer security helps students gain a better appreciation for computer systems as a whole, and how all of the layers and components of a system fit together, which is useful even if the students don’t end up working on security specifically.

Curriculum Information

Prerequisites

• 6.102 (formerly 6.005) Software Construction
• 6.180 (formerly 6.033) Computer Systems Engineering

Requirements Satisfied

• 6.5660 can be applied toward a Bachelor’s Degree in Electrical Engineering and Computer Science, but is not required.
• 6.5660 can be applied toward a Master’s or Doctorate Degree in Computer Science, but is not required.

Offered

Every spring semester

Assessment and Grading

Students’ grades were based on the following activities:

• 35% Two quizzes
• 55% Labs
• 10% Class participation and homework

Student Information

Enrollment

90 students

Student Background

The students were largely undergraduates (7% second-years, 36% third-years, and 44% fourth-years), with another 27% being grad students (a mix of MEng and PhD students). Most had exposure to computer systems in general, and some high-level understanding of security (e.g., from taking 6.1800). A small number had also taken the undergrad security class, 6.1600, though there wasn’t a big overlap between these two classes.

How Student Time Was Spent

During an average week, students were expected to spend 12 hours on the course, roughly divided as follows:

Lectures

• Met twice per week for 1.5 hours per session; 26 sessions total; mandatory attendance.

Labs

• Students spent about 6 hours per week working on the five self-paced lab assignments.

Out of Class

• Outside of class, students studied for quizzes, completed assigned readings, and (for each reading) wrote an answer to the preset lecture question as well as posing one question of their own.