Prof. Steven M. Bellovin
Friday 10:10–12:40
545 Mudd
Office Hours
See my home page.


Computer Security II is an advanced course on computer and network security. It is intended for security specialists, people who design and assess security systems.


Andrew Felipe Quijano
Office hours: Sunday, 2:30-4:30, IA room: Mudd 122A.


Thinking Security: Stopping Next Year's Hackers, Steven M. Bellovin, Addison-Wesley, 2016, ISBN 0-13-427754-6, 0-13-427754-6. NOTE WELL: the book is currently only available as an ebook. It is not available on Amazon; while you can buy the ebook from other online bookstores, if you use the publisher's site link you get three different formats: a .mobi (which you can load onto a Kindle), an .epub (for Nooks, Apple's iBooks, and many other readers), and a .pdf. All of these are watermarked to the purchaser but there is no DRM locking it to any single device.
Optional (and free!) text
Security Engineering, Second Edition, Ross J. Anderson, Wiley, 2008, ISBN-13: 978-0470068526, ISBN-10: 0470068523.
Other readings
Some readings will be from primary source materials.
Readings are listed for each lecture.


Computer Security I or the permission of the instructor.


There will be one paper for each major unit. The lowest grade will be dropped.

Unless otherwise instructed, all homeworks must be written in C or C++. Java is not acceptable; don't bother asking.

Late assignments are subject to increasing penalties. There are no grace days or "free lates". See the slides from the first class for details.


There will be four or five homework assignments, a midterm, and a final. The final exam may be during the semester, if the registrar does not assign a slot for it.

All exams are open book. This means that there won't be any "define Foo" questions. Most questions will ask you to think and to integrate material from different lectures.

Final grades are curved.