Course Schedule Fall 2023
This schedule is subject to change. Please check back frequently.
Part 1. Security Fundamentals
| Tuesday Lecture | Thursday Lecture | Notes |
|---|---|---|
|
Aug. 22 The security mindset Threat models, vulnerabilities, attacks; how to think like an attacker and a defender Homework 1 available
|
Aug. 24 Message integrity, pseudorandom functions Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs |
Readings: 1.1, 9.1, 1.3.4, 8.1.4, and 8.3 |
Aug. 29 Randomness and pseudorandomness Generating randomness, PRGs, one-time pads Crypto Project available
|
Aug. 31 One-time Pad and stream ciphers Serial ciphers and pesudorandom pad generators Homework 1 due 11:59pm
|
Readings: 1.3, 8.1, 6.5.2, and 8.5.1 |
Sep. 5 Block ciphers Simple ciphers, AES, block cipher modes Homework 2 available
|
Sep. 7 Public-key crypto RSA encryption, digital signatures, secret sharing |
Readings: 1.3.1, 8.2 |
Sep. 12 Key exchange and key management Diffie-Hellman key exchange, man-in-the-middle attacks |
Sep. 14 Security in practice: Bitcoin Decentralized tracking of money Homework 2 due 11:59pm
|
Readings: 1.3.2, 8.4, 8.5.2, and 8.2.4 |
Part 2. Host and Application Security
| Tuesday Lecture | Thursday Lecture | Notes |
|---|---|---|
|
Sep. 19 Control hijacking, Part 1 Software architecture and a simple buffer overflow AppSec Project available
|
Sep. 21 Control hijacking, Part 2 Common exploitable application bugs, shellcode Crypto Project due 11:59pm
|
Readings: 1.4.4 and 3.4 |
Sep. 26 Application testing Unit testing, fuzzing, and symbolic execution |
Sep. 28 Malware Viruses and worms, spyware, key loggers, and botnets; defenses |
Oct. 3 Defending weak applications Isolation, sandboxing, virtual machines |
Readings: 9.4, 1.2, 3.1.4, 3.1.5, 3.2, 3.3, and 9.2 |
Oct. 5 Security in practice: Intel SGX Confidentiality and integrity with untrusted hosts. AppSec Project due 11:59pm
|
Readings: Intel SGX Explained and Chapter 4 |
Part 3. Web and Network Security
| Tuesday Lecture | Thursday Lecture | Notes |
|---|---|---|
|
Oct. 10 Web architecture Intro to the web platform; HTTP, cookies, Javascript, etc. Web Project available
|
Oct. 12 HTTPS The SSL/TLS protocol and the CA ecosystem |
Reading: 7.1 |
Oct. 17 Web attacks and defenses Cookies; XSS, CSRF, and SQL-injection attacks and defenses |
Oct. 19 Internet architecture IP, forwarding, routing, DNS, BGP |
Readings: 7.2.6, 7.2.7, 7.3.3, and 5.1 |
Oct. 24 Network attacks and defenses 1 Homework 3 available
|
Oct. 26 Network attacks and defenses 2 Web Project due 11:59pm
|
Readings: Chapters 5 and 6 |
Oct. 31 Authentication and availability Passwords, online and offline guessing; denial of service Homework 4 available
|
Nov. 2 Security in practice: The Onion Router (Tor) Privacy, anonymity, and censorship resistance Homework 3 due 11:59pm
|
Readings: 1.4.2, 2.3, 3.3.2, and 9.6 |
Part 4. Hardware Security
| Tuesday Lecture | Thursday Lecture | Notes |
|---|---|---|
|
Nov. 7 Internet Scanning Z-Map Networking Project available
|
Nov. 9 Side-channel attacks Timing attacks, power analysis, cold-boot attacks, defenses |
Reading: 2.4 |
Nov. 14 Hardware Security and Physical Uncloanable Functions Increasing trust in the foundation of computing |
Nov. 16 Forensics Taint and blur, data recovery, incident response Homework 4 due 11:59pm
|
Reading: 2.4.5 |
Thanksgiving Break November 18 – November 26
Part 5. Security in Practice
| Tuesday Lecture | Thursday Lecture | Notes |
|---|---|---|
|
Nov. 28 E-voting and Internet voting Analysis, vulnerabilities, viruses, defenses, auditing, policy Homework 5 available
Forensics Project available
|
Nov. 30 Physical security and student-submitted hot topics Lock picking - Submit your topics to the professor Networking Project due 11:59pm
|
Reading: 10.6 and Chapter 2 |
Dec. 5 Final exam review |
Dec. 7 Reading Day — No lecture Homework 5 due 11:59pm
Forensics Project due 11:59pm
|
