Course Schedule Fall 2025
This schedule is subject to change. Please check back frequently.
Part 1. Security Fundamentals
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Aug. 25 The security mindset Threat models, vulnerabilities, attacks; how to think like an attacker and a defender Threat Modeling Homework available
Crypto Project available
|
Aug. 27 Message integrity, pseudorandom functions Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs |
Readings: 1.1, 9.1, 1.3.4, 8.1.4, and 8.3 |
Sep. 1 Labor Day Holiday |
Sep. 3 Randomness and pseudorandomness Generating randomness, PRGs, one-time pads |
Readings: 1.3, 8.1, 6.5.2, and 8.5.1
Threat Modeling Homework due 11:59pm
|
Sep. 8 One-time Pad and stream ciphers Serial ciphers and pesudorandom pad generators |
Sep. 10 Block ciphers Simple ciphers, AES, block cipher modes |
Readings: 1.3.1, 8.2 |
Sep. 15 Public-key crypto RSA encryption, digital signatures, secret sharing Cryptanalysis Homework available
|
Sep. 17 Key exchange and key management Diffie-Hellman key exchange, man-in-the-middle attacks |
Readings: 1.3.2, 8.4, 8.5.2, and 8.2.4
Crypto Project due 11:59pm
|
Part 2. Host and Application Security
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Sep. 22 Security in practice: Bitcoin Decentralized tracking of money AppSec Project available
|
Sep. 24 Control hijacking, Part 1 Software architecture and a simple buffer overflow |
Readings: 1.4.4 and 3.4
Cryptanalysis Homework due 11:59pm
|
Sep. 29 Control hijacking, Part 2 Common exploitable application bugs, shellcode |
Oct. 1 Application testing Unit testing, fuzzing, and symbolic execution |
Readings: 9.4, 1.2, 3.1.4, 3.1.5, 3.2, 3.3, and 9.2 |
Oct. 6 Malware Viruses and worms, spyware, key loggers, and botnets; defenses |
Oct. 8 Defending weak applications Isolation, sandboxing, virtual machines |
Readings: Intel SGX Explained and Chapter 4
AppSec Project due 11:59pm
|
Part 3. Web and Network Security
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Oct. 13 Web architecture Intro to the web platform; HTTP, cookies, Javascript, etc. Fuzzing Project available
|
Oct. 15 HTTPS The SSL/TLS protocol and the CA ecosystem |
Reading: 7.1 |
Oct. 20 Web attacks and defenses Cookies; XSS, CSRF, and SQL-injection attacks and defenses |
Oct. 22 Internet architecture IP, forwarding, routing, DNS, BGP |
Readings: 7.2.6, 7.2.7, 7.3.3, and 5.1 |
Oct. 27 Network attacks and defenses 1 DoS Homework available
|
Oct. 29 Network attacks and defenses 2 |
Readings: Chapters 5 and 6
Fuzzing Project due 11:59pm
|
Nov. 3 Authentication and availability Passwords, online and offline guessing; denial of service Web Project available
|
Nov. 5 Security in practice: The Onion Router (Tor) Privacy, anonymity, and censorship resistance |
Readings: 1.4.2, 2.3, 3.3.2, and 9.6
DoS Homework due 11:59pm
|
Part 4. Hardware Security
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Nov. 10 Internet Scanning Z-Map |
Nov. 12 Side-channel attacks Timing attacks, power analysis, cold-boot attacks, defenses |
Reading: 2.4 |
Nov. 17 Hardware Security and Physical Uncloanable Functions Increasing trust in the foundation of computing Passwords Homework available
|
Nov. 19 Forensics Taint and blur, data recovery, incident response Networking Project available
|
Reading: 2.4.5
Web Project due 11:59pm
|
Thanksgiving Break November 22 – November 20
Part 5. Security in Practice
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Dec. 1 E-voting and Internet voting Analysis, vulnerabilities, viruses, defenses, auditing, policy Final Review Homework available
|
Dec. 3 Physical security and student-submitted hot topics Lock picking - Submit your topics to the professor |
Reading: 10.6 and Chapter 2
Passwords Homework due 11:59pm
|
Dec. 8 Final exam review |
Dec. 10 Assignment and Study Period: No lecture Final Review Homework due 11:59pm
Networking Project due 11:59pm
|
