Course Schedule Fall 2024
This schedule is subject to change. Please check back frequently.
Part 1. Security Fundamentals
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Aug. 26 The security mindset Threat models, vulnerabilities, attacks; how to think like an attacker and a defender Threat Modeling Homework available
Crypto Project available
|
Aug. 28 Message integrity, pseudorandom functions Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs |
Readings: 1.1, 9.1, 1.3.4, 8.1.4, and 8.3 |
Sep. 2 Labor Day Holiday |
Sep. 4 Randomness and pseudorandomness Generating randomness, PRGs, one-time pads |
Readings: 1.3, 8.1, 6.5.2, and 8.5.1
Threat Modeling Homework due 11:59pm
|
Sep. 9 One-time Pad and stream ciphers Serial ciphers and pesudorandom pad generators |
Sep. 11 Block ciphers Simple ciphers, AES, block cipher modes |
Readings: 1.3.1, 8.2 |
Sep. 16 Public-key crypto RSA encryption, digital signatures, secret sharing Cryptanalysis Homework available
|
Sep. 18 Key exchange and key management Diffie-Hellman key exchange, man-in-the-middle attacks |
Readings: 1.3.2, 8.4, 8.5.2, and 8.2.4
Crypto Project due 11:59pm
|
Part 2. Host and Application Security
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Sep. 23 Security in practice: Bitcoin Decentralized tracking of money AppSec Project available
|
Sep. 25 Control hijacking, Part 1 Software architecture and a simple buffer overflow |
Readings: 1.4.4 and 3.4
Cryptanalysis Homework due 11:59pm
|
Sep. 30 Control hijacking, Part 2 Common exploitable application bugs, shellcode |
Oct. 2 Application testing Unit testing, fuzzing, and symbolic execution |
Readings: 9.4, 1.2, 3.1.4, 3.1.5, 3.2, 3.3, and 9.2 |
Oct. 7 Malware Viruses and worms, spyware, key loggers, and botnets; defenses |
Oct. 9 Defending weak applications Isolation, sandboxing, virtual machines |
Readings: Intel SGX Explained and Chapter 4
AppSec Project due 11:59pm
|
Part 3. Web and Network Security
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Oct. 14 Web architecture Intro to the web platform; HTTP, cookies, Javascript, etc. Networking Project available
|
Oct. 16 HTTPS The SSL/TLS protocol and the CA ecosystem |
Reading: 7.1 |
Oct. 21 Web attacks and defenses Cookies; XSS, CSRF, and SQL-injection attacks and defenses |
Oct. 23 Internet architecture IP, forwarding, routing, DNS, BGP |
Readings: 7.2.6, 7.2.7, 7.3.3, and 5.1 |
Oct. 28 Network attacks and defenses 1 DoS Homework available
|
Oct. 30 Network attacks and defenses 2 |
Readings: Chapters 5 and 6
Networking Project due 11:59pm
|
Nov. 4 Authentication and availability Passwords, online and offline guessing; denial of service Web Project available
|
Nov. 6 Security in practice: The Onion Router (Tor) Privacy, anonymity, and censorship resistance |
Readings: 1.4.2, 2.3, 3.3.2, and 9.6
DoS Homework due 11:59pm
|
Part 4. Hardware Security
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Nov. 11 Internet Scanning Z-Map |
Nov. 13 Side-channel attacks Timing attacks, power analysis, cold-boot attacks, defenses |
Reading: 2.4 |
Nov. 18 Hardware Security and Physical Uncloanable Functions Increasing trust in the foundation of computing Passwords Homework available
|
Nov. 20 Forensics Taint and blur, data recovery, incident response Fuzzing Project available
|
Reading: 2.4.5
Web Project due 11:59pm
|
Thanksgiving Break November 23 – December 1
Part 5. Security in Practice
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Dec. 2 E-voting and Internet voting Analysis, vulnerabilities, viruses, defenses, auditing, policy Final Review Homework available
|
Dec. 4 Physical security and student-submitted hot topics Lock picking - Submit your topics to the professor |
Reading: 10.6 and Chapter 2
Passwords Homework due 11:59pm
|
Dec. 9 Final exam review |
Dec. 11 Assignment and Study Period: No lecture Final Review Homework due 11:59pm
Fuzzing Project due 11:59pm
|
