Course Schedule Fall 2016

This schedule is subject to change. Please check back frequently.

Part 1. Security Fundamentals

Tuesday Lecture Thursday Lecture Lab
Sep. 6
The security mindset
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Sep. 8
Message integrity, pseudorandom functions
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs
Introduce Homework 1
Introduce Crypto Project
Python tutorial
Sep. 13
Randomness and pseudorandomness
Generating randomness, PRGs, one-time pads
Sep. 15
Block ciphers
Simple ciphers, AES, block cipher modes
Homework 1 due 6pm
Review Homework 1
Introduce Homework 2
Sep. 20
Key exchange and key management
Diffie-Hellman key exchange, man-in-the-middle attacks
Sep. 22
Public-key crypto
RSA encryption, digital signatures, secret sharing
Homework 2 due 6pm
Review Homework 2
Project Help

Part 2. Web and Network Security

Tuesday Lecture Thursday Lecture Lab
Sep. 27
Web architecture
Intro to the web platform; HTTP, cookies, Javascript, etc.
Sep. 29
Web attacks and defenses
Cookies; XSS, CSRF, and SQL-injection attacks and defenses
Crypto Project due 6pm
Review Crypto Project
Introduce Web Project
Web Tutorial
Oct. 4
The SSL/TLS protocol and the CA ecosystem
Oct. 6
Attacking HTTPS
Implementation flaws, social engineering attacks, and crypto failures
Introduce Homework 3
Project Help
Oct. 11
Internet architecture
IP, forwarding, routing, DNS, BGP
Oct. 13
Network attacks and defenses
Web Project due 6pm
No labs 10/14 or 10/17
Oct. 18
Study break — No lecture
Oct. 20
Authentication and availability
Passwords, online and offline guessing; denial of service
Homework 3 due 6pm
Introduce Networking Project
Review Web Project
Review Homework 3
Introduce Homework 4

Part 3. Host and Application Security

Tuesday Lecture Thursday Lecture Lab
Oct. 25
Control hijacking, Part 1
Software architecture and a simple buffer overflow
Oct. 27
Control hijacking, Part 2
Common exploitable application bugs, shellcode
Introduce AppSec Project
Buffer Overflow Tutorial
Nov. 1
Side-channel attacks
Timing attacks, power analysis, cold-boot attacks, defenses
Nov. 3
Viruses and worms, spyware, key loggers, and botnets; defenses
Networking Project due 6pm
Review Networking Project
Buffer Overflow Tutorial, part 2
Nov. 8
Election day special: E-voting and Internet voting
Analysis, vulnerabilities, viruses, defenses, auditing, policy
Nov. 10
Defending weak applications
Isolation, sandboxing, virtual machines
Homework 4 due 6pm
Review Homework 4
Introduce Homework 5
Project Help

Part 4. Security in Context

Tuesday Lecture Thursday Lecture Lab
Nov. 15
Network probing
Mapping and testing with Nmap and ZMap
Nov. 17
Taint and blur, data recovery, incident response
AppSec Project due 6pm
Review AppSec Project
Introduce Forensics Project
Forensics Tutorial
Nov. 22
Cyber warfare; international incidents, doctrine, and public policy
Nov. 24
Thanksgiving break — No lecture
No labs 11/25 or 11/28
Nov. 29
Privacy, anonymity, and censorship resistance
Online tracking; TOR, OTR, GPG, etc.; censorship and anticensorship
Dec. 1
Securing the Internet of Things
Medical device security, automotive security, etc.
Homework 5 due 6pm
Review Homework 5
Project Help
Dec. 6
Physical security
Locks and safes, lock picking techniques; defenses
Dec. 8
Life in the post-Snowden era
Government spying and implications for security and crypto
Forensics Project due 6pm
Review Forensics Project
Exam Prep
Dec. 13
Final exam review

Final Exam   Thursday, December 15, 7–9 PM