Course Schedule Winter 2017
This schedule is subject to change. Please check back frequently.
Part 1. Security Fundamentals
| Monday Lecture | Wednesday Lecture | Lab |
|---|---|---|
|
Jan. 4 The security mindset Threat models, vulnerabilities, attacks; how to think like an attacker and a defender Homework 1 available
|
Introduce Homework 1 Python tutorial |
Jan. 9 Message integrity, pseudorandom functions Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs |
Jan. 11 Randomness and pseudorandomness Generating randomness, PRGs, one-time pads Homework 1 due 6pm
Homework 2 available
Crypto Project available
|
Review Homework 1 Introduce Crypto Project Introduce Homework 2 |
Jan. 16 Martin Luther King, Jr. Day – No lecture |
Jan. 18 Block ciphers Simple ciphers, AES, block cipher modes |
Project Help |
Jan. 23 Key exchange and key management Diffie-Hellman key exchange, man-in-the-middle attacks |
Jan. 25 Public-key crypto RSA encryption, digital signatures, secret sharing Homework 2 due 6pm
|
Review Homework 2 Project Help |
Part 2. Web and Network Security
| Monday Lecture | Wednesday Lecture | Lab |
|---|---|---|
|
Jan. 30 Web architecture Intro to the web platform; HTTP, cookies, Javascript, etc. |
Feb. 1 Web attacks and defenses Cookies; XSS, CSRF, and SQL-injection attacks and defenses Crypto Project due 6pm
Web Project available
|
Review Crypto Project Introduce Web Project Web Tutorial |
Feb. 6 HTTPS The SSL/TLS protocol and the CA ecosystem |
Feb. 8 Attacking HTTPS Implementation flaws, social engineering attacks, and crypto failures Homework 3 available
|
Introduce Homework 3 Project Help |
Feb. 13 Internet architecture IP, forwarding, routing, DNS, BGP |
Feb. 15 Network attacks and defenses Web Project due 6pm
Networking Project available
|
Introduce Networking Project Review Web Project |
Feb. 20 Authentication and availability Passwords, online and offline guessing; denial of service |
Feb. 22 Network probing Mapping and testing with Nmap and ZMap Homework 3 due 6pm
Homework 4 available
|
Review Homework 3 Introduce Homework 4 Project Help |
“Spring” Break February 25–March 5
Part 3. Host and Application Security
| Monday Lecture | Wednesday Lecture | Lab |
|---|---|---|
|
Mar. 6 Control hijacking, Part 1 Software architecture and a simple buffer overflow |
Mar. 8 Control hijacking, Part 2 Common exploitable application bugs, shellcode Networking Project due 6pm
AppSec Project available
|
Review Networking Project Introduce AppSec Project Buffer Overflow Tutorial |
Mar. 13 Side-channel attacks Timing attacks, power analysis, cold-boot attacks, defenses |
Mar. 15 Malware Viruses and worms, spyware, key loggers, and botnets; defenses Homework 4 due 6pm
|
Review Homework 4 Buffer Overflow Tutorial, part 2 |
Mar. 20 E-voting and Internet voting Analysis, vulnerabilities, viruses, defenses, auditing, policy |
Mar. 22 Defending weak applications Isolation, sandboxing, virtual machines Homework 5 available
|
Introduce Homework 5 Project Help |
Part 4. Security in Context
| Monday Lecture | Wednesday Lecture | Lab |
|---|---|---|
|
Mar. 27 Forensics Taint and blur, data recovery, incident response |
Mar. 29 Usable security Human factors, usability testing AppSec Project due 6pm
Forensics Project available
|
Review AppSec Project Introduce Forensics Project Forensics Tutorial |
Apr. 3 Securing the Internet of Things Medical device security, automotive security, etc. |
Apr. 5 Privacy, anonymity, and censorship resistance Online tracking; TOR, OTR, GPG, etc.; censorship and anticensorship |
Project Help |
Apr. 10 Life in the post-Snowden era Government spying and implications for security and crypto |
Apr. 12 All questions, answered Ask Prof. Halderman anything. Homework 5 due 6pm
|
Review Homework 5 Project Help |
Apr. 17 Physical security Locks and safes, lock picking techniques; defenses |
Apr. 19 Study day — No lecture Forensics Project due 6pm
|
Exam review session (TBA) |
