Course Schedule Winter 2019

This schedule is subject to change. Please check back frequently.

Part 1. Security Fundamentals

Monday Lecture Wednesday Lecture Lab
Jan. 9
The security mindset
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Homework 1 available
Introduce Homework 1
Intro and Python tutorial
Jan. 14
Message integrity, pseudorandom functions
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs
Jan. 16
Randomness and pseudorandomness
Generating randomness, PRGs, one-time pads
Homework 1 due 6pm
Homework 2 available
Crypto Project available
Review Homework 1
Introduce Crypto Project
Introduce Homework 2
Jan. 21
Martin Luther King, Jr. Day – No lecture
Jan. 23
Message confidentiality and block ciphers
Simple ciphers, AES, block cipher modes
Jan. 28
Confidentiality attacks, key exchanges
Diffie-Hellman key exchange, man-in-the-middle attacks
Jan. 30
Class Canceled
Homework 2 due 6pm
Review Homework 2
Project Help

Part 2. Web and Network Security

Monday Lecture Wednesday Lecture Lab
Feb. 4
Public-key crypto
RSA encryption, digital signatures, secret sharing
Feb. 6
Web architecture
Intro to the web platform; HTTP, cookies, Javascript, etc.
Crypto Project due 6pm
Web Project available
Review Crypto Project
Introduce Web Project
Web Tutorial
Feb. 11
Web attacks and defenses
Cookies; XSS, CSRF, and SQL-injection attacks and defenses
Feb. 13
Authentication and availability
Passwords, online and offline guessing; denial of service
Homework 3 available
Introduce Homework 3
Project Help
Feb. 18
The SSL/TLS protocol and the CA ecosystem
Feb. 20
Attacking HTTPS
Implementation flaws, social engineering attacks, and crypto failures
Web Project due 6pm
Networking Project available
Introduce Networking Project
Review Web Project
Project intro and homework help
Feb. 25
Networking 101
IP, forwarding, routing, DNS, BGP
Feb. 27
Network attacks and defenses
Too many to list
Homework 3 due 6pm
Homework 4 available
Review Homework 3
Introduce Homework 4
Project Help

“Spring” Break   March 2–March 10

Part 3. Host and Application Security

Monday Lecture Wednesday Lecture Lab
Mar. 11
Control hijacking, Part 1
Software architecture and a simple buffer overflow
Mar. 13
Control hijacking, Part 2
Common exploitable application bugs, shellcode
Networking Project due 6pm
AppSec Project available
Review Networking Project
Introduce AppSec Project
Buffer Overflow Tutorial
Mar. 18
Viruses and worms, spyware, key loggers, and botnets; defenses
Mar. 20
Election Cybersecurity
Analysis, vulnerabilities, viruses, defenses, auditing, policy
Homework 4 due 6pm
Review Homework 4
Project Help
Mar. 25
Access control and isolation
Isolation, sandboxing, virtual machines, SGX, Containers
Mar. 27
Spectre, Meltdown, etc.
Hardware vulnerabilities
Homework 5 available
Introduce Homework 5
Project Help

Part 4. Security in Context

Monday Lecture Wednesday Lecture Lab
Apr. 1
Side-Channel Analysis
Timing attacks, power analysis, cold-boot attacks, defenses
Apr. 3
Digital Forensics
Taint and blur, data recovery, incident response
AppSec Project due 6pm
Forensics Project available
Review AppSec Project
Introduce Forensics Project
Forensics Tutorial
Apr. 8
Privay, anonymity
Online tracking; surveillance; TOR, OTR, GPG, etc.
Apr. 10
The second crypto war, cyberwarfare, advanced persistent threats
Homework 5 due 6pm
Review Homework 5
Project Help
Apr. 15
Physical security
Locks and safes, lock picking techniques; defenses
Apr. 17
Censorship and Censorship Resistance
Internet censorship measurement, anticensorship techniques
Forensics Project due 6pm
Review Forensics Project
Project Help
Apr. 22
Final Exam Review
TA led exam review session
Apr. 24
Final Exam Studying
No Lab or Classes – Study!

Final Exam   Time: Tuesday, April 30, 7 – 9 PM , (Location: TBA)