Course Schedule
Since this is a new course, the schedule is subject to change. Please check this page frequently.
| Tuesday Lecture | Thursday Lecture |
|---|---|
| Part 1. The Security Mindset | Sept. 8 Thinking like the bad guy (Halderman)
Kinds of attackers, weaknesses, vulnerabilities, modeling threats |
Sept. 10 Thinking as the good guy (Halderman)
Secure design, risk assessment, cost/benefit analysis
Homework 1 available |
| Part 2. Useful Cryptography | |
Sept. 15 Secret-key encryption (Honeyman)
One-time pads, block ciphers, AES
| Sept. 17 Public-key encryption (Honeyman)
Diffie-Hellman key exchange, RSA encryption and signatures
Homework 1 due 5pm
Homework 2 available |
Sept. 22 Message integrity (Honeyman)
Hashes and MACs |
Sept. 24 Protocols (Honeyman)
PRNGs, secure channels
Crypto Project available |
| Part 3. Web and Network Security | |
Sept. 29 Web architecture (Halderman)
The web security model, user authentication, session management |
Oct. 1 SSL (Halderman)
Overview, goals, PKI, usage, limitations
Homework 2 due 5pm |
Oct. 6 Web attacks and defenses (Halderman)
XSS, CSRF, and SQL injection attacks, passwords, phishing |
Oct. 8 Network protocol security (Honeyman)
Ethernet, WiFi, and TCP/IP
|
Oct. 13 Unwanted traffic (Halderman)
Spam and denial-of-service attacks
Web Project available |
Oct. 15 Network defenses (Honeyman)
Firewalls and filters, VPNs, intrusion detection, port scanning
|
| Midterm Week | |
Oct. 20 No lecture &mdash study break |
Oct. 22 No lecture — work on take-home midterm |
| Part 4. Application Security | |
Oct. 27 Control hijacking (Halderman)
Common software bugs and their exploitation
Homework 4 available |
Oct. 29 Avoiding vulnerabilities (Honeyman)
Safer programming techniques and tools
Web Project due 5pm
AppSec Project available |
Nov. 3 Defending weak applications (Honeyman)
Isolation, sandboxing, virtual machines |
Nov. 5 Malware (Halderman)
Viruses and worms, spyware, key loggers, and botnets; defenses
Homework 4 due 5pm
Homework 5 available |
| Part 5. Host Security | |
Nov. 10 Enterprise security (Paul Howell)
Security practices at U-M |
Nov. 12 UNIX security (Honeyman)
Architecture overview; authentication, authorization, and audit; NFS; package management
Homework 5 due 5pm |
Nov. 17 DRM and trusted computing (Halderman)
Defending applications against hosts |
Nov. 19 Forensics and incident response (Charles Antonelli)
AppSec Project due 5pm
Homework 6 available |
Nov. 24 Windows security (TBA)
Authentication, authorization, and audit; group policy, patching, practical security
Forensics Project available |
Nov. 26 No lecture — Thanksgiving break |
| Part 6. Security in Context | |
Dec. 1 Privacy and anonymity (Honeyman)
|
Dec. 3 Electronic voting (Halderman)
Homework 6 due 5pm |
Dec. 8 Security and economics (Honeyman)
|
Dec. 10 Security, law, and public policy (Halderman)
Forensics Project due 5pm |
| FINAL during exam period | |