Course Schedule
The schedule is subject to change. Please check this page periodically.
Tuesday Lecture | Thursday Lecture | Friday EECS Discussion | ||
---|---|---|---|---|
Part 1. Security Fundamentals | ||||
Sept. 7 The Security Mindset
Threat models, vulnerabilities, attacks;how to think like an attacker and a defender |
Sept. 9 Message integrity, pseudorandom functions
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs |
Sept. 10 (EECS)
Intro to EECS discussion sect. Introduce Homework 1 Basics of Python |
||
Homework 1 available | ||||
Sept. 14 Randomness and pseudorandomness
Generating randomness, PRGs, one-time pads |
Sept. 16 Block ciphers
Simple ciphers, AES, block cipher modes |
Sept. 17 (EECS)
Introduce Homework 2 Introduce Crypto Project |
||
Crypto Project available | Homework 1 due 5pm Homework 2 available |
|||
Sept. 21 Public-key crypto
RSA encryption, digital signatures, secret sharing |
Sept. 23 Key exchange and key management
Diffie-Hellman key exchange, man-in-the-middle attacks |
Sept. 24 (EECS)
Return Homework 1 Discuss Crypto Project |
||
Tuesday Lecture | Thursday Lecture | Friday EECS Discussion | ||
Part 2. Web and Network Security | ||||
Sept. 28 Web architecture and HTTPS
The web security model, the SSL/TLS protocol, SSL certificates and CAsGuest: Mark Segal (deputy director, laboratory for telecommunications sciences, NSA) |
Sept. 30 Penetration testing
Evaluating web site security through role-playing exercises; advantages and limitations; a recent example |
Oct. 1 (EECS)
Introduce Homework 3 Discuss Crypto Project |
||
Homework 2 due 5pm Homework 3 available |
||||
Oct. 5*
Web attacks
XSS, CSRF, and SQL-injection attacks |
Oct. 7* Web defenses
Filtering and escaping; limitations
|
Oct. 8 (EECS)
Return Homework 2 Introduce Web Project |
||
Crypto Project due 5pm Web Project available | ||||
Oct. 12 Password security
Strong and weak passwords, salting, password cracking, online vs. offline guessing
|
Oct. 14 Network attacks and defenses
advanced SSL attacks, dns forgery, phishing |
Oct. 15 (EECS)
Discuss Web Project |
||
Homework 3 due Monday 10/18 at 5pm |
||||
Midterm Week | ||||
Oct. 19 No lecture — study break |
Oct. 21 Control hijacking, Part 1
Software architecture and a simple buffer overflow |
Oct. 22 (EECS)
Return Crypto ProjectReturn Homework 3 Introduce Homework 4 Discuss Web Project |
||
Homework 4 available |
||||
Tuesday Lecture | Thursday Lecture | Friday EECS Discussion | ||
Part 3. Host and Application Security | ||||
Oct. 26 Control hijacking, Part 2
Common exploitable application bugs, shellcode |
Oct. 28* Malware
Viruses and worms, spyware, key loggers, and botnets; defenses |
Oct. 29 (EECS)
Introduce AppSec project |
||
Web Project due 5pm AppSec Project available | ||||
Nov. 2 Election day special: Electronic Voting
Analysis, vulnerabilities, viruses, defenses, auditing, policy |
Nov. 4* Enterprise Security
Guest Lecturer: Paul Howell, (director – information & infrastructure assurance, UMich ITS) |
Nov. 5 (EECS)
Introduce Homework 5 Discuss AppSec Project |
||
Homework 4 due 5pm Homework 5 available |
||||
Nov. 9* Security, law, and public policy
Guest Lecturer: Cindy Cohn (legal director, EFF) |
Nov. 11 Defending weak applications
Isolation, sandboxing, virtual machines |
Nov. 12 (EECS)
Return Web Project Return Homework 4 Discuss AppSec Project |
||
Tuesday Lecture | Thursday Lecture | Friday EECS Discussion | ||
Part 4. Security in Context | ||||
Nov. 16 DRM and trusted computing
Defending applications against hosts |
Nov. 18 Privacy
Online tracking, threats from “big data”, targeted snooping, differential privacyGuest: TBA |
Nov. 19 (EECS)
Introduce Homework 6 Introduce Forensics Project |
||
AppSec Project due 5pm Forensics Project available | Homework 5 due 5pm Homework 6 available |
|||
Nov. 23 Anonymity
Remailers, mixnets, TOR, Wikileaks, censorship resistance |
Nov. 25 and 26 No lecture or discussions — Thanksgiving break |
|||
Nov. 30* Cancelled
|
Dec. 2* Forensics
Taint and blur, data recovery, incident response |
Dec. 3 (EECS)
Return Homework 5 Discuss Forensics Project |
||
Homework 6 due 5pm |
||||
Dec. 7 Side-channel attacks
Timing attacks, power analysis, cold-boot attacks, defenses |
Dec. 9 Security Today and Tomorrow
All questions answered. |
Dec. 10 (EECS)
Return Homework 6 Final Review |
||
Final available from Fri. at 5pm |
||||
| ||||