Intro to Computer Security

EECS 398
Fall 2010

Course Schedule

The schedule is subject to change. Please check this page periodically.

Tuesday LectureThursday Lecture Friday EECS Discussion
Part 1. Security Fundamentals
Sept. 7 The Security Mindset
Threat models, vulnerabilities, attacks;
how to think like an attacker and a defender
Sept. 9 Message integrity, pseudorandom functions
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs
Sept. 10 (EECS) Intro to EECS discussion sect.
Introduce Homework 1
Basics of Python
Homework 1 available
Sept. 14 Randomness and pseudorandomness
Generating randomness, PRGs, one-time pads
Sept. 16 Block ciphers
Simple ciphers, AES, block cipher modes
Sept. 17 (EECS) Introduce Homework 2
Introduce Crypto Project
Crypto Project available
Homework 1 due 5pm
Homework 2 available
Sept. 21 Public-key crypto
RSA encryption, digital signatures, secret sharing
Sept. 23 Key exchange and key management
Diffie-Hellman key exchange, man-in-the-middle attacks
Sept. 24 (EECS) Return Homework 1
Discuss Crypto Project
Tuesday LectureThursday Lecture Friday EECS Discussion
Part 2. Web and Network Security
Sept. 28 Web architecture and HTTPS
The web security model, the SSL/TLS protocol, SSL certificates and CAs
Guest: Mark Segal (deputy director, laboratory for telecommunications sciences, NSA)
Sept. 30 Penetration testing
Evaluating web site security through role-playing exercises; advantages and limitations; a recent example
Oct. 1 (EECS) Introduce Homework 3
Discuss Crypto Project
Homework 2 due 5pm
Homework 3 available
Oct. 5* Web attacks
XSS, CSRF, and SQL-injection attacks
Oct. 7* Web defenses
Filtering and escaping; limitations
Oct. 8 (EECS) Return Homework 2
Introduce Web Project
Crypto Project due 5pm
Web Project available
Oct. 12 Password security
Strong and weak passwords, salting, password cracking, online vs. offline guessing
Oct. 14 Network attacks and defenses
advanced SSL attacks, dns forgery, phishing
Oct. 15 (EECS) Discuss Web Project
Midterm review
Homework 3 due Monday 10/18 at 5pm
Midterm Week
Oct. 19
No lecture — study break
Oct. 21 Control hijacking, Part 1
Software architecture and a simple buffer overflow
Oct. 22 (EECS)
Return Crypto Project
Return Homework 3
Introduce Homework 4
Discuss Web Project
Midterm available from Wed. at Noon
Midterm due Fri. at NOON
Homework 4 available
Tuesday LectureThursday Lecture Friday EECS Discussion
Part 3. Host and Application Security
Oct. 26 Control hijacking, Part 2
Common exploitable application bugs, shellcode
Oct. 28* Malware
Viruses and worms, spyware, key loggers, and botnets; defenses
Oct. 29 (EECS) Return Midterm
Introduce AppSec project
Web Project due 5pm
AppSec Project available
Nov. 2 Election day special: Electronic Voting
Analysis, vulnerabilities, viruses, defenses, auditing, policy
Nov. 4* Enterprise Security
Guest Lecturer: Paul Howell, (director – information & infrastructure assurance, UMich ITS)
Nov. 5 (EECS) Introduce Homework 5
Discuss AppSec Project
Homework 4 due 5pm
Homework 5 available
Nov. 9* Security, law, and public policy
Guest Lecturer: Cindy Cohn (legal director, EFF)
Nov. 11 Defending weak applications
Isolation, sandboxing, virtual machines
Nov. 12 (EECS) Return Web Project
Return Homework 4
Discuss AppSec Project
Tuesday LectureThursday Lecture Friday EECS Discussion
Part 4. Security in Context
Nov. 16 DRM and trusted computing
Defending applications against hosts
Nov. 18 Privacy
Online tracking, threats from “big data”, targeted snooping, differential privacy
Guest: TBA
Nov. 19 (EECS) Introduce Homework 6
Introduce Forensics Project
AppSec Project due 5pm
Forensics Project available
Homework 5 due 5pm
Homework 6 available
Nov. 23 Anonymity
Remailers, mixnets, TOR, Wikileaks, censorship resistance
Nov. 25 and 26
No lecture or discussions — Thanksgiving break
Nov. 30* Cancelled
Dec. 2* Forensics
Taint and blur, data recovery, incident response
Dec. 3 (EECS) Return Homework 5
Discuss Forensics Project
Homework 6 due 5pm
Dec. 7 Side-channel attacks
Timing attacks, power analysis, cold-boot attacks, defenses
Dec. 9 Security Today and Tomorrow
All questions answered.
Dec. 10 (EECS) Return Homework 6
Review Forensics Project
Final Review
Forensics Project due 5pm
Final available from Fri. at 5pm
Exam PeriodForensics project due Monday, Dec. 13 at 5pm
Take-home Final due Friday, Dec. 17 at 5pm