Course Schedule
| Tuesday Lecture | Thursday Lecture | Friday Discussion | ||
|---|---|---|---|---|
| Part 1. Security Fundamentals | ||||
Sept. 6 The security mindset Threat models, vulnerabilities, attacks; how to think like an attacker and a defender | Sept. 8 Message integrity, pseudorandom functions Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs | Sept. 9 Introduce Homework 1 Python Tutorial | ||
Sept. 13 Randomness and pseudorandomness Generating randomness, PRGs, one-time pads | Sept. 15 Block ciphers Simple ciphers, AES, block cipher modes Homework 1 due 5pm | Sept. 16 Introduce Homework 2 | ||
Sept. 20 Public-key crypto RSA encryption, digital signatures, secret sharing | Sept. 22 Key exchange and key management Diffie-Hellman key exchange, man-in-the-middle attacks | Sept. 23 Return Homework 1 | ||
| Tuesday Lecture | Thursday Lecture | Friday Discussion | ||
| Part 2. Web and Network Security | ||||
Sept. 27* Web architecture and HTTPS The web security model, the SSL/TLS protocol, SSL certificates and CAs | Sept. 29 Penetration testing Evaluating web site security through role-playing exercises; advantages and limitations; a recent example Homework 2 due 5pm | Sept. 30 Introduce Homework 3 | ||
Oct. 4 Web attacks XSS, CSRF, and SQL-injection attacks | Oct. 6 Web defenses Filtering and escaping; limitations | Oct. 7 Return Homework 2 | ||
Oct. 11 Authentication and passwords Strong and weak passwords, salting, password cracking, online vs. offline guessing | Oct. 13 Network attacks and defenses, part 1 DNS forgery, phishing, unwanted traffic Homework 3 due 5pm | Oct. 14 Introduce Homework 4 Introduce Web Security Project | ||
Oct. 18Study break — no lecture | Oct. 20* Network attacks and defenses, part 2 | Oct. 21 Return Homework 3 | ||
| Tuesday Lecture | Thursday Lecture | Friday Discussion | ||
| Part 3. Host and Application Security | ||||
Oct. 25* Control hijacking, Part 1 Software architecture and a simple buffer overflow | Oct. 27* Control hijacking, Part 2 Common exploitable application bugs, shellcode | Oct. 28 Introduce Application Security Project | ||
Nov. 1 Malware Viruses and worms, spyware, key loggers, and botnets; defenses Web Security Project due 5pm | Nov. 3 Defending weak applications Isolation, sandboxing, virtual machines Homework 4 due 5pm | Nov. 4 Introduce Homework 5 | ||
Nov. 8 Election day special: Electronic Voting Analysis, vulnerabilities, viruses, defenses, auditing, policy | Nov. 10 Side-channel attacks Timing attacks, power analysis, cold-boot attacks, defenses | Nov. 11 Return Homework 4 Return Web Security Project | ||
| Tuesday Lecture | Thursday Lecture | Friday Discussion | ||
| Part 4. Security in Context | ||||
Nov. 15 DRM and trusted computing Defending applications against hosts | Nov. 17 Forensics Taint and blur, data recovery Homework 5 due 5pm | Nov. 18 Introduce Homework 6 Introduce Forensics Project | ||
Nov. 22 Security, law, and public policy Security and economics, security ethics, cyberwarfare Application Security Project due 5pm | Nov. 24Thanksgiving break — no lecture | Nov. 25Thanksgiving break | ||
Nov. 29 Privacy Online tracking, threats from “big data”, targeted snooping, differential privacy | Dec. 1* Anonymity Remailers, mixnets, TOR, Wikileaks, censorship resistance Homework 6 due 5pm | Dec. 2 Return Homework 5 Return Application Security Project | ||
Dec. 6 Incident response Guest Lecturer: Matthew Bing (ITS) | Dec. 8 Security today and tomorrow All questions answered Forensics Project due 5pm | Dec. 9 Return Homework 6 Introduce Take-home Final | ||
| ||||