Course Schedule Spring 2018

This schedule is subject to change. Please check back frequently.

Part 1. Security Fundamentals

Tuesday Thursday
Jan. 16
The security mindset
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Homework 1 available
Jan. 18
Crypto Basics
Alice and Bob, Kerckhoffs's principle, hashes and MACs
Jan. 23
Randomness and pseudorandomness
Generating randomness, PRGs, basic confidentiality
Introduce Crypto Project
Jan. 25
One-time pad, Simple ciphers, AES, Block ciphers, padding oracle attacks
Homework 1 due 6pm
Jan. 30
Key exchange and key management
Diffie-Hellman key exchange, man-in-the-middle attacks
Homework 2 available
Feb. 1
Public-key crypto
RSA encryption, digital signatures, secret sharing

Part 2. Web and Network Security

Tuesday Thursday
Feb. 6
Web Basics 1
Introduce Web project
HTML, CSS, Javascript
Crypto Project due 6pm
Feb. 8
Web Basics 2
Same origin policy, cookies
Feb. 13
Web Attacks 1
Client attacks and defenses (XSS/CSRF)
Homework 2 due 6pm
Feb. 15
Web Attacks 2
Server attacks and defenses (SQL/shell injection)
Feb. 20
The TLS protocol, certificates and CAs
Feb. 22
TLS Greatest Hits
Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN
Homework 3 available
Web Project due 6pm
Feb. 27
No Class
Mar. 1
Networking Basics 1 (Guest Lecture)
How the Internet works: Routing and BGP
Mar. 6
Network attacks and defenses
ARP/IP spoofing, Network tools, DNS poisoning, DoS attacks
Mar. 8
Side-channel attacks
Timing attacks, power analysis, cold-boot attacks, defenses
Homework 4 available
Homework 3 due Friday, March 9

Part 3. Host and Application Security

Tuesday Thursday
Mar. 13
Control hijacking, Part 1
Software architecture and a simple buffer overflow
Mar. 15
Control hijacking, Part 2
Common exploitable application bugs, shellcode
Introduce AppSec Project
Mar. 20
Control hijacking, Part 3
Modern attacks and defenses, ROP, ASLR, JIT-spray
Mar. 22
Architecture Security
Meltdown & Spectre
Networking Project due 6pm
Mar. 27
Spring Break
Mar. 29
Spring Break
Apr. 3
Remailers, mixnets, metadata
Homework 4 due 6pm
Apr. 5
Anonymity (cont'd)
Tor, hidden services

Part 4. Security in Context

Tuesday Thursday
Apr. 10
Privacy and Surviellance
Online tracking, threats from “big data”, targeted snooping, differential privacy
Homework 5 available
Apr. 12
Risks, audits, and public policy
Apr. 17
Taint and blur, data recovery, incident response
Introduce Forensics project
AppSec Project due 6pm
Apr. 19
Security, law, and policy
Apr. 24
Internet Censorship
Censors, circumvention tools, and policy
Apr. 26
Bitcoin and friends
Homework 5 due 6pm
May. 1
Physical security
Locks and safes, lock picking techniques; defenses
Forensics Project due 6pm
May. 3
Final exam review

Final Exam   Tuesday, May 8th 4:30-6:00pm ECEE 1B32