Course Schedule Fall 2025

This schedule is subject to change. Please check back frequently.


Part 1. Security Fundamentals

Monday Wednesday Friday
Aug. 22
The security mindset
Welcome, Threat models, how to think like an attacker and a defender, ethics
Aug. 25
Crypto Basics
Alice and Bob, hashes, HMACs, Length extension attacks
Aug. 27
Crypto Basics
Generating randomness, PRGs
Homework 1 available
Aug. 29
Confidentiality
One-time pad, ciphers from hashes/MACs
Sep. 1
Labor Day; No class
Sep. 3
Confidentiality
AES, Block ciphers, modes and padding oracle attacks
Sep. 5
Key exchange
Diffie-Hellman key exchange, man-in-the-middle attacks
Sep. 8
Public-key crypto
RSA encryption, digital signatures, secret sharing
Sep. 10
Public-key crypto
RSA attacks, drawbacks, and fixes
Sep. 12
Web Basics
Crash course in HTML, CSS, and Javascript
Homework 1 due 11:59pm

Part 2. Web and Network Security

Monday Wednesday Friday
Sep. 15
Web Basics
AJAX, Cookies, and threats
Sep. 17
Web Basics
Same origin policy
Sep. 19
Web Attacks
Client attacks and defenses: Cross site scripting (XSS)
Crypto Project due 11:59pm
Sep. 22
Web Attacks
Cross site secripting and request foregery (XSS & CSRF)
Sep. 24
Web Attacks
Server attacks and defenses: SQL / shell injection
Sep. 26
No class
Sep. 29
HTTPS and TLS
The TLS protocol
Oct. 1
Public Key Infrastructure
Certificates, Authorities (CAs), and Transparency (CT)
Oct. 3
TLS' Greatest Hits
Attacks on TLS: Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN
Oct. 6
TLS Greatest Hits, continued
Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN
Oct. 8
Networking Basics
How the Internet works, packets, network monitoring
Oct. 10
Networking Basics
Routing, BGP, and threats
Homework 2 due 11:59pm
Oct. 13
Network attacks and defenses
ARP/IP spoofing, Network tools, DNS poisoning
Oct. 15
Side-channel attacks
Timing attacks, power analysis, defenses
Web Project due 11:59pm
Oct. 17
Midterm exam
In class, covering Crypto & Web projects

Part 3. Host and Application Security

Monday Wednesday Friday
Oct. 20
Control hijacking
Software architecture in x86: the stack, and return addresses
Oct. 22
Control hijacking
Simple buffer overflow
Oct. 24
Control hijacking
Common exploitable application bugs, shellcode
Homework 3 due 11:59pm
Oct. 27
Control hijacking
Defenses: canaries, ASLR, DEP
Oct. 29
Control hijacking, Part AAAAAAAAAAAAAAAAAAAAAA
Oct. 31
Computer architecture Security
Meltdown & Spectre, Rowhammer attacks
Networking Project due 11:59pm

Part 4. Security in Context

Monday Wednesday Friday
Nov. 3
Voting
Risks, audits, and public policy
Nov. 5
Cryptocurrency
Bitcoin, blockchains, and friends
Nov. 7
Cryptocurrency
Ethereum
Nov. 10
Machine Learning
Crash course on gradient descent
Nov. 12
Machine Learning
Adversarial examples
Nov. 14
Machine Learning
ML in Python
AppSec Project due 11:59pm
Nov. 17
'Smart' contracts
Programming Ethereum and vulnerabilities
Nov. 19
Online Privacy
Online tracking, threats from “big data”, targeted snooping, differential privacy
Nov. 21
Anonymity
Tor, hidden services, attacks and defenses
Homework 4 due 11:59pm
Nov. 24
Fall break
Nov. 26
Fall break
Nov. 28
Fall break
Dec. 1
Internet censorship, Professor AMA
Censors, circumvention, research Q&A
Dec. 3
Physical security
Locks and safes, lock picking techniques; defenses
Homework 5 due 11:59pm
Dec. 5
Final exam review
ML Project due 11:59pm

Final Exam   TBD