Course Schedule Fall 2023
This schedule is subject to change. Please check back frequently.
Part 1. Security Fundamentals
| Monday | Wednesday | Friday |
|---|---|---|
|
Aug. 28 The security mindset Welcome, Threat models, how to think like an attacker and a defender, ethics |
Aug. 30 Crypto Basics Alice and Bob, hashes, HMACs, Length extension attacks |
Sep. 1 Crypto Basics Generating randomness, PRGs Homework 1 available |
Sep. 4 Labor Day; No class |
Sep. 6 Confidentiality One-time pad, ciphers from hashes/MACs |
Sep. 8 Confidentiality AES, Block ciphers, modes and padding oracle attacks |
Sep. 11 Key exchange Diffie-Hellman key exchange, man-in-the-middle attacks |
Sep. 13 Public-key crypto RSA encryption, digital signatures, secret sharing |
Sep. 15 Public-key crypto RSA attacks, drawbacks, and fixes |
Part 2. Web and Network Security
| Monday | Wednesday | Friday |
|---|---|---|
|
Sep. 18 Web Basics Crash course in HTML, CSS, and Javascript |
Sep. 20 Web Basics AJAX, Cookies, and threats Homework 1 due 11:59pm
|
Sep. 22 Web Basics Same origin policy |
Sep. 25 Web Attacks Client attacks and defenses: Cross site scripting (XSS) |
Sep. 27 Web Attacks Cross site request foregery (CSRF) |
Sep. 29 Web Attacks Server attacks and defenses: SQL / shell injection Crypto Project due 11:59pm
|
Oct. 2 HTTPS and TLS The TLS protocol |
Oct. 4 Public Key Infrastructure Certificates, Authorities (CAs), and Transparency (CT) |
Oct. 6 TLS Greatest Hits Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN |
Oct. 9 TLS Greatest Hits, continued Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN |
Oct. 11 Networking Basics How the Internet works: Getting packets from A to B |
Oct. 13 Networking Basics Routing, BGP, and threats Homework 2 due 11:59pm
|
Oct. 16 Network attacks and defenses ARP/IP spoofing, Network tools |
Oct. 18 Network attacks and defenses DNS poisoning, DoS attacks |
Oct. 20 Side-channel attacks Timing attacks, power analysis, defenses Web Project due 11:59pm
|
Part 3. Host and Application Security
| Monday | Wednesday | Friday |
|---|---|---|
|
Oct. 23 Control hijacking Software architecture in x86: the stack, and return addresses |
Oct. 25 Control hijacking Simple buffer overflow |
Oct. 27 Control hijacking Common exploitable application bugs, shellcode Introduce AppSec Project Homework 3 due 11:59pm
|
Oct. 30 Control hijacking Defenses: canaries, ASLR, DEP |
Nov. 1 Control hijacking, Part AAAAAAAAAAAAAAAAAAAAAA |
Nov. 3 Architecture Security Meltdown & Spectre Networking Project due 11:59pm
|
Part 4. Security in Context
| Monday | Wednesday | Friday |
|---|---|---|
|
Nov. 6 Voting Risks, audits, and public policy |
Nov. 8 Anonymity Tor, hidden services |
Nov. 10 Anonymity Tor attacks and defenses |
Nov. 13 Machine Learning Crash course on gradient descent |
Nov. 15 Machine Learning Adversarial examples |
Nov. 17 Machine Learning ML in Python AppSec Project due 11:59pm
|
Nov. 20 Fall break |
Nov. 22 Fall break |
Nov. 24 Fall break |
Nov. 27 Cryptocurrency Bitcoin, blockchains, and friends |
Nov. 29 Cryptocurrency Ethereum |
Dec. 1 'Smart' contracts Programming Ethereum and vulnerabilities Homework 4 due 11:59pm
|
Dec. 4 Online Privacy Online tracking, threats from “big data”, targeted snooping, differential privacy |
Dec. 6 Physical security Locks and safes, lock picking techniques; defenses |
Dec. 8 Internet censorship Censors, circumvention, and policies Homework 5 due 11:59pm
|
Dec. 11 Professor AMA Research or general security questions answered! |
Dec. 13 Final exam review ML Project due 11:59pm
|
