Course Schedule Spring 2020

This schedule is subject to change. Please check back frequently.

Part 1. Security Fundamentals

Tuesday Thursday
Jan. 14
The security mindset
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Homework 1 available
Jan. 16
Crypto Basics
Alice and Bob, Kerckhoffs's principle, hashes and MACs
Jan. 21
Randomness and pseudorandomness
Generating randomness, PRGs, basic confidentiality
Introduce Crypto Project
Jan. 23
One-time pad, Simple ciphers, AES, Block ciphers, padding oracle attacks
Homework 1 due 6pm
Jan. 28
Key exchange and key management
Diffie-Hellman key exchange, man-in-the-middle attacks
Homework 2 available
Jan. 30
Public-key crypto
RSA encryption, digital signatures, secret sharing

Part 2. Web and Network Security

Tuesday Thursday
Feb. 4
Web Basics 1
Introduce Web project
HTML, CSS, Javascript
Feb. 6
Web Basics 2
Same origin policy, cookies
Crypto Project due 6pm
Feb. 11
Web Attacks 1
Client attacks and defenses (XSS/CSRF)
Homework 2 due 6pm
Feb. 13
Web Attacks 2
Server attacks and defenses (SQL/shell injection)
Feb. 18
The TLS protocol, certificates and CAs
Feb. 20
TLS Greatest Hits
Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN
Homework 3 available
Feb. 25
No Class
Feb. 27
Networking Basics 1 (Guest Lecture)
How the Internet works: Routing and BGP
Mar. 3
Network attacks and defenses
ARP/IP spoofing, Network tools, DNS poisoning, DoS attacks
Mar. 5
Side-channel attacks
Timing attacks, power analysis, cold-boot attacks, defenses
Homework 4 available
Homework 3 due Friday, March 9

Part 3. Host and Application Security

Tuesday Thursday
Mar. 10
Control hijacking, Part 1
Software architecture and a simple buffer overflow
Mar. 12
Control hijacking, Part 2
Common exploitable application bugs, shellcode
Introduce AppSec Project
Mar. 17
Control hijacking, Part 3
Modern attacks and defenses, ROP, ASLR, JIT-spray
Mar. 19
Architecture Security
Meltdown & Spectre
Mar. 24
Spring Break
Mar. 26
Spring Break
Mar. 31
Remailers, mixnets, metadata
Apr. 2
Anonymity (cont'd)
Tor, hidden services

Part 4. Security in Context

Tuesday Thursday
Apr. 7
Privacy and Surviellance
Online tracking, threats from “big data”, targeted snooping, differential privacy
Homework 5 available
Networking Project due 6pm
Apr. 9
Risks, audits, and public policy
Apr. 14
Bitcoin and friends
Apr. 16
Security, law, and policy
AppSec Project due 6pm
Apr. 21
Internet Censorship
Censors, circumvention tools, and policy
Apr. 23
Government Surveillance
Nation state attacks, Snowden, and cyberwar
Homework 5 due 6pm
Apr. 28
Physical security
Locks and safes, lock picking techniques; defenses
Apr. 30
Final exam review

Final Exam   Sunday, May 3rd 4:30-7:00pm ECEE 1B32