Course Schedule Fall 2023

This schedule is subject to change. Please check back frequently.

Part 1. Security Fundamentals

Monday Wednesday Friday
Aug. 28
The security mindset
Welcome, Threat models, how to think like an attacker and a defender, ethics
Aug. 30
Crypto Basics
Alice and Bob, hashes, HMACs, Length extension attacks
Sep. 1
Crypto Basics
Generating randomness, PRGs
Homework 1 available
Sep. 4
Labor Day; No class
Sep. 6
One-time pad, ciphers from hashes/MACs
Sep. 8
AES, Block ciphers, modes and padding oracle attacks
Sep. 11
Key exchange
Diffie-Hellman key exchange, man-in-the-middle attacks
Sep. 13
Public-key crypto
RSA encryption, digital signatures, secret sharing
Sep. 15
Public-key crypto
RSA attacks, drawbacks, and fixes

Part 2. Web and Network Security

Monday Wednesday Friday
Sep. 18
Web Basics
Crash course in HTML, CSS, and Javascript
Sep. 20
Web Basics
AJAX, Cookies, and threats
Homework 1 due 11:59pm
Sep. 22
Web Basics
Same origin policy
Sep. 25
Web Attacks
Client attacks and defenses: Cross site scripting (XSS)
Sep. 27
Web Attacks
Cross site request foregery (CSRF)
Sep. 29
Web Attacks
Server attacks and defenses: SQL / shell injection
Crypto Project due 11:59pm
Oct. 2
The TLS protocol
Oct. 4
Public Key Infrastructure
Certificates, Authorities (CAs), and Transparency (CT)
Oct. 6
TLS Greatest Hits
Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN
Oct. 9
TLS Greatest Hits, continued
Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN
Oct. 11
Networking Basics
How the Internet works: Getting packets from A to B
Oct. 13
Networking Basics
Routing, BGP, and threats
Homework 2 due 11:59pm
Oct. 16
Network attacks and defenses
ARP/IP spoofing, Network tools
Oct. 18
Network attacks and defenses
DNS poisoning, DoS attacks
Oct. 20
Side-channel attacks
Timing attacks, power analysis, defenses
Web Project due 11:59pm

Part 3. Host and Application Security

Monday Wednesday Friday
Oct. 23
Control hijacking
Software architecture in x86: the stack, and return addresses
Oct. 25
Control hijacking
Simple buffer overflow
Oct. 27
Control hijacking
Common exploitable application bugs, shellcode
Introduce AppSec Project
Homework 3 due 11:59pm
Oct. 30
Control hijacking
Defenses: canaries, ASLR, DEP
Nov. 1
Nov. 3
Architecture Security
Meltdown & Spectre
Networking Project due 11:59pm

Part 4. Security in Context

Monday Wednesday Friday
Nov. 6
Risks, audits, and public policy
Nov. 8
Tor, hidden services
Nov. 10
Tor attacks and defenses
Nov. 13
Machine Learning
Crash course on gradient descent
Nov. 15
Machine Learning
Adversarial examples
Nov. 17
Machine Learning
ML in Python
AppSec Project due 11:59pm
Nov. 20
Fall break
Nov. 22
Fall break
Nov. 24
Fall break
Nov. 27
Bitcoin, blockchains, and friends
Nov. 29
Dec. 1
'Smart' contracts
Programming Ethereum and vulnerabilities
Homework 4 due 11:59pm
Dec. 4
Online Privacy
Online tracking, threats from “big data”, targeted snooping, differential privacy
Dec. 6
Physical security
Locks and safes, lock picking techniques; defenses
Dec. 8
Internet censorship
Censors, circumvention, and policies
Homework 5 due 11:59pm
Dec. 11
Professor AMA
Research or general security questions answered!
Dec. 13
Final exam review
ML Project due 11:59pm

Final Exam   Monday, Dec 18 1:30-3pm MT (in class)