Course Schedule Fall 2022
This schedule is subject to change. Please check back frequently.
Part 1. Security Fundamentals
| Monday | Wednesday | Friday |
|---|---|---|
|
Aug. 22 The security mindset Welcome, Threat models, how to think like an attacker and a defender, ethics |
Aug. 24 Course welcome; Crypto Basics Alice and Bob, hashes |
Aug. 26 Crypto Basics MACs and HMACs Homework 1 available |
Aug. 29 Crypto Basics Length extension attacks |
Aug. 31 Randomness and pseudorandomness Generating randomness, PRGs |
Sep. 2 Pseudorandomness Randomness in practice |
Sep. 5 Labor Day; No class |
Sep. 7 Confidentiality One-time pad, ciphers from hashes/MACs |
Sep. 9 Confidentiality AES, Block ciphers |
Sep. 12 Block cipher modes Cipher modes, and padding oracle attacks |
Sep. 14 Key exchange Diffie-Hellman key exchange, man-in-the-middle attacks Homework 2 available Homework 1 due 11:59pm
|
Sep. 16 Public-key crypto RSA encryption, digital signatures, secret sharing |
Part 2. Web and Network Security
| Monday | Wednesday | Friday |
|---|---|---|
|
Sep. 19 Public-key crypto RSA attacks, drawbacks, and fixes Crypto Project due 11:59pm
|
Sep. 21 Web Basics Crash course in HTML, CSS, and Javascript |
Sep. 23 Web Basics AJAX, Cookies, and threats |
Sep. 26 Web Basics Same origin policy |
Sep. 28 Web Attacks Client attacks and defenses: Cross site scripting (XSS) |
Sep. 30 Web Attacks Cross site request foregery (CSRF) |
Oct. 3 Web Attacks Server attacks and defenses: SQL / shell injection |
Oct. 5 HTTPS and TLS The TLS protocol |
Oct. 7 Public Key Infrastructure Certificates, Authorities (CAs), and Transparency (CT) Homework 2 due 11:59pm
|
Oct. 10 TLS Greatest Hits Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN |
Oct. 12 Networking Basics How the Internet works: Getting packets from A to B |
Oct. 14 Networking Basics Routing, BGP, and threats Web Project due 11:59pm
|
Oct. 17 Network attacks and defenses ARP/IP spoofing, Network tools |
Oct. 19 Network attacks and defenses DNS poisoning, DoS attacks |
Oct. 21 Side-channel attacks Timing attacks, power analysis, defenses |
Part 3. Host and Application Security
| Monday | Wednesday | Friday |
|---|---|---|
|
Oct. 24 Control hijacking Software architecture in x86: the stack, and return addresses |
Oct. 26 Control hijacking Simple buffer overflow |
Oct. 28 Control hijacking Common exploitable application bugs, shellcode Introduce AppSec Project Homework 3 due 11:59pm
|
Oct. 31 Control hijacking Defenses: canaries, ASLR, DEP |
Nov. 2 Control hijacking, Part AAAAAAAAAAAAAAAAAAAAAA |
Nov. 4 Architecture Security Meltdown & Spectre |
Part 4. Security in Context
| Monday | Wednesday | Friday |
|---|---|---|
|
Nov. 7 Anonymity Tor, hidden services Networking Project due 11:59pm
|
Nov. 9 Anonymity Tor attacks and defenses |
Nov. 11 Cryptocurrency Bitcoin, blockchains, and friends Homework 4 due 11:59pm
|
Nov. 14 Crytocurrency Bitcoin transactions and mining pools |
Nov. 16 Cryptocurrency Ethereum |
Nov. 18 'Smart' contracts Programming Ethereum and vulnerabilities |
Nov. 21 Fall break |
Nov. 23 Fall break |
Nov. 25 Fall break |
Nov. 28 Online Privacy Online tracking, threats from “big data”, targeted snooping, differential privacy |
Nov. 30 Physical security Locks and safes, lock picking techniques; defenses Homework 5 due 11:59pm
AppSec Project due 11:59pm
|
Dec. 2 Internet censorship Censors, circumvention, and policies |
Dec. 5 Professor AMA Research or general security questions answered! |
Dec. 7 Final exam review Blockchain Project due 11:59pm
|
