Course Schedule Fall 2022

This schedule is subject to change. Please check back frequently.

Part 1. Security Fundamentals

Monday Wednesday Friday
Aug. 22
The security mindset
Welcome, Threat models, how to think like an attacker and a defender, ethics
Aug. 24
Course welcome; Crypto Basics
Alice and Bob, hashes
Aug. 26
Crypto Basics
MACs and HMACs
Homework 1 available
Aug. 29
Crypto Basics
Length extension attacks
Aug. 31
Randomness and pseudorandomness
Generating randomness, PRGs
Sep. 2
Randomness in practice
Sep. 5
Labor Day; No class
Sep. 7
One-time pad, ciphers from hashes/MACs
Sep. 9
AES, Block ciphers
Sep. 12
Block cipher modes
Cipher modes, and padding oracle attacks
Sep. 14
Key exchange
Diffie-Hellman key exchange, man-in-the-middle attacks
Homework 2 available
Homework 1 due 11:59pm
Sep. 16
Public-key crypto
RSA encryption, digital signatures, secret sharing

Part 2. Web and Network Security

Monday Wednesday Friday
Sep. 19
Public-key crypto
RSA attacks, drawbacks, and fixes
Crypto Project due 11:59pm
Sep. 21
Web Basics
Crash course in HTML, CSS, and Javascript
Sep. 23
Web Basics
AJAX, Cookies, and threats
Sep. 26
Web Basics
Same origin policy
Sep. 28
Web Attacks
Client attacks and defenses: Cross site scripting (XSS)
Sep. 30
Web Attacks
Cross site request foregery (CSRF)
Oct. 3
Web Attacks
Server attacks and defenses: SQL / shell injection
Oct. 5
The TLS protocol
Oct. 7
Public Key Infrastructure
Certificates, Authorities (CAs), and Transparency (CT)
Homework 2 due 11:59pm
Oct. 10
TLS Greatest Hits
Null Prefix, BEAST, CRIME, POODLE, Heartbleed, Logjam, FREAK, DROWN
Oct. 12
Networking Basics
How the Internet works: Getting packets from A to B
Oct. 14
Networking Basics
Routing, BGP, and threats
Web Project due 11:59pm
Oct. 17
Network attacks and defenses
ARP/IP spoofing, Network tools
Oct. 19
Network attacks and defenses
DNS poisoning, DoS attacks
Oct. 21
Side-channel attacks
Timing attacks, power analysis, defenses

Part 3. Host and Application Security

Monday Wednesday Friday
Oct. 24
Control hijacking
Software architecture in x86: the stack, and return addresses
Oct. 26
Control hijacking
Simple buffer overflow
Oct. 28
Control hijacking
Common exploitable application bugs, shellcode
Introduce AppSec Project
Homework 3 due 11:59pm
Oct. 31
Control hijacking
Defenses: canaries, ASLR, DEP
Nov. 2
Nov. 4
Architecture Security
Meltdown & Spectre

Part 4. Security in Context

Monday Wednesday Friday
Nov. 7
Tor, hidden services
Networking Project due 11:59pm
Nov. 9
Tor attacks and defenses
Nov. 11
Bitcoin, blockchains, and friends
Homework 4 due 11:59pm
Nov. 14
Bitcoin transactions and mining pools
Nov. 16
Nov. 18
'Smart' contracts
Programming Ethereum and vulnerabilities
Nov. 21
Fall break
Nov. 23
Fall break
Nov. 25
Fall break
Nov. 28
Online Privacy
Online tracking, threats from “big data”, targeted snooping, differential privacy
Nov. 30
Physical security
Locks and safes, lock picking techniques; defenses
Homework 5 due 11:59pm
AppSec Project due 11:59pm
Dec. 2
Internet censorship
Censors, circumvention, and policies
Dec. 5
Professor AMA
Research or general security questions answered!
Dec. 7
Final exam review
Blockchain Project due 11:59pm

Final Exam   Sunday, Dec 11 7:30-9:00pm MT (in class)