Course Schedule Winter 2024

Part 1. Security Fundamentals

Lectures Lab
HONEYMAN Wednesday, Jan. 10
1. The Security Mindset Quiz
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Jan. 11/Jan. 12
No Lab
Monday, Jan. 15
No Lecture, MLK Day
GRUBBS Wednesday, Jan. 17
2. Message Integrity Quiz
Alice and Bob, crypto games, Kerckhoffs’s principle, hashes and MACs
Jan. 18/Jan. 19
Introduce project
Python tutorial
GRUBBS Monday, Jan. 22
3. Randomness and Pseudorandomness Quiz
Generating randomness, PRGs, one-time pads
GRUBBS Wednesday, Jan. 24
4. Confidentiality Quiz
Simple ciphers, AES, block cipher modes
Jan. 25/Jan. 26
Length extension
Hash collisions
GRUBBS Monday, Jan. 29
5. Combining Confidentiality and Integrity Quiz
Confidentiality attacks, authenticated encryption
GRUBBS Wednesday, Jan. 31
6. Key Exchange, Public-Key Cryptography Quiz
Diffie-Hellman, RSA encryption, digital signatures
Feb. 1/Feb. 2
Review Part 1
Padding oracles
Bleichenbacher attacks

Part 2. Web and Network Security

Lectures Lab
HONEYMAN Monday, Feb. 5
7. The Web Platform Quiz
Intro to the web platform; HTTP, cookies, Javascript, etc.
HONEYMAN Wednesday, Feb. 7
8. Web Attacks and Defenses Quiz
Cookies; XSS, CSRF, and SQL-injection attacks and defenses
Feb. 8/Feb. 9
Review Crypto Project
Introduce Web Project
SQL tutorial
SQL injection mechanics
HONEYMAN Monday, Feb. 12
9. HTTPS and the Web PKI Quiz
The TLS protocol and the CA ecosystem
GUEST Wednesday, Feb. 14
10. HTTPS Attacks and Defenses Quiz
Implementation flaws, social engineering attacks, and crypto failures
Feb. 15/Feb. 16
HTML and JavaScript tutorial
XSS and CSRF mechanics
HONEYMAN Monday, Feb. 19
11. Networking 101 Quiz
Protocol layers, Ethernet, IP, route hijacking, ARP spoofing
HONEYMAN Wednesday, Feb. 21
12. Networking 102 Quiz
UDP, TCP, and DNS attacks
Feb. 22/Feb. 23
Review Web Project
Introduce Networking Project
Python sockets tutorial
Wireshark tutorial
Monday, Feb. 26
Spring Break
Wednesday, Feb. 28
Spring Break
Feb. 29/Mar. 1
Spring Break
HONEYMAN Monday, Mar. 4
13. Network Defense Quiz
Denial of service; firewalls, IDSes, VPNs, zero-trust
STAFF Wednesday, Mar. 6
Midterm Review Session
Mar. 7/Mar. 8
No Lab
Friday, Mar. 8
Midterm Exam, Friday, Mar. 8, 7–9 p.m.

Part 3. Host and Application Security

Lectures Lab
HONEYMAN Monday, Mar. 11
15. Authentication and Passwords Quiz
Passwords, online and offline guessing
STAFF Wednesday, Mar. 13
16. Control Hijacking, Part 1 Quiz
Software architecture and a simple buffer overflow
AppSec Project available
Lab 4 available
Mar. 14/Mar. 15
Introduce AppSec Project
Binary exploitation primer
Go over midterm exam
STAFF Monday, Mar. 18
17. Control Hijacking, Part 2 Quiz
Common exploitable application bugs, shellcode
HONEYMAN Wednesday, Mar. 20
18. Malware Quiz
Viruses and worms, spyware, key loggers, and botnets; defenses
Lab 4 due 6 p.m.
Mar. 21/Mar. 22
ROP exploitation
Ghidra tutorial

Part 4. Security in Context

Lectures Lab
HONEYMAN Monday, Mar. 25
19. Access Control and Isolation Quiz
Isolation, sandboxing, virtual machines, SGX, containers
TBD Wednesday, Mar. 27
20. Election Cybersecurity Quiz
Vulnerabilities, defenses, policy
Mar. 28/Mar. 29
Project help
TBD Monday, Apr. 1
21. Machine Learning Security
TBD Wednesday, Apr. 3
22. Censorship and Circumvention Quiz
Internet censorship, geoblocking, censorship measurement, circumvention
AppSec Project due 6 p.m.
Forensics Project available
Lab 5 available
Apr. 4/Apr. 5
Review AppSec Project
Introduce Forensics Project
Autopsy tutorial
GRUBBS Monday, Apr. 8
23. Digital Forensics Quiz
Data collection, forensic analysis, anti-forensic techniques
GRUBBS Wednesday, Apr. 10
24. Privacy and Anonymity Quiz
Online tracking; Tor, Signal, etc.
Apr. 11/Apr. 12
No Lab
GRUBBS Monday, Apr. 15
25. Side Channels Quiz
Timing attacks, cache attacks, etc.
GRUBBS Wednesday, Apr. 17
26. Physical Security Quiz
Locks and safes, lock picking techniques; defenses
(We recommend attending in person for hands-on demos)
Lab 5 due 6 p.m.
Apr. 18/Apr. 19
Final review, Part 1
STAFF Monday, Apr. 22
Final Review, Part 2
Wednesday, Apr. 24
Study Day
Forensics Project due 6 p.m.
Monday, Apr. 29
Study Day
Final Exam, Friday, April 26th at 7–9 p.m.