Course Schedule Fall 2024
Part 1. Security Fundamentals
| Lectures | Lab | |
|---|---|---|
|
HALDERMAN/CHEN
Tuesday, Aug. 27 1. The Security Mindset Threat models, vulnerabilities, attacks; how to think like an attacker and a defender |
HALDERMAN
Thursday, Aug. 29 2. Message Integrity Alice and Bob, crypto games, Kerckhoffs’s principle, hashes and MACs Crypto Project available
Lab 1 available
|
Aug. 30/Sep. 2 Only pre-recorded video Introduce project Python tutorial |
|
HALDERMAN
Tuesday, Sep. 3 3. Randomness and Pseudorandomness Generating randomness, PRGs, one-time pads |
HALDERMAN
Thursday, Sep. 5 4. Confidentiality Simple ciphers, AES, block cipher modes Lab 1 due 6 p.m.
|
Sep. 6/Sep. 9 Length extension Hash collisions |
|
HALDERMAN
Tuesday, Sep. 10 5. Combining Confidentiality and Integrity Confidentiality attacks, authenticated encryption |
HALDERMAN
Thursday, Sep. 12 6. Key Exchange, Public-Key Cryptography Diffie-Hellman, RSA encryption, digital signatures Crypto Project, Part 1 due 6 p.m.
|
Sep. 13/Sep. 16 Review Part 1 Padding oracles Bleichenbacher attacks |
Part 2. Web and Network Security
| Lectures | Lab | |
|---|---|---|
|
CHEN
Tuesday, Sep. 17 7. The Web Platform Intro to the web platform; HTTP, cookies, Javascript, etc. |
CHEN
Thursday, Sep. 19 8. Web Attacks and Defenses Cookies; XSS, CSRF, and SQL-injection attacks and defenses Crypto Project, Part 2 due 6 p.m.
Web Project available
Lab 2 available
|
Sep. 20/Sep. 23 Review Crypto Project Introduce Web Project SQL tutorial SQL injection mechanics |
|
HALDERMAN
Tuesday, Sep. 24 9. HTTPS and the Web PKI The TLS protocol and the CA ecosystem |
HALDERMAN
Thursday, Sep. 26 10. HTTPS Attacks and Defenses Implementation flaws, social engineering attacks, and crypto failures Lab 2 due 6 p.m.
|
Sep. 27/Sep. 30 HTML and JavaScript tutorial XSS and CSRF mechanics |
|
CHEN
Tuesday, Oct. 1 11. Networking 101 Protocol layers, Ethernet, IP, route hijacking, ARP spoofing |
CHEN
Thursday, Oct. 3 12. Networking 102 UDP, TCP, and DNS attacks Web Project due 6 p.m.
Networking Project available
Lab 3 available
|
Oct. 4/Oct. 7 Review Web Project Introduce Networking Project Python sockets tutorial Wireshark tutorial |
|
CHEN
Tuesday, Oct. 8 13. Network Defense Denial of service; firewalls, IDSes, VPNs, zero-trust |
CHEN
Thursday, Oct. 10 14. Authentication and Passwords Passwords, online and offline guessing Lab 3 due 6 p.m.
|
Oct. 11/Oct. 14 No Lab |
|
Tuesday, Oct. 15 No Lecture Study break |
STAFF
Thursday, Oct. 17 Midterm Review Session Midterm Exam, Friday, Oct. 18, 7–8:30 p.m.
|
Oct. 18/Oct. 21 No Lab |
Part 3. Host and Application Security
| Lectures | Lab | |
|---|---|---|
|
STAFF
Tuesday, Oct. 22 15. Control Hijacking, Part 1 Software architecture and a simple buffer overflow |
STAFF
Thursday, Oct. 24 16. Control Hijacking, Part 2 Common exploitable application bugs, shellcode Networking Project due 6 p.m.
AppSec Project available
Lab 4 available
|
Oct. 25/Oct. 28 Introduce AppSec Project Binary exploitation primer Go over midterm exam |
|
CHEN
Tuesday, Oct. 29 17. Malware Viruses and worms, spyware, key loggers, and botnets; defenses |
CHEN
Thursday, Oct. 31 18. Access Control and Isolation Isolation, sandboxing, virtual machines, SGX, containers Lab 4 due 6 p.m.
|
Nov. 1/Nov. 4 Shellcode ROP exploitation Ghidra tutorial |
|
HALDERMAN
Tuesday, Nov. 5 19. Election Cybersecurity Vulnerabilities, defenses, policy |
CHEN
Thursday, Nov. 7 20. Programmable in-network security Programmable networks, match/action processing, in-network defenses |
Nov. 8/Nov. 11 Project help |
|
CHEN
Tuesday, Nov. 12 21. Data center security Remote direct memory access, kernel bypass, access control; memory introspection. |
HALDERMAN
Thursday, Nov. 14 22. Digital Forensics Data collection, forensic analysis, anti-forensic techniques AppSec Project due 6 p.m.
Forensics Project available
Lab 5 available
|
Nov. 15/Nov. 18 Review AppSec Project Introduce Forensics Project Autopsy tutorial |
Part 4. Security in Context
| Lectures | Lab | |
|---|---|---|
|
GUEST
Tuesday, Nov. 19 23. Privacy and Anonymity Online tracking; Tor, Signal, etc. |
GUEST
Thursday, Nov. 21 24. Censorship and Circumvention Internet censorship, geoblocking, censorship measurement, circumvention Lab 5 due 6 p.m.
|
Nov. 22/Nov. 25 No Lab |
|
GUEST
Tuesday, Nov. 26 25. Machine Learning Security TBD |
Thursday, Nov. 28 Thanksgiving Break |
Nov. 29/Dec. 2 No Lab |
|
HALDERMAN
Tuesday, Dec. 3 26. Physical Security Locks and safes, lock picking techniques; defenses (We recommend attending in person for hands-on demos) |
STAFF
Thursday, Dec. 5 Final Review, Part 1 Forensics Project due 6 p.m.
|
Dec. 6/Dec. 9 Final review, Part 2 |
|
Tuesday, Dec. 10 Study Day |
Thursday, Dec. 12 Exam Period |
|
|
Tuesday, Dec. 17 Final Exam, 7–9 p.m.
|
||