Course Schedule Winter 2020

Part 1. Security Fundamentals

Monday Lecture Wednesday Lecture Thurs./Fri. Lab
GENKIN Jan. 8
The security mindset
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Crypto Project available
Introduce Crypto Project
Python tutorial
GENKIN Jan. 13
Message integrity, pseudorandom functions
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs
GENKIN Jan. 15
Randomness and pseudorandomness
Generating randomness, PRGs, one-time pads
Project help
Jan. 20
Martin Luther King, Jr. Day — No lecture
GENKIN Jan. 22
Message confidentiality and block ciphers
Simple ciphers, AES, block cipher modes
Crypto Project, Part 1 due 6pm
Review Crypto Project
Crypto tutorial
GENKIN Jan. 27
Confidentiality attacks, key exchanges
Diffie-Hellman key exchange, man-in-the-middle attacks
GENKIN Jan. 29
Public-key crypto
RSA encryption, digital signatures, secret sharing
Project help

Part 2. Web and Network Security

Monday Lecture Wednesday Lecture Thurs./Fri. Lab
ENSAFI Feb. 3
Web security, part 1
Intro to the web platform; HTTP, cookies, Javascript
Web Project available
ENSAFI Feb. 5
Web security, part 2
XSS, CSRF, and SQL-injection
Crypto Project, Part 2 due 6pm
Introduce Web Project
Review Crypto Project
Web tutorial
ENSAFI Feb. 10
HTTPS
The TLS protocol and the CA ecosystem
ENSAFI Feb. 12
Attacking HTTPS
Implementation flaws, social engineering, crypto failures
Project help
ENSAFI Feb. 17
Network security, part 1
Networking Project available
ENSAFI Feb. 19
Network security, part 2
Web Project due 6pm
Introduce Networking Project
Review Web Project
Networking tutorial
HALDERMAN Feb. 24
Authentication and passwords
Password attacks and defenses, multifactor authentication
HALDERMAN Feb. 26
Malware
Spyware, ransomware, botnets, viruses, etc.; defenses
Project help

“Spring” Break   February 29–March 8

Part 3. Host and Application Security

Monday Lecture Wednesday Lecture Thurs./Fri. Lab
HALDERMAN Mar. 9
Election cybersecurity
Vulnerabilities, defenses, policy issues
ENSAFI Mar. 11
Privacy and anonymity
Online tracking and surveillance; defenses: TOR, Signal, etc.
Review Networking Project
STAFF Mar. 16
Control hijacking, Part 1
Software architecture and a simple buffer overflow
Networking Project due 6pm
AppSec Project available
STAFF Mar. 18
Control hijacking, Part 2
Common exploitable application bugs, shellcode
Introduce AppSec Project
Binary exploitation tutorial
HALDERMAN Mar. 23
Isolation and sandboxing
Processes, sandboxing, virtual machines, containers, SGX
GENKIN Mar. 25
Side-channel analysis
Timing attacks, power analysis, cold-boot attacks, defenses
Project help
GENKIN Mar. 30
Microarchitectural vulnerabilities
Meltdown, Spectre, etc.
Forensics Project available
HALDERMAN Apr. 1
Digital forensics
Forensic imaging, analysis, and investigation
AppSec Project due 6pm
Introduce Forensics Project
Review AppSec Project
Forensics tutorial

Part 4. Security in Context

Monday Lecture Wednesday Lecture Thurs./Fri. Lab
HALDERMAN Apr. 6
Cyberconflict
Nation-state attackers, cyberwarfare, APTs
ENSAFI Apr. 8
Censorship
Internet censorship, geoblocking, censorship measurement, anticensorship
Project help
HALDERMAN Apr. 13
Life in the post-Snowden era
Government surveillance and implications for security and privacy
HALDERMAN Apr. 15
Physical security
Locks and keys, lock picking techniques; defenses
Forensics Project due 6pm
Review Forensics Project
Exam review
STAFF Apr. 20
Exam review session

Final Exam   Friday, April 24, 7–9pm