Course Schedule Winter 2020
Part 1. Security Fundamentals
| Monday Lecture | Wednesday Lecture | Thurs./Fri. Lab |
|---|---|---|
|
GENKIN
Jan. 8 The security mindset Threat models, vulnerabilities, attacks; how to think like an attacker and a defender Crypto Project available
|
Introduce Crypto Project Python tutorial |
GENKIN
Jan. 13 Message integrity, pseudorandom functions Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs |
GENKIN
Jan. 15 Randomness and pseudorandomness Generating randomness, PRGs, one-time pads |
Project help |
Jan. 20 Martin Luther King, Jr. Day — No lecture |
GENKIN
Jan. 22 Message confidentiality and block ciphers Simple ciphers, AES, block cipher modes Crypto Project, Part 1 due 6pm
|
Review Crypto Project Crypto tutorial |
GENKIN
Jan. 27 Confidentiality attacks, key exchanges Diffie-Hellman key exchange, man-in-the-middle attacks |
GENKIN
Jan. 29 Public-key crypto RSA encryption, digital signatures, secret sharing |
Project help |
Part 2. Web and Network Security
| Monday Lecture | Wednesday Lecture | Thurs./Fri. Lab |
|---|---|---|
|
ENSAFI
Feb. 3 Web security, part 1 Intro to the web platform; HTTP, cookies, Javascript Web Project available
|
ENSAFI
Feb. 5 Web security, part 2 XSS, CSRF, and SQL-injection Crypto Project, Part 2 due 6pm
|
Introduce Web Project Review Crypto Project Web tutorial |
ENSAFI
Feb. 10 HTTPS The TLS protocol and the CA ecosystem |
HALDERMAN
Feb. 12 Attacking HTTPS Implementation flaws, social engineering, crypto failures |
Project help |
ENSAFI
Feb. 17 Network security, part 1 Networking Project available
|
ENSAFI
Feb. 19 Network security, part 2 Web Project due 6pm
|
Introduce Networking Project Review Web Project Networking tutorial |
HALDERMAN
Feb. 24 Authentication and passwords Password attacks and defenses, multifactor authentication |
HALDERMAN
Feb. 26 Malware Spyware, ransomware, botnets, viruses, etc.; defenses |
Project help |
“Spring” Break February 29–March 8
Part 3. Host and Application Security
| Monday Lecture | Wednesday Lecture | Thurs./Fri. Lab |
|---|---|---|
|
HALDERMAN
Mar. 9 Election cybersecurity Vulnerabilities, defenses, policy issues |
ENSAFI
Mar. 11 Privacy and anonymity Online tracking and surveillance; defenses: TOR, Signal, etc. Networking Project due 6pm
|
Review Networking Project |
STAFF
Mar. 16 Control hijacking, Part 1 Software architecture and a simple buffer overflow AppSec Project available
|
STAFF
Mar. 18 Control hijacking, Part 2 Common exploitable application bugs, shellcode |
Introduce AppSec Project Binary exploitation tutorial |
HALDERMAN
Mar. 23 Isolation and sandboxing Processes, sandboxing, virtual machines, containers, SGX |
GENKIN
Mar. 25 Side-channel analysis Timing attacks, power analysis, cold-boot attacks, defenses |
Project help |
GENKIN
Mar. 30 Microarchitectural vulnerabilities Meltdown, Spectre, etc. Forensics Project available
|
ENSAFI
Apr. 1 Digital forensics Forensic imaging, analysis, and investigation AppSec Project due 6pm
|
Introduce Forensics Project Review AppSec Project Forensics tutorial |
Part 4. Security in Context
| Monday Lecture | Wednesday Lecture | Thurs./Fri. Lab |
|---|---|---|
|
HALDERMAN
Apr. 6 Cyberconflict Nation-state attackers, cyberwarfare, APTs |
ENSAFI
Apr. 8 Censorship Internet censorship, geoblocking, censorship measurement, anticensorship |
Project help |
HALDERMAN
Apr. 13 Life in the post-Snowden era Government surveillance and implications for security and privacy |
HALDERMAN
Apr. 15 Physical security Locks and keys, lock picking techniques; defenses Forensics Project due 6pm
|
Review Forensics Project Exam review |
STAFF
Apr. 20 Exam review session |
Final Exam Friday, April 24, 7–9pm