Course Schedule Winter 2025

Part 1. Security Fundamentals

Lectures Lab
GRUBBS Wednesday, Jan. 8
1. The Security Mindset Quiz
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Crypto Project available
Lab 1 available
 Jan. 7/Jan. 9/Jan. 10
Only pre-recorded video Introduce project
Python tutorial
GRUBBS Monday, Jan. 13
2. Message Integrity Quiz
Alice and Bob, crypto games, Kerckhoffs’s principle, hashes and MACs 		GRUBBS Wednesday, Jan. 15
3. Randomness and Pseudorandomness Quiz
Generating randomness, PRGs, one-time pads
Lab 1 due 6 p.m.
 Jan. 14/Jan. 16/Jan. 17
Length extension
Hash collisions
Monday, Jan. 20
No Lecture, MLK Day
GRUBBS Wednesday, Jan. 22
4. Confidentiality Quiz
Simple ciphers, AES, block cipher modes
Crypto Project, Part 1 due 6 p.m.
 Jan. 21/Jan. 23/Jan. 24
Review Part 1
Padding oracles
Bleichenbacher attacks
Pre-recorded GRUBBS Monday, Jan. 27
5. Combining Confidentiality and Integrity Quiz
Confidentiality attacks, authenticated encryption 		Pre-recorded GRUBBS Wednesday, Jan. 29
6. Key Exchange, Public-Key Cryptography Quiz
Diffie-Hellman, RSA encryption, digital signatures
Web Project available
Lab 2 available
 Jan. 28/Jan. 30/Jan. 31
Introduce Web Project
SQL tutorial
SQL injection mechanics

Part 2. Web and Network Security

Lectures Lab
ROY CHOWDHURY Monday, Feb. 3
7. The Web Platform Quiz
Intro to the web platform; HTTP, cookies, Javascript, etc. 		ROY CHOWDHURY Wednesday, Feb. 5
8. Web Attacks and Defenses Quiz
Cookies; XSS, CSRF, and SQL-injection attacks and defenses
Crypto Project, Part 2 due 6 p.m.
 Feb. 4/Feb. 6/Feb. 7
HTML and JavaScript tutorial
XSS and CSRF mechanics
GRUBBS Monday, Feb. 10
9. HTTPS and the Web PKI Quiz
The TLS protocol and the CA ecosystem 		GRUBBS Wednesday, Feb. 12
10. HTTPS Attacks and Defenses Quiz
Implementation flaws, social engineering attacks, and crypto failures
Lab 2 due 6 p.m.
Networking Project available
Lab 3 available
 Feb. 11/Feb. 13/Feb. 14
Introduce Networking Project
Python sockets tutorial
Wireshark tutorial
ROY CHOWDHURY Monday, Feb. 17
11. Networking 101 Quiz
Protocol layers, Ethernet, IP, route hijacking, ARP spoofing 		ROY CHOWDHURY Wednesday, Feb. 19
12. Networking 102 Quiz
UDP, TCP, and DNS attacks
Web Project due 6 p.m.
 Feb. 18/Feb. 20/Feb. 21
Midterm review
ROY CHOWDHURY Monday, Feb. 24
13. Network Defense Quiz
Denial of service; firewalls, IDSes, VPNs, zero-trust 		STAFF Wednesday, Feb. 26
Midterm Review Session
Lab 3 due 6 p.m.
Midterm Exam, Thursday, Feb. 27, 5–6:30 p.m.
 Feb. 25/Feb. 27/Feb. 28
No Lab
Monday, Mar. 3
Spring Break
Wednesday, Mar. 5
Spring Break
Mar. 4/Mar. 6/Mar. 7
Spring Break

Part 3. Host and Application Security

Lectures Lab
ROY CHOWDHURY Monday, Mar. 10
14. Authentication and Passwords Quiz
Passwords, online and offline guessing 		STAFF Wednesday, Mar. 12
15. Control Hijacking, Part 1 Quiz
Software architecture and a simple buffer overflow
Networking Project due 6 p.m.
AppSec Project available
Lab 4 available
 Mar. 11/Mar. 13/Mar. 14
Review Web Project
Introduce AppSec Project
Binary exploitation primer
Go over midterm exam
STAFF Monday, Mar. 17
16. Control Hijacking, Part 2 Quiz
Common exploitable application bugs, shellcode 		ROY CHOWDHURY Wednesday, Mar. 19
17. Access Control and Isolation Quiz
Isolation, sandboxing, virtual machines, SGX, containers
Lab 4 due 6 p.m.
 Mar. 18/Mar. 20/Mar. 21
Shellcode
ROP exploitation
Ghidra tutorial

Part 4. Privacy and Security in Context

Lectures Lab
ROY CHOWDHURY Monday, Mar. 24
18. Data Privacy, Part 1 Quiz
Privacy violations, privacy regulations 		ROY CHOWDHURY Wednesday, Mar. 26
19. Data Privacy, Part 2
Data anonymization, data aggregation 		Mar. 25/Mar. 27/Mar. 28
Project help
ROY CHOWDHURY Monday, Mar. 31
20. Data Privacy, Part 3
Privacy/Utility tradeoff, differential privacy
Forensics Project available
Lab 5 available
 ROY CHOWDHURY Wednesday, Apr. 2
21. Digital Forensics Quiz
Data collection, forensic analysis, anti-forensic techniques
AppSec Project due 6 p.m.
 Apr. 1/Apr. 3/Apr. 4
Introduce Forensics Project
Introduce Lab 5
Autopsy tutorial
GRUBBS Monday, Apr. 7
22. Malware Quiz
Viruses and worms, spyware, key loggers, and botnets; defenses 		GUEST Wednesday, Apr. 9
23. Censorship
Guest lecture by Prof. Roya Ensafi
Lab 5 due 6 p.m.
 Apr. 8/Apr. 10/Apr. 11
No Lab
GUEST Monday, Apr. 14
24. Machine Learning Security
Guest lecture by Prof. Eugene Bagdasarian 		GRUBBS Wednesday, Apr. 16
25. Physical Security Quiz
Locks and safes, lock picking techniques; defenses
(We recommend attending in person for hands-on demos) 		Apr. 15/Apr. 17/Apr. 18
Final review, Part 1
STAFF Monday, Apr. 21
Final Review, Part 2
Forensics Project due 6 p.m.
 Wednesday, Apr. 23
Study Day
Final Exam, Friday, April 25th at 7–9 p.m.