Course Schedule Fall 2019

This schedule is subject to change. Please check back frequently.

Part 1. Security Fundamentals

Tuesday Lecture Thursday Lecture Lab
Sep. 3
The security mindset
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Homework 1 available
Sep. 5
Message integrity, pseudorandom functions
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs
Introduce Homework 1
Intro and Python tutorial
Sep. 10
Randomness and pseudorandomness
Generating randomness, PRGs, one-time pads
Homework 1 due 6pm
Homework 2 available
Crypto Project available
Sep. 12
Message confidentiality and block ciphers
Simple ciphers, AES, block cipher modes
Review Homework 1
Introduce Crypto Project
Introduce Homework 2
Crypto means cryptography
Sep. 17
Confidentiality attacks, key exchanges
Diffie-Hellman key exchange, man-in-the-middle attacks
Sep. 19
Public-key crypto
RSA encryption, digital signatures, secret sharing
Project Help

Part 2. Web and Network Security

Tuesday Lecture Thursday Lecture Lab
Sep. 24
Web architecture
Intro to the web platform; HTTP, cookies, Javascript, etc.
Sep. 26
Web attacks and defenses
Cookies; XSS, CSRF, and SQL-injection attacks and defenses
Crypto Project due 6pm
Web Project available
Review Crypto Project
Introduce Web Project
Web Tutorial
Oct. 1
The SSL/TLS protocol and the CA ecosystem
Homework 2 due 6pm
Oct. 3
Attacking HTTPS
Implementation flaws, social engineering attacks, and crypto failures
Homework 3 available
Review Homework 2
Introduce Homework 3
Project Help
Oct. 8
Networking 101
IP, forwarding, routing, DNS, BGP
Oct. 10
Networking 102
IP, forwarding, routing, DNS, BGP
Web Project due 6pm
Networking Project available
Introduce Networking Project
Review Web Project
Project intro and homework help
Oct. 15
Fall study break
Oct. 17
Network attacks and defenses
Too many to list
Homework 3 due 6pm
Homework 4 available
Review Homework 3
Introduce Homework 4
Project Help

Part 3. Host and Application Security

Tuesday Lecture Thursday Lecture Lab
Oct. 22
Authentication and passwords
Password attacks and defenses, CAPTCHAs, multifactor authentication
Oct. 24
Control hijacking, Part 1
Software architecture and a simple buffer overflow
Networking Project due 6pm
AppSec Project available
Review Networking Project
Introduce AppSec Project
Buffer Overflow Tutorial
Oct. 29
Control hijacking, Part 2
Common exploitable application bugs, shellcode
Oct. 31
Digital Forensics
Taint and blur, data recovery, incident response
Homework 4 due 6pm
Review Homework 4
Project Help
Nov. 5
Election Cybersecurity
Analysis, vulnerabilities, viruses, defenses, auditing, policy
Nov. 7
Isolation and sandboxing
Processes, sandboxing, virtual machines, containers, SGX
Project Help
Nov. 12
Side-Channel Analysis
Timing attacks, power analysis, cold-boot attacks, defenses
Homework 5 available
Nov. 14
Spyware, ransomware, botnets, viruses, etc.; defenses
AppSec Project due 6pm
Introduce Homework 5
Review AppSec Project
Forensics Tutorial

Part 4. Security in Context

Tuesday Lecture Thursday Lecture Lab
Nov. 19
The second crypto war, cyberwarfare, advanced persistent threats
Forensics Project available
Nov. 21
Privacy and anonymity
Online tracking and surveillance; defenses: TOR, Signal, etc.
Introduce Forensics Project
Forensics Tutorial
Nov. 26
Spectre, Meltdown, etc.
Hardware vulnerabilities
Nov. 28
Project Help
Dec. 3
Physical security
Locks and keys, lock picking techniques; defenses
Homework 5 due 6pm
Dec. 5
Life in the post-Snowden era
Government spying and implications for security and crypto
Review Homework 5
Project Help
Dec. 10
Final Exam Review
TA led exam review session
Forensics Project due 6pm
Dec. 12
Final Exam Study Day
Review Forensics Project
No Lab or Classes – Study!

Final Exam   Time: Monday, December 16, 7 – 9 PM (Location: TBA)