Course Schedule Winter 2023

Part 1. Security Fundamentals

Lectures Lab
GRUBBS Wednesday, Jan. 4
1. The Security Mindset Quiz
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender 		Jan. 5/Jan. 6
Introduce project
Python tutorial
Lab 1 available
GRUBBS Monday, Jan. 9
2. Message Integrity Quiz
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs
Crypto Project available
 GRUBBS Wednesday, Jan. 11
3. Randomness and Pseudorandomness Quiz
Generating randomness, PRGs, one-time pads
Lab 1 due 6 p.m.
 Jan. 12/Jan. 13
Length extension
Hash collisions
Monday, Jan. 16
No Lecture
Martin Luther King Jr. Day 		GRUBBS Wednesday, Jan. 18
4. Confidentiality Quiz
Simple ciphers, AES, block cipher modes
Crypto Project, Part 1 due 6 p.m.
 Jan. 19/Jan. 20
Review Part 1
Padding oracles
GRUBBS Monday, Jan. 23
5. Combining Confidentiality and Integrity Quiz
Confidentiality attacks, authenticated encryption 		GRUBBS Wednesday, Jan. 25
6. Key Exchange, Public-Key Cryptography Quiz
Diffie-Hellman, RSA encryption, digital signatures 		Jan. 26/Jan. 27
Bleichenbacher attacks

Part 2. Web and Network Security

Lectures Lab
HALDERMAN Monday, Jan. 30
7. The Web Platform Quiz
Intro to the web platform; HTTP, cookies, Javascript, etc. 		HALDERMAN Wednesday, Feb. 1
8. Web Attacks and Defenses Quiz
Cookies; XSS, CSRF, and SQL-injection attacks and defenses
Crypto Project, Part 2 due 6 p.m.
Web Project available
 Feb. 2/Feb. 3
Review Crypto Project
Introduce Web Project
SQL tutorial
SQL injection mechanics
Lab 2 available
HALDERMAN Monday, Feb. 6
9. HTTPS and the Web PKI Quiz
The TLS protocol and the CA ecosystem 		HALDERMAN Wednesday, Feb. 8
10. HTTPS Attacks and Defenses Quiz
Implementation flaws, social engineering attacks, and crypto failures
Lab 2 due 6 p.m.
 Feb. 9/Feb. 10
HTML and JavaScript tutorial
XSS and CSRF mechanics
HALDERMAN Monday, Feb. 13
11. Networking 101 Quiz
Protocol layers, Ethernet, IP, route hijacking, ARP spoofing 		HALDERMAN Wednesday, Feb. 15
12. Networking 102 Quiz
UDP, TCP, and DNS attacks
Networking Project available
 Feb. 16/Feb. 17
Review Web Project
Introduce Networking Project
Python sockets tutorial
Wireshark tutorial
Lab 3 available
HALDERMAN Monday, Feb. 20
13. Network Defense Quiz
Denial of service; firewalls, IDSes, VPNs, zero-trust 		STAFF Wednesday, Feb. 22
Midterm Review Session
Midterm Exam, Thursday, Feb. 23, 7–8:30 p.m.
 Feb. 23/Feb. 24
No Lab
“Spring” Break
Feb. 25–Mar. 5

Part 3. Host and Application Security

Lectures Lab
GRUBBS Monday, Mar. 6
14. Authentication and Passwords Quiz
Passwords, online and offline guessing 		GRUBBS Wednesday, Mar. 8
15. Malware Quiz
Viruses and worms, spyware, key loggers, and botnets; defenses 		Mar. 9/Mar. 10
Midterm exam discussion
Project help
STAFF Monday, Mar. 13
16. Control Hijacking, Part 1 Quiz
Software architecture and a simple buffer overflow 		STAFF Wednesday, Mar. 15
17. Control Hijacking, Part 2 Quiz
Common exploitable application bugs, shellcode
Networking Project due 6 p.m.
AppSec Project available
 Mar. 16/Mar. 17
Introduce AppSec Project
Binary exploitation primer
Lab 4 available
GRUBBS Monday, Mar. 20
18. Access Control and Isolation Quiz
Isolation, sandboxing, virtual machines, SGX, containers 		Only via Zoom GUEST Wednesday, Mar. 22
19. Machine Learning Security
Guest lecture by Prof. Nicolas Papernot
Lab 4 due 6 p.m.
 Mar. 23/Mar. 24
Shellcode
ROP exploitation
Ghidra tutorial
GRUBBS Monday, Mar. 27
20. Privacy and Anonymity Quiz
Online tracking; Tor, Signal, etc. 		HALDERMAN Wednesday, Mar. 29
21. Digital Forensics Quiz
Data collection, forensic analysis, anti-forensic techniques
AppSec Project due 6 p.m.
Forensics Project available
 Mar. 30/Mar. 31
Review AppSec Project
Introduce Forensics Project
Autopsy tutorial
Lab 5 available

Part 4. Security in Context

Lectures Lab
GUEST Monday, Apr. 3
22. Censorship and Circumvention Quiz
Internet censorship, geoblocking, censorship measurement, circumvention
Guest lecture by Prof. Roya Ensafi 		GUEST Wednesday, Apr. 5
23. Hacking, the Law, and Public Policy
Guest lecture by Brian Klein of Waymaker Law
Lab 5 due 6 p.m.
 Apr. 6/Apr. 7
No Lab
HALDERMAN Monday, Apr. 10
24. Election Cybersecurity Quiz
Vulnerabilities, defenses, policy 		HALDERMAN Wednesday, Apr. 12
25. Physical Security Quiz
Locks and safes, lock picking techniques; defenses 		Apr. 13/Apr. 14
Exam review
STAFF Monday, Apr. 17
Final Review Session
Wednesday, Apr. 19
Study Day
Forensics Project due 6 p.m.
Final Exam, Friday, Apr. 21, 7–9 p.m.