Course Schedule Fall 2022

Part 1. Security Fundamentals

Lectures Lab
HALDERMAN/ENSAFI Tuesday, Aug. 30
1. The Security Mindset Quiz
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender 		HALDERMAN Thursday, Sep. 1
2. Message Integrity Quiz
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs
Crypto Project available
 Sep. 2/Sep. 5
Only pre-recorded video Introduce project
Python tutorial
Lab 1 available
HALDERMAN Tuesday, Sep. 6
3. Randomness and Pseudorandomness Quiz
Generating randomness, PRGs, one-time pads 		HALDERMAN Thursday, Sep. 8
4. Confidentiality Quiz
Simple ciphers, AES, block cipher modes
Lab 1 due 6 p.m.
 Sep. 9/Sep. 12
Length extension
Hash collisions
HALDERMAN Tuesday, Sep. 13
5. Combining Confidentiality and Integrity Quiz
Confidentiality attacks, authenticated encryption 		HALDERMAN Thursday, Sep. 15
6. Key Exchange, Public-Key Cryptography Quiz
Diffie-Hellman, RSA encryption, digital signatures
Crypto Project, Part 1 due 6 p.m.
 Sep. 16/Sep. 19
Review Part 1
Padding oracles
Bleichenbacher attacks

Part 2. Web and Network Security

Lectures Lab
ENSAFI Tuesday, Sep. 20
7. Web Platform Quiz
Intro to the web platform; HTTP, cookies, Javascript, etc. 		ENSAFI Thursday, Sep. 22
8. Web Attacks and Defenses Quiz
Cookies; XSS, CSRF, and SQL-injection attacks and defenses
Crypto Project, Part 2 due 6 p.m.
Web Project available
 Sep. 23/Sep. 26
Review Crypto Project
Introduce Web Project
SQL tutorial
SQL injection mechanics
Lab 2 available
HALDERMAN Tuesday, Sep. 27
9. HTTPS and the Web PKI Quiz
The TLS protocol and the CA ecosystem 		HALDERMAN Thursday, Sep. 29
10. HTTPS Attacks and Defenses Quiz
Implementation flaws, social engineering attacks, and crypto failures
Lab 2 due 6 p.m.
 Sep. 30/Oct. 3
HTML and JavaScript tutorial
XSS and CSRF mechanics
ENSAFI Tuesday, Oct. 4
11. Networking 101 Quiz
IP, forwarding, routing, DNS, BGP 		ENSAFI Thursday, Oct. 6
12. Network Attacks and Defenses Quiz
ARP spoofing, DNS attacks, denial of service
Web Project due 6 p.m.
Networking Project available
 Oct. 7/Oct. 10
Review Web Project
Introduce Networking Project
Python sockets tutorial
Wireshark tutorial
Lab 3 available
ENSAFI Tuesday, Oct. 11
13. Protocol Security Quiz
Firewalls, IDSes, VPNs, zero-trust 		ENSAFI Thursday, Oct. 13
14. Authentication and Passwords Quiz
Passwords, online and offline guessing
Lab 3 due 6 p.m.
 Oct. 14/Oct. 17
No Lab
Tuesday, Oct. 18
No Lecture
Study break 		STAFF Thursday, Oct. 20
Midterm Review Session
Midterm Exam, Friday, Oct. 21, 5:30–7 p.m.
 Oct. 21/Oct. 24
No Lab

Part 3. Host and Application Security

Lectures Lab
STAFF Tuesday, Oct. 25
15. Control Hijacking, Part 1 Quiz
Software architecture and a simple buffer overflow 		STAFF Thursday, Oct. 27
16. Control Hijacking, Part 2 Quiz
Common exploitable application bugs, shellcode
AppSec Project available
 Oct. 28/Oct. 31
Introduce AppSec Project
Binary exploitation primer
Lab 4 available
Only via Zoom GUEST Tuesday, Nov. 1
17. Malware
Viruses and worms, spyware, key loggers, and botnets; defenses
(Guest lecture by Prof. Fish Wang) 		HALDERMAN Thursday, Nov. 3
18. Access Control and Isolation Quiz
Isolation, sandboxing, virtual machines, SGX, containers 		Nov. 4/Nov. 7
Shellcode
ROP exploitation
Ghidra tutorial
HALDERMAN Tuesday, Nov. 8
19. Election Cybersecurity Quiz
Vulnerabilities, defenses, policy 		Only via Zoom GUEST Thursday, Nov. 10
20. Side Channels Quiz
Timing attacks, cache attacks, etc.
(Guest lecture by Dr. Ofir Weisse)
Lab 4 due 6 p.m.
 Nov. 11/Nov. 14
Midterm exam discussion
Project help
ENSAFI Tuesday, Nov. 15
21. Privacy and Anonymity Quiz
Online tracking; Tor, Signal, etc. 		ENSAFI Thursday, Nov. 17
22. Digital Forensics Quiz
Taint and blur, data recovery, incident response
AppSec Project due 6 p.m.
Forensics Project available
 Nov. 18/Nov. 21
Review AppSec Project
Introduce Forensics Project
Autopsy tutorial
Lab 5 available

Part 4. Security in Context

Lectures Lab
Only via Zoom GUEST Tuesday, Nov. 22
23. Adversarial Machine Learning
Evasion attacks, data poisoning attacks, model extraction
(Guest lecture by Prof. Florian Tramèr) 		Thursday, Nov. 24
No Lecture
Thanksgiving break 		Nov. 25/Nov. 28
No Lab
ENSAFI Tuesday, Nov. 29
24. Censorship and Circumvention Quiz
Internet censorship, geoblocking, censorship measurement, circumvention 		GUEST Thursday, Dec. 1
25. Hacking, the Law, and Public Policy
(Guest lecture by U-M CISO Sol Bermann)
Lab 5 due 6 p.m.
 Dec. 2/Dec. 5
Exam review, Part 1
HALDERMAN Tuesday, Dec. 6
26. Physical Security Quiz
Locks and safes, lock picking techniques; defenses 		STAFF Thursday, Dec. 8
Exam Review, Part 2
Forensics Project due 6 p.m.
 Dec. 9/Dec. 12
No Lab
Tuesday, Dec. 13
Exam Period
Thursday, Dec. 15
Final Exam, 7–9 p.m.