Course Schedule Spring 2022

Part 1. Security Fundamentals

Mon./Wed. Lecture Tue./Thu. Lecture Lab
HONEYMAN Tuesday, May 3
The Security Mindset
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Crypto Project available
No lab
HONEYMAN Wednesday, May 4
Message Integrity
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs
HONEYMAN Thursday, May 5
Randomness and Pseudorandomness
Generating randomness, PRGs, one-time pads
Introduce project
Python tutorial
Length extension
Hash collisions Lab Assignment
HONEYMAN Monday, May 9
Simple ciphers, AES, block cipher modes
Crypto Project, Part 1 due 6 p.m.
HONEYMAN Tuesday, May 10
Confidentiality Attacks, Key Exchange
Diffie-Hellman key exchange, man-in-the-middle attacks
Review Part 1
Padding oracles
HONEYMAN Wednesday, May 11
Public Key Cryptography
RSA encryption, digital signatures, secret sharing

Part 2. Web and Network Security

Mon./Wed. Lecture Tue./Thu. Lecture Lab
HONEYMAN Thursday, May 12
Web Platform
Intro to the web platform; HTTP, cookies, Javascript, etc.
Bleichenbacher attacks
HONEYMAN Monday, May 16
Web Attacks and Defenses
Cookies; XSS, CSRF, and SQL-injection attacks and defenses
Crypto Project, Part 2 due 6 p.m.
Web Project available
HOFFMAN Tuesday, May 17
HTTPS and the Web PKI
The TLS protocol and the CA ecosystem
Review Crypto Project
Introduce Web Project
SQL tutorial
SQL injection mechanics
HOFFMAN Wednesday, May 18
Attacking HTTPS
Implementation flaws, social engineering attacks, and crypto failures
HONEYMAN Thursday, May 19
Networking 101
IP, forwarding, routing, DNS, BGP
HTML and JavaScript tutorial
XSS and CSRF mechanics
HONEYMAN Monday, May 23
Networking 102
IP, forwarding, routing, DNS, BGP
Web Project due 6 p.m.
Networking Project available
HONEYMAN Tuesday, May 24
Network Attacks and Defenses
ARP spoofing, DNS attacks, denial of service
Introduce Networking Project
Go tutorial
Wireshark tutorial Lab Assignment
HONEYMAN Wednesday, May 25
Protocol Security
Firewalls, IDSes, VPNs, zero-trust
HONEYMAN Thursday, May 26
Authentication and Passwords
Passwords, online and offline guessing
MITM implementation
Project help

Part 3. Host and Application Security

Mon./Wed. Lecture Tue./Thu. Lecture Lab
Monday, May 30
No Lecture
Memorial Day
HONEYMAN Tuesday, May 31
Viruses and worms, spyware, key loggers, and botnets; defenses
No lab
HONEYMAN Wednesday, Jun. 1
Control Hijacking, Part 1
Software architecture and a simple buffer overflow
Networking Project due 6 p.m.
AppSec Project available
HONEYMAN Thursday, Jun. 2
Control Hijacking, Part 2
Common exploitable application bugs, shellcode
Introduce AppSec Project
Binary exploitation primer
ROP exploitation
Ghidra tutorial
HONEYMAN Monday, Jun. 6
Access Control and Isolation
Isolation, sandboxing, virtual machines, SGX, containers
HONEYMAN Tuesday, Jun. 7
Side Channels
Timing attacks, cache attacks, etc.
No lab
HONEYMAN Wednesday, Jun. 8
Digital Forensics
Taint and blur, data recovery, incident response
Forensics Project available
HONEYMAN Thursday, Jun. 9
Privacy and Anonymity
Online tracking; Tor, Signal, etc.
Autopsy tutorial

Part 4. Security in Context

Mon./Wed. Lecture Tue./Thu. Lecture Lab
HONEYMAN Monday, Jun. 13
Nation-state attackers, cyberwarfare, APTs
HONEYMAN Tuesday, Jun. 14
Hiding data in plain sight
Monday: crypto/web review
Tuesday: No lab
PRAKASH Wednesday, Jun. 15
Adversarial Machine Learning
Evasion attacks, data poisoning attacks, model extraction
HONEYMAN Thursday, Jun. 16
Physical Security
Locks and safes, lock picking techniques; defenses
Wednesday: networking review
Thursday: appsec review
Monday, Jun. 20
Study day
Tuesday, Jun. 21
Study day
Forensics Project due 6 p.m.
No lab

Final Exam   Thursday, June 23, 4–6 p.m., 1571 GGBL