Course Schedule Fall 2015
This schedule is subject to change. Please check back frequently.
Introduction
| Wednesday Lecture | Friday Lecture | Notes |
|---|---|---|
| Aug. 26 Preliminaries Class Overview; Threat models, vulnerabilities, attacks; how to think like an attacker and a defender |
Aug. 28 Ethics and the Law Normative ethics, community standards; CFAA, wiretap laws, university policy |
Part 1. Security Fundamentals
| Wednesday Lecture | Friday Lecture | Notes |
|---|---|---|
| Sep. 2 Message integrity, pseudorandom functions Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs |
Sep. 4 Randomness and pseudorandomness, Block Ciphers Generating randomness, PRGs, one-time pads, Simple ciphers, AES, block cipher modes |
Introduce Crypto Project, Checkpoint 1 Introduce Crypto Project, Checkpoint 2 |
| Sep. 9 Key exchange and key management Diffie-Hellman key exchange, man-in-the-middle attacks Crypto Project, Checkpoint 1 due 6pm
|
Sep. 11 Public-key crypto RSA encryption, digital signatures, secret sharing |
Part 2. Web and Network Security
| Wednesday Lecture | Friday Lecture | Notes |
|---|---|---|
| Sep. 16 Web architecture Intro to web architecture; the Shellshock vuln |
Sep. 18 Web attacks and defenses Cookies; XSS, CSRF, and SQL-injection attacks and defenses Crypto Project, Checkpoint 2 due 6pm
|
Introduce Web Project, Checkpoint 1 |
| Sep. 23 HTTPS, part 1 The HTTPS PKI, SSL certificates and CAs, attacks |
Sep. 25 HTTPS in practice Cert ecosystem, Heartbleed, TLS use in SMTP Web Project, Checkpoint 1 due 6pm
|
Introduce Web Project, Checkpoint 2 |
| Sep. 30 Internet Architecture IP, forwarding, routing, DNS, BGP |
Oct. 2 Network attacks Hijacking, eavesdropping, DoS, DNS, BGP |
|
| Oct. 7 Networking Attacks in Practice NTP Amplification attacks, Booters Web Project, Checkpoint 2 due 6pm
|
Oct. 9 Networking Defenses TLS, IPSec, Wep, IDS, Firewall |
Introduce Networking Project, Checkpoint 1 |
Part 3. Host and Application Security
| Wednesday Lecture | Friday Lecture | Notes |
|---|---|---|
| Oct. 14 Control hijacking, Part 1 Software architecture and a simple buffer overflow Networking Project, Checkpoint 1 due 6pm
|
Oct. 16 Control hijacking, Part 2 Common exploitable application bugs, shellcode |
Introduce Networking Project, Checkpoint 2 |
| Oct. 21 Malware, Part 1 Drive-by downloads, spyware, key loggers |
Oct. 23 Malware, Part 2 (continued) Networking Project, Checkpoint 2 due 6pm
|
Introduce AppSec Project, Checkpoint 1 Introduce AppSec Project, Checkpoint 2 |
| Oct. 28 Worms Botnet Evolution Techniques, Measurements, Ecosystem |
Oct. 30 Authentication and passwords Strong and weak passwords, salting, password cracking, online vs. offline guessing AppSec Project, Checkpoint 1 due 6pm
|
Part 4. Security in Context
| Wednesday Lecture | Friday Lecture | Notes |
|---|---|---|
| Nov. 4 Physical security Locks and safes, lock picking techniques; defenses |
Nov. 6 Forensics Taint and blur, data recovery, incident response |
|
| Nov. 11 Defending weak applications Isolation, sandboxing, virtual machines AppSec Project, Checkpoint 2 due 6pm
|
Nov. 13 Side-channel attacks Timing attacks, power analysis, cold-boot attacks, defenses |
Introduce Forensics Project, Checkpoint 1 Introduce Forensics Project, Checkpoint 2 |
| Nov. 18 Anonymity Need for privacy, Proxies, Tor Forensics Project, Checkpoint 1 due 6pm
|
Nov. 20 U-Pick-em DarkWeb |
|
| Nov. 25 Thanksgiving Break |
Nov. 27 Thanksgiving Break |
|
| Dec. 2 U-Pick-em Mobile Phone Jailbreaking |
Dec. 4 U-Pick-em Airplane hacking Forensics Project, Checkpoint 2 due 6pm
|
|
| Dec. 9 Wrap up |
