Course Schedule Fall 2015

This schedule is subject to change. Please check back frequently.



Wednesday Lecture Friday Lecture Notes
Aug. 26
Class Overview; Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Aug. 28
Ethics and the Law
Normative ethics, community standards; CFAA, wiretap laws, university policy

Part 1. Security Fundamentals

Wednesday Lecture Friday Lecture Notes
Sep. 2
Message integrity, pseudorandom functions
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs
Sep. 4
Randomness and pseudorandomness, Block Ciphers
Generating randomness, PRGs, one-time pads, Simple ciphers, AES, block cipher modes
Introduce Crypto Project, Checkpoint 1
Introduce Crypto Project, Checkpoint 2
Sep. 9
Key exchange and key management
Diffie-Hellman key exchange, man-in-the-middle attacks
Crypto Project, Checkpoint 1 due 6pm
Sep. 11
Public-key crypto
RSA encryption, digital signatures, secret sharing

Part 2. Web and Network Security

Wednesday Lecture Friday Lecture Notes
Sep. 16
Web architecture
Intro to web architecture; the Shellshock vuln
Sep. 18
Web attacks and defenses
Cookies; XSS, CSRF, and SQL-injection attacks and defenses
Crypto Project, Checkpoint 2 due 6pm
Introduce Web Project, Checkpoint 1
Sep. 23
HTTPS, part 1
The HTTPS PKI, SSL certificates and CAs, attacks
Sep. 25
HTTPS in practice
Cert ecosystem, Heartbleed, TLS use in SMTP
Web Project, Checkpoint 1 due 6pm
Introduce Web Project, Checkpoint 2
Sep. 30
Internet Architecture
IP, forwarding, routing, DNS, BGP
Oct. 2
Network attacks
Hijacking, eavesdropping, DoS, DNS, BGP
Oct. 7
Networking Attacks in Practice
NTP Amplification attacks, Booters
Web Project, Checkpoint 2 due 6pm
Oct. 9
Networking Defenses
TLS, IPSec, Wep, IDS, Firewall
Introduce Networking Project, Checkpoint 1

Part 3. Host and Application Security

Wednesday Lecture Friday Lecture Notes
Oct. 14
Control hijacking, Part 1
Software architecture and a simple buffer overflow
Networking Project, Checkpoint 1 due 6pm
Oct. 16
Control hijacking, Part 2
Common exploitable application bugs, shellcode
Introduce Networking Project, Checkpoint 2
Oct. 21
Malware, Part 1
Drive-by downloads, spyware, key loggers
Oct. 23
Malware, Part 2
Networking Project, Checkpoint 2 due 6pm
Introduce AppSec Project, Checkpoint 1
Introduce AppSec Project, Checkpoint 2
Oct. 28
Worms Botnet Evolution
Techniques, Measurements, Ecosystem
Oct. 30
Authentication and passwords
Strong and weak passwords, salting, password cracking, online vs. offline guessing
AppSec Project, Checkpoint 1 due 6pm

Part 4. Security in Context

Wednesday Lecture Friday Lecture Notes
Nov. 4
Physical security
Locks and safes, lock picking techniques; defenses
Nov. 6
Taint and blur, data recovery, incident response
Nov. 11
Defending weak applications
Isolation, sandboxing, virtual machines
AppSec Project, Checkpoint 2 due 6pm
Nov. 13
Side-channel attacks
Timing attacks, power analysis, cold-boot attacks, defenses
Introduce Forensics Project, Checkpoint 1
Introduce Forensics Project, Checkpoint 2
Nov. 18
Need for privacy, Proxies, Tor
Forensics Project, Checkpoint 1 due 6pm
Nov. 20
Nov. 25
Thanksgiving Break
Nov. 27
Thanksgiving Break
Dec. 2
Mobile Phone Jailbreaking
Dec. 4
Airplane hacking
Forensics Project, Checkpoint 2 due 6pm
Dec. 9
Wrap up

Midterm Exam: 5:00–7:00 PM, Monday, October 5 (Location: 1002 ECEB)

Final Exam: 1:00–4:00 PM, Friday, December 11 (Location: 1013 ECEB, 1015 ECEB)