Course Schedule Spring 2015
This schedule is subject to change. Please check back frequently.
Part 1. Security Fundamentals
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Jan. 21 Preliminaries Class Overview; Ethical Hacking |
Jan. 26 The security mindset Threat models, vulnerabilities, attacks; how to think like an attacker and a defender |
Jan. 28 Message integrity, pseudorandom functions Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs |
Introduce Homework 1 Introduce Crypto Project |
Feb. 2 Randomness and pseudorandomness Generating randomness, PRGs, one-time pads |
Feb. 4 Block ciphers Simple ciphers, AES, block cipher modes Homework 1 due 6pm
|
Review Homework 1 Introduce Homework 2 |
Feb. 9 Key exchange and key management Diffie-Hellman key exchange, man-in-the-middle attacks |
Feb. 11 Public-key crypto RSA encryption, digital signatures, secret sharing Crypto Project due 6pm
|
Review Crypto Project Introduce Web Project |
Part 2. Web and Network Security
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Feb. 16 Web architecture Intro to web architecture; the Shellshock vuln |
Feb. 18 Web attacks and defenses Cookies; XSS, CSRF, and SQL-injection attacks and defenses Homework 2 due 6pm
|
Review Homework 2 |
Feb. 23 HTTPS, part 1 The HTTPS PKI, SSL certificates and CAs, attacks |
Feb. 25 HTTPS, part 2 The SSL/TLS protocol, attacks and defenses |
Introduce Homework 3 |
Mar. 2 Internet Architecture IP, forwarding, routing, DNS, BGP |
Mar. 4 Network attacks and defenses |
Mar. 9 Networking Attacks in Practice Web Project due 6pm
|
Mar. 11 Control hijacking, Part 1 Software architecture and a simple buffer overflow |
Part 3. Host and Application Security
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Mar. 16 Control hijacking, Part 2 Common exploitable application bugs, shellcode Homework 3 due 6pm
|
Mar. 18 Study Break |
Introduce Networking Project Review Web Project Review Homework 3 |
Mar. 23 Spring Vacation |
Mar. 25 Spring Vacation |
Mar. 30 Malware, Part 1 Drive-by downloads, spyware, key loggers |
Apr. 1 Malware, Part 2 (continued) Networking Project due 6pm
|
Review Networking Project Introduce AppSec Project |
Apr. 6 Worms Techniques, Measurements, Ecosystem |
Apr. 8 Botnets Techniques, Measurements, Ecosystem |
Introduce Homework 4 |
Part 4. Security in Context
| Monday Lecture | Wednesday Lecture | Notes |
|---|---|---|
|
Apr. 13 Authentication and passwords Strong and weak passwords, salting, password cracking, online vs. offline guessing |
Apr. 15 Forensics Taint and blur, data recovery, incident response AppSec Project due 6pm
|
Review AppSec Project Introduce Forensics Project |
Apr. 20 Defending weak applications Isolation, sandboxing, virtual machines Homework 4 due 6pm
|
Apr. 22 Physical security Locks and safes, lock picking techniques; defenses |
Review Homework 4 Introduce Homework 5 |
Apr. 27 Side-channel attacks Timing attacks, power analysis, cold-boot attacks, defenses |
Apr. 29 Privacy Online tracking, threats from “big data”, targeted snooping, differential privacy Forensics Project due 6pm
|
Review Forensics Project |
May. 4 U-Pick-em NSA hard drive firmware virus Homework 5 due 6pm
|
May. 6 U-Pick-em DDOS + Botnets scriptings |
Review Homework 5 |
