Course Schedule Spring 2015

This schedule is subject to change. Please check back frequently.

Part 1. Security Fundamentals

Monday Lecture Wednesday Lecture Notes
Jan. 21
Class Overview; Ethical Hacking
Jan. 26
The security mindset
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Jan. 28
Message integrity, pseudorandom functions
Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs
Introduce Homework 1
Introduce Crypto Project
Feb. 2
Randomness and pseudorandomness
Generating randomness, PRGs, one-time pads
Feb. 4
Block ciphers
Simple ciphers, AES, block cipher modes
Homework 1 due 6pm
Review Homework 1
Introduce Homework 2
Feb. 9
Key exchange and key management
Diffie-Hellman key exchange, man-in-the-middle attacks
Feb. 11
Public-key crypto
RSA encryption, digital signatures, secret sharing
Crypto Project due 6pm
Review Crypto Project
Introduce Web Project

Part 2. Web and Network Security

Monday Lecture Wednesday Lecture Notes
Feb. 16
Web architecture
Intro to web architecture; the Shellshock vuln
Feb. 18
Web attacks and defenses
Cookies; XSS, CSRF, and SQL-injection attacks and defenses
Homework 2 due 6pm
Review Homework 2
Feb. 23
HTTPS, part 1
The HTTPS PKI, SSL certificates and CAs, attacks
Feb. 25
HTTPS, part 2
The SSL/TLS protocol, attacks and defenses
Introduce Homework 3
Mar. 2
Internet Architecture
IP, forwarding, routing, DNS, BGP
Mar. 4
Network attacks and defenses
Mar. 9
Networking Attacks in Practice
Web Project due 6pm
Mar. 11
Control hijacking, Part 1
Software architecture and a simple buffer overflow

Part 3. Host and Application Security

Monday Lecture Wednesday Lecture Notes
Mar. 16
Control hijacking, Part 2
Common exploitable application bugs, shellcode
Homework 3 due 6pm
Mar. 18
Study Break
Introduce Networking Project
Review Web Project
Review Homework 3
Mar. 23
Spring Vacation
Mar. 25
Spring Vacation
Mar. 30
Malware, Part 1
Drive-by downloads, spyware, key loggers
Apr. 1
Malware, Part 2
Networking Project due 6pm
Review Networking Project
Introduce AppSec Project
Apr. 6
Techniques, Measurements, Ecosystem
Apr. 8
Techniques, Measurements, Ecosystem
Introduce Homework 4

Part 4. Security in Context

Monday Lecture Wednesday Lecture Notes
Apr. 13
Authentication and passwords
Strong and weak passwords, salting, password cracking, online vs. offline guessing
Apr. 15
Taint and blur, data recovery, incident response
AppSec Project due 6pm
Review AppSec Project
Introduce Forensics Project
Apr. 20
Defending weak applications
Isolation, sandboxing, virtual machines
Homework 4 due 6pm
Apr. 22
Physical security
Locks and safes, lock picking techniques; defenses
Review Homework 4
Introduce Homework 5
Apr. 27
Side-channel attacks
Timing attacks, power analysis, cold-boot attacks, defenses
Apr. 29
Online tracking, threats from “big data”, targeted snooping, differential privacy
Forensics Project due 6pm
Review Forensics Project
May. 4
NSA hard drive firmware virus
Homework 5 due 6pm
May. 6
DDOS + Botnets scriptings
Review Homework 5

Final Exam: 1:30–4:30 PM, Friday, May 15 (Location: TDB)