Course Schedule Spring 2017

This schedule is subject to change. Please check back frequently.

Part 1. Security Fundamentals

Tuesday Thursday
Jan. 17
The security mindset
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Jan. 19
Crypto Basics
Alice and Bob, Kerckhoffs's principle, hashes and MACs
Homework 1 available
Jan. 24
Randomness and pseudorandomness
Generating randomness, PRGs, basic confidentiality
Jan. 26
One-time pad, Simple ciphers, AES, Block ciphers, padding oracle attacks
Jan. 31
Key exchange and key management
Diffie-Hellman key exchange, man-in-the-middle attacks
Homework 2 available
Homework 1 due 6pm
Feb. 2
Public-key crypto
RSA encryption, digital signatures, secret sharing
Crypto Project due Friday, Feb 3

Part 2. Web and Network Security

Tuesday Thursday
Feb. 7
Web Basics 1
Introduce Web project
HTML, CSS, Javascript
Feb. 9
Web Basics 2
Same Origin Policy, cookies
Feb. 14
Web Attacks 1
Client attacks and defenses (XSS/CSRF)
Homework 2 due 6pm
Feb. 16
Web Attacks 2
Server attacks and defenses (SQL injection)
Feb. 21
The TLS protocol, certificates and CAs
Feb. 23
TLS pls!
Homework 3 available
Web Project due 6pm
Feb. 28
Networking Basics 1
How the Internet works: Routing and BGP
Mar. 2
Networking Basics 2
Introduce Networking project
Layers and Protocols: IP, TCP, DNS
Mar. 7
Network attacks and defenses
ARP/IP spoofing, Network tools, DNS poisoning, DoS attacks
Mar. 9
Bitcoin and friends
Homework 4 available

Part 3. Host and Application Security

Tuesday Thursday
Mar. 14
Control hijacking, Part 1
Software architecture and a simple buffer overflow
Mar. 16
Control hijacking, Part 2
Common exploitable application bugs, shellcode
Introduce AppSec Project
Networking Project due 6pm
Mar. 21
Control hijacking, Part 3
Modern attacks and defenses, ROP, ASLR, JIT-spray
Mar. 23
Anonymity and Privacy
Remailers, mixnets, Tor, Hidden services, OTR
Mar. 28
Spring Break
Mar. 30
Spring Break
Apr. 4
Viruses, worms, spyware, key loggers, randsomware, and botnets; defenses
Homework 4 due 6pm
Apr. 6
Online tracking, threats from “big data”, targeted snooping, differential privacy

Part 4. Security in Context

Tuesday Thursday
Apr. 11
Electronic Voting
Risks, viruses, defenses, audits, and policy
Homework 5 available
Apr. 13
Internet Censorship
Censors, circumvention tools, and policy
AppSec Project due 6pm
Apr. 18
Taint and blur, data recovery, incident response
Introduce Forensics project
Apr. 20
Side-channel attacks
Timing attacks, power analysis, cold-boot attacks, defenses
Apr. 25
Security, law, and policy
Homework 5 due 6pm
Apr. 27
Advanced threats
Cyber warfare, advanced persistent threats
Forensics Project due 6pm
May. 2
Physical security
Locks and safes, lock picking techniques; defenses
May. 4
Final exam review

Final Exam   TBD