Course Schedule Spring 2017

This schedule is subject to change. Please check back frequently.

Part 1. Security Fundamentals

Tuesday Thursday
Jan. 17
The security mindset
Threat models, vulnerabilities, attacks; how to think like an attacker and a defender
Jan. 19
Crypto Basics
Alice and Bob, Kerckhoffs's principle, hashes and MACs
Homework 1 available
Jan. 24
Randomness and pseudorandomness
Generating randomness, PRGs, basic confidentiality
Jan. 26
One-time pad, Simple ciphers, AES, Block ciphers, padding oracle attacks
Jan. 31
Key exchange and key management
Diffie-Hellman key exchange, man-in-the-middle attacks
Homework 2 available
Homework 1 due 6pm
Feb. 2
Public-key crypto
RSA encryption, digital signatures, secret sharing
Crypto Project due Friday, Feb 3

Part 2. Web and Network Security

Tuesday Thursday
Feb. 7
Web Basics 1
Introduce Web project
HTML, CSS, Javascript
Feb. 9
Web Basics 2
Same Origin Policy, cookies
Feb. 14
Web Attacks 1
Client attacks and defenses (XSS/CSRF)
Homework 2 due 6pm
Feb. 16
Web Attacks 2
Server attacks and defenses (SQL injection)
Feb. 21
The TLS protocol, certificates and CAs
Feb. 23
TLS pls!
Homework 3 available
Web Project due 6pm
Feb. 28
Networking Basics 1
How the Internet works: Routing and BGP
Mar. 2
Networking Basics 2
Introduce Networking project
Layers and Protocols: IP, TCP, DNS
Mar. 7
Network attacks and defenses
ARP/IP spoofing, Network tools, DNS poisoning, DoS attacks
Mar. 9
Bitcoin and friends
Homework 4 available

Part 3. Host and Application Security

Tuesday Thursday
Mar. 14
Control hijacking, Part 1
Software architecture and a simple buffer overflow
Mar. 16
Control hijacking, Part 2
Common exploitable application bugs, shellcode
Introduce AppSec Project
Networking Project due 6pm
Mar. 21
Control hijacking, Part 3
Modern attacks and defenses, ROP, ASLR, JIT-spray
Mar. 23
Anonymity 1
Remailers, mixnets, OTR
Mar. 28
Spring Break
Mar. 30
Spring Break
Apr. 4
Anonymity (cont'd)
Tor, hidden services
Homework 4 due 6pm
Apr. 6
Viruses, worms, spyware, key loggers, randsomware, and botnets; defenses

Part 4. Security in Context

Tuesday Thursday
Apr. 11
Online tracking, threats from “big data”, targeted snooping, differential privacy
Homework 5 available
Apr. 13
Electronic Voting
Risks, viruses, defenses, audits, and policy
AppSec Project due 6pm
Apr. 18
Taint and blur, data recovery, incident response
Introduce Forensics project
Apr. 20
Security, law, and policy
Guest lecture: Blake Reid
Apr. 25
Internet Censorship
Censors, circumvention tools, and policy
Homework 5 due 6pm
Apr. 27
Side-channel attacks
Timing attacks, power analysis, cold-boot attacks, defenses
Forensics Project due 6pm
May. 2
Physical security
Locks and safes, lock picking techniques; defenses
May. 4
Final exam review

Final Exam   Sunday, May 7th 4:30-6:30pm ECEE 1B32