Course Schedule Fall 2024

Part 1. System Security

GENKIN Monday, Aug. 19
1. The Security Mindset
Course overview, thinking like an attacker, threat models
Tuesday, Aug. 20
GENKIN Wednesday, Aug. 21
2. Software Security 1
Machine organization, basic stack smashing
Thursday, Aug. 22
Friday, Aug. 23
GENKIN Monday, Aug. 26
3. Software Security 2
Advanced stack smashing and countermeasures
Lab 1: GDB due 11:59 p.m.
Tuesday, Aug. 27
GENKIN Wednesday, Aug. 28
4. OS Security and Access Control
Secure system principles, access control, process and memory isolation
Application Security Project (Part 1) due 11:59 p.m.
Quiz 0 - Course Logistics due 11:59 p.m.
Thursday, Aug. 29
Friday, Aug. 30
Monday, Sep. 2
Labor Day
Tuesday, Sep. 3
Quiz 1 - Security Mindset and Software Security due 11:59 p.m.
GENKIN Wednesday, Sep. 4
5. Isolation and Sandboxing
Syscalls and interposition, jails, Docker, VMs, hypervisors
Thursday, Sep. 5
Friday, Sep. 6

Part 2. Cryptography

GENKIN Monday, Sep. 9
6. Hashing
Applications, definitions, birthday, life cycle, common examples
Tuesday, Sep. 10
Quiz 2 - Operating System Security and Access Control due 11:59 p.m.
GENKIN Wednesday, Sep. 11
7. Integrity
MAC, HMAC, length extension attacks
Application Security Project (Part 2) due 11:59 p.m.
Thursday, Sep. 12
Friday, Sep. 13
GENKIN Monday, Sep. 16
8. Symmetric Crypto
OTP, block ciphers, DES history, AES internals
Tuesday, Sep. 17
GENKIN Wednesday, Sep. 18
9. Combining Integrity and Confidentiality
Block cipher modes, malleability, padding oracles, AEAD
Lab 2: Docker and Python due 11:59 p.m.
Thursday, Sep. 19
Friday, Sep. 20
GENKIN Monday, Sep. 23
10. DH and Key Exchange
Modular arithmetic, DH, key management, MITM attacks
Cryptography Project (Part 1) due 11:59 p.m.
Tuesday, Sep. 24
Quiz 3 - Isolation, Hashing, and Integrity due 11:59 p.m.
GENKIN Wednesday, Sep. 25
11. RSA and Attacks on Protocols, Building a Secure Channel
RSA encryption and signatures, attacks on RSA, combining primitives
Thursday, Sep. 26
Friday, Sep. 27

Part 3. Web and Networking

GENKIN Monday, Sep. 30
12. The Web Platform
HTTP, HTML, DOM, JavaScript, same-origin policy
Tuesday, Oct. 1
Quiz 4 - Symmetric Crypto due 11:59 p.m.
GENKIN Wednesday, Oct. 2
13. Web Attacks and Defenses
CSRF, SQL injection, XSS attacks and defenses
Cryptography Project (Part 2) due 11:59 p.m.
Thursday, Oct. 3
Friday, Oct. 4
STAFF Monday, Oct. 7
Exam Review
Tuesday, Oct. 8
Quiz 5 - DH Key Exchange & RSA due 11:59 p.m.
Wednesday, Oct. 9
Exam 1, Online
Thursday, Oct. 10
Friday, Oct. 11
Lab 3: Browser DevTools due 11:59 p.m.
Monday, Oct. 14
Fall Break
Tuesday, Oct. 15
Fall Break
GENKIN Wednesday, Oct. 16
14. HTTPS and the Web PKI
TLS, certificates, PKI
Quiz 6 - Web Security due 11:59 p.m.
Thursday, Oct. 17
Friday, Oct. 18
GENKIN Monday, Oct. 21
15. HTTPS Attacks and Defenses
Social engineering, attacks on CAs, protocol & implementation issues
Tuesday, Oct. 22
GENKIN Wednesday, Oct. 23
16. Networking 101
OSI model, link- through transport-layer attacks
Web Security Project due 11:59 p.m.
Thursday, Oct. 24
Friday, Oct. 25
GENKIN Monday, Oct. 28
17. Networking 102
TCP/UDP, application-layer protocols and attacks
Tuesday, Oct. 29
Quiz 7 - HTTPS, Web PKI, Attacks, and Defenses due 11:59 p.m.
GENKIN Wednesday, Oct. 30
18. Network Defenses
DoS techniques and defenses, network monitoring
Lab 4: Python Sockets due 11:59 p.m.
Thursday, Oct. 31
Friday, Nov. 1

Part 4. Security in Context

GENKIN Monday, Nov. 4
19. Malware
Types of malware, infection methods, C&C, case studies
Tuesday, Nov. 5
GENKIN Wednesday, Nov. 6
20. Authentication
Passwords, CAPTCHAs, 2FA, biometrics
Thursday, Nov. 7
Friday, Nov. 8
GENKIN Monday, Nov. 11
21. Side-Channel Analysis
Physical side channels, microarchitectural issues, Spectre and Meltdown
Tuesday, Nov. 12
Quiz 8 - Networking & Networking Defenses due 11:59 p.m.
GENKIN Wednesday, Nov. 13
22. Digital Forensics
Imaging, techniques for analysis, countermeasures for forensics
Networking Project due 11:59 p.m.
Thursday, Nov. 14
Friday, Nov. 15
GENKIN Monday, Nov. 18
23. Privacy & Anonymity
Fingerprinting, k-anonymity, Tor, CFAA, ethics
Tuesday, Nov. 19
Quiz 9 - Malware and Authentication due 11:59 p.m.
BALUTA Wednesday, Nov. 20
24. Machine Learning Security
Guest lecture about security in Machine Learning
Lab 5: Autopsy due 11:59 p.m.
Thursday, Nov. 21
Friday, Nov. 22
GENKIN Monday, Nov. 25
25. Physical Security
Types of physical locks and how to defeat them via lockpicking
Tuesday, Nov. 26
Quiz 10 - Privacy and Digital Forensics due 11:59 p.m.
Wednesday, Nov. 27
Thanksgiving
Thursday, Nov. 28
Thanksgiving
Friday, Nov. 29
Thanksgiving
STAFF Monday, Dec. 2
Exam Review
Tuesday, Dec. 3
Wednesday, Dec. 4
Forensics Project due 11:59 p.m.
Thursday, Dec. 5
Friday, Dec. 6
Exam 2, Online