Fall 2012

The schedule will change as the course progresses, in part based on student interests. If you are particularly interested in some topic not covered here, send mail to the course staff.

MondayTuesday WednesdayThursday Friday
sep 3
Labor day
sep 4
Reg day
sep 5
LEC 1: Introduction, threat models
Assigned: Lab 1: Buffer overflows
First day of classes
sep 6 sep 7
TUT 1: Getting started with lab 1 (optional)
2pm in 32-123
sep 10
LEC 2: Control hijacking attacks
Preparation: Read Baggy bounds checking + errata (Question)
sep 11 sep 12
LEC 3: Privilege separation
Preparation: Read OKWS (Question)
sep 13 sep 14
DUE: Lab 1 part 1
sep 17
LEC 4: Evolving OS isolation mechanisms
Preparation: Read Capsicum (Question)
sep 18 sep 19
LEC 5: Guest lecture:
Paul Youn from iSEC Partners
Assigned: Lab 2: Privilege separation
sep 20 sep 21
DUE: Lab 1 all parts
sep 24
LEC 6: Network protocols
Preparation: Read Kerberos (Question)
sep 25 sep 26
LEC 7: Web application security
Preparation: Read Browser Security Handbook, Part 2 and skim OWASP Top 10 (Question)
sep 27 sep 28
DUE: Lab 2 part 1
oct 1
LEC 8: Finding bugs in server-side code
Preparation: Read Static Detection of Scripting Vulnerabilities (notation) (Question)
oct 2 oct 3
LEC 9: Javascript sandboxing
Preparation: Read Run-Time Enforcement for Javascript (Question)
Assigned: Lab 3: Server-side sandboxing
oct 4 oct 5
DUE: Lab 2 all parts
ADD DATE
oct 8
Columbus day
oct 9
Columbus day
oct 10
LEC 10: SSL and HTTPS
Preparation: Read ForceHTTPS (Question)
oct 11 oct 12
DUE: Lab 3 parts 1 + 2
oct 15
LEC 11: Sandboxing native code
Preparation: Read Native Client (Question)
oct 16 oct 17
LEC 12: User authentication
Preparation: Read The Quest to Replace Passwords (Question)
oct 18 oct 19
DUE: Lab 3 all parts
Assigned: Lab 4: Attacking the server
oct 22
Quiz 1: Covers lectures + labs 1, 2, and 3
NOTE: in room 50-340 (third floor of Walker)
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
oct 23 oct 24
LEC 13: Single signon
Preparation: Read Empirical Analysis of OAuth (Question)
Assigned: Lab 5: Browser security
Assigned: Lab 7: Final project
oct 25 oct 26
DUE: Lab 4
oct 29
DUE: Post your final project idea on Piazza
No lecture
MIT closed due to hurricane Sandy
oct 30 oct 31
LEC 14: Mobile phone security
Preparation: Read Understanding Android Security + errata (Question)
nov 1 nov 2
nov 5
LEC 15: Platform-enforced privacy
Preparation: Read Koi + errata (Question)
DUE: Final project proposal
nov 6 nov 7
LEC 16: Anonymous communication
Preparation: Read Tor (Question)
Assigned: Lab 6: Javascript sandboxing
nov 8 nov 9
DUE: Lab 5
nov 12
Veteran's day
nov 13 nov 14
No lecture, hack on lab
nov 15 nov 16
DUE: Lab 6
nov 19
LEC 17: Side-channel attacks
Preparation: Read Remote timing attacks (Question)
nov 20 nov 21
LEC 18: File system encryption
Preparation: Read BitLocker (Question)
DROP DATE
nov 22
Thanksgiving
nov 23
Thanksgiving
nov 26
LEC 19: Trusted hardware
Preparation: Read TrInc + errata (Question)
nov 27 nov 28
LEC 20: Intrusion detection and analysis
Preparation: Read Backtracker (Question)
nov 29 nov 30
dec 3
LEC 21: Security economics
Preparation: Read Click Trajectories (Question)
dec 4 dec 5
Quiz 2: Covers lectures + labs since quiz 1
NOTE: Last names A-L go to 3-370; last names M-Z go to 4-237
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
dec 6 dec 7
dec 10
No class, hack on final projects
dec 11 dec 12
LEC 22: Project presentations
DUE: Final project presentation
Last day of classes
dec 13 dec 14
dec 17
Final exam week
(No final in 6.858)
dec 18
Final exam week
(No final in 6.858)
dec 19
Final exam week
(No final in 6.858)
dec 20
Final exam week
(No final in 6.858)
dec 21
Final exam week
(No final in 6.858)

Questions or comments regarding 6.858? Send e-mail to the course staff at 6.858-staff@pdos.csail.mit.edu.

Top // 6.858 home // Last updated Friday, 29-Jan-2016 11:49:41 EST