The schedule will change as the course progresses, in part based on student
interests. If you are particularly interested in some topic not covered here,
send mail to the course staff.
| Monday | Tuesday |
Wednesday | Thursday |
Friday |
sep 2
Labor day |
sep 3
Reg day |
sep 4
LEC 1: Introduction, threat models
Assigned: Lab 1: Buffer overflows
First day of classes |
sep 5 |
sep 6 |
sep 9
LEC 2: Control hijacking attacks
Preparation: Read Baggy bounds checking (2009) + errata (Question) |
sep 10 |
sep 11
LEC 3: Integer overflows and static analysis unsigned int
Preparation: Read KINT (2012) (Question) |
sep 12 |
sep 13
DUE: Lab 1 parts 1+2 |
sep 16
LEC 4: Privilege separation
Preparation: Read OKWS (2004) (Question)
Assigned: Lab 2: Privilege separation |
sep 17 |
sep 18
LEC 5: Guest lecture:
Paul Youn from iSEC Partners |
sep 19 |
sep 20
DUE: Lab 1 all parts |
sep 23
LEC 6: Evolving OS isolation mechanisms
Preparation: Read Capsicum (2010) and optionally access-control extensibility (2013) (Question) |
sep 24 |
sep 25
LEC 7: Sandboxing native code
Preparation: Read Native Client (2009) (Question) |
sep 26 |
sep 27
DUE: Lab 2 parts 1+2 |
sep 30
LEC 8: Network security
Preparation: Read Security Problems in TCP/IP (2004) (Question) |
oct 1 |
oct 2
LEC 9: Network protocols
Preparation: Read Kerberos (1988) (Question) |
oct 3 |
oct 4
DUE: Lab 2 parts 3+4
ADD DATE |
oct 7
LEC 10: Web security model
Preparation: Read The Tangled Web (2012), Chapters 9-13 (Question) |
oct 8 |
oct 9
LEC 11: Securing web applications
Preparation: Read Security in Django (2012) and Django CSRF (Question)
Assigned: Lab 3: Server-side sandboxing |
oct 10 |
oct 11
DUE: Lab 2 all parts |
oct 14
Columbus day |
oct 15
Columbus day |
oct 16
LEC 12: SSL and HTTPS
Preparation: Read ForceHTTPS (2008) (Question)
Assigned: Lab 7: Final project |
oct 17 |
oct 18
DUE: Lab 3 all parts
Assigned: Lab 4: Attacking the server |
oct 21
LEC 13: Side-channel attacks
Preparation: Read Remote timing attacks (2003) (Question) |
oct 22 |
oct 23
LEC 14: Privacy and data lifetime
Preparation: Read Private browsing (2010) (Question)
Assigned: Lab 5: Browser security
Quiz 1 Review: 7:30pm - 9:30pm in 34-101. |
oct 24
DUE: Post your final project idea on Piazza |
oct 25
DUE: Lab 4 |
oct 28
Quiz 1: Covers lectures 1-12 and labs 1-3
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: 50-340 (Walker) |
oct 29 |
oct 30
LEC 15: User authentication (Slides)
Preparation: Read The Quest to Replace Passwords (2012) and optionally the extended version (Question) |
oct 31 |
nov 1
DUE: Final project proposal |
nov 4
No lecture, work on lab 5 |
nov 5 |
nov 6
LEC 16: Anonymous communication
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)
Assigned: Lab 6: Javascript sandboxing |
nov 7 |
nov 8
DUE: Lab 5 |
nov 11
Veteran's day |
nov 12 |
nov 13
LEC 17: Mobile phone security (Slides)
Preparation: Read Understanding Android Security (2009) + errata (Question) |
nov 14 |
nov 15
DUE: Lab 6 |
nov 18
LEC 18: File system encryption
Preparation: Read BitLocker (2006) (Question) |
nov 19 |
nov 20
LEC 19: Database encryption
Preparation: Read CryptDB (2011) (Question)
DROP DATE |
nov 21 |
nov 22
DUE: Email us a status update on your final project (couple of paragraphs) |
nov 25
LEC 20: Guest lecture:
Mark Silis from MIT IS&T
Quiz 2 Review: 7:30pm - 9:30pm in 32-141.
Slides/Notes 1 2 3 4 |
nov 26 |
nov 27
LEC 21: Obfuscation and reverse-engineering
Preparation: Read Looking inside Dropbox (2013) (Question) |
nov 28
Thanksgiving |
nov 29
Thanksgiving |
dec 2
Quiz 2: Focuses on lectures 13-21 and labs 4-6 (but may build on earlier material)
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: 50-340 (Walker) |
dec 3 |
dec 4
LEC 22: Security economics
Preparation: Read Click Trajectories (2011) (Question) |
dec 5 |
dec 6 |
dec 9
No class, hack on final projects |
dec 10 |
dec 11
LEC 23: Project presentations
DUE: Final project presentation
Last day of classes |
dec 12 |
dec 13
DUE: Final project writeup and code |
dec 16
Final exam week
(No final in 6.858) |
dec 17
Final exam week
(No final in 6.858) |
dec 18
Final exam week
(No final in 6.858) |
dec 19
Final exam week
(No final in 6.858) |
dec 20
Final exam week
(No final in 6.858) |
