The schedule will change as the course progresses, in part based on student
interests. If you are particularly interested in some topic not covered here,
send mail to the course staff.
| Monday | Tuesday |
Wednesday | Thursday |
Friday |
sep 1
Labor day |
sep 2
Reg day |
sep 3
LEC 1: Introduction, threat models (video)
Assigned: Lab 1: Buffer overflows
First day of classes |
sep 4 |
sep 5 |
sep 8
LEC 2: Control hijacking attacks (video)
Preparation: Read Baggy bounds checking (2009) + errata (Question) |
sep 9 |
sep 10
LEC 3: Buffer overflow exploits and defenses (video)
Preparation: Read Hacking blind (2014) (Question) |
sep 11 |
sep 12
DUE: Lab 1 parts 1+2 |
sep 15
LEC 4: Privilege separation (video)
Preparation: Read OKWS (2004) (Question) |
sep 16 |
sep 17
LEC 5: Guest lecture:
Paul Youn from iSEC Partners (video)
Assigned: Lab 2: Privilege separation |
sep 18 |
sep 19
DUE: Lab 1 all parts |
sep 22
LEC 6: Capabilities (video)
Preparation: Read Confused Deputy (1988) and Capsicum (2010) (Question) |
sep 23 |
sep 24
LEC 7: Sandboxing native code (video)
Preparation: Read Native Client (2009) (Question) |
sep 25 |
sep 26
DUE: Lab 2 part 1 |
sep 29
LEC 8: Web security model (video)
Preparation: Read OWASP top 10 and The Tangled Web (2012), Chapters 9-13 (Question) |
sep 30 |
oct 1
LEC 9: Securing web applications (video)
Preparation: Read Security in Django (2012) and Django CSRF (Question) |
oct 2 |
oct 3
DUE: Lab 2 parts 2+3
ADD DATE |
oct 6
Hacking day |
oct 7 |
oct 8
LEC 10: Symbolic execution (video)
(Guest lecture by Armando Solar-Lezama, MIT CSAIL)
Preparation: Read KLEE (2008) (Question) |
oct 9 |
oct 10
DUE: Lab 2 all parts
Assigned: Lab 3: Symbolic execution |
oct 13
Columbus day |
oct 14 |
oct 15
LEC 11: Ur/Web (video)
(Guest lecture by Adam Chlipala, MIT CSAIL)
Preparation: Read Ur/Web (2015) (Question)
Assigned: Lab 7: Final project |
oct 16 |
oct 17
DUE: Lab 3 part 1 |
oct 20
LEC 12: Network security (video)
Preparation: Read Security Problems in TCP/IP (2004) (Question) |
oct 21 |
oct 22
LEC 13: Network protocols (video)
Preparation: Read Kerberos (1988) (Question)
Assigned: Lab 4: Attacking the server
Quiz 1 Review Notes: 7-9pm in 32-123 |
oct 23
DUE: Post your final project idea on Piazza |
oct 24
DUE: Lab 3 all parts |
oct 27
LEC 14: SSL and HTTPS (video)
Preparation: Read ForceHTTPS (2008) (Question)
Assigned: Lab 5: Browser security |
oct 28 |
oct 29
Quiz 1: Covers lectures 1-14 and labs 1-3
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: Walker, 50-340 |
oct 30 |
oct 31
DUE: Lab 4
DUE: Final project proposal |
nov 3
LEC 15: Medical software (video)
(Guest lecture by Kevin Fu, U. Michigan)
Preparation: Read Trustworthy Medical Device Software (Question) |
nov 4 |
nov 5
LEC 16: Side-channel attacks (video)
Preparation: Read Remote timing attacks (2003) (Question)
Assigned: Lab 6: Javascript sandboxing |
nov 6 |
nov 7 |
nov 10
Veterans day |
nov 11
Veterans day |
nov 12
LEC 17: User authentication (video)
Preparation: Read The Quest to Replace Passwords (2012) and optionally the extended version (Question) |
nov 13 |
nov 14
DUE: Lab 5 |
nov 17
LEC 18: Private browsing (video)
Preparation: Read Private browsing (2010) (Question) |
nov 18 |
nov 19
LEC 19: Anonymous communication (video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)
DROP DATE |
nov 20 |
nov 21
DUE: Lab 6
DUE: Email us a status update on your final project (couple of paragraphs) |
nov 24
LEC 20: Mobile phone security (video)
Preparation: Read Understanding Android Security (2009) + errata (Question)
Quiz 2 Review Quiz 2 Review 2 Notes: 7-9pm in 34-101 |
nov 25 |
nov 26
LEC 21: Data tracking (video)
Preparation: Read TaintDroid (2010) (Question) |
nov 27
Thanksgiving |
nov 28
Thanksgiving |
dec 1
Quiz 2: Covers lectures 15-21 and labs 4-6
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: Walker, 50-340 |
dec 2 |
dec 3
LEC 22: Guest lecture:
Mark Silis and David LaPorte from MIT IS&T (video) |
dec 4 |
dec 5 |
dec 8
LEC 23: Security economics (video)
Preparation: Read Click Trajectories (2011) (Question) |
dec 9 |
dec 10
LEC 24: Project presentations (video)
DUE: Final project presentation
Last day of classes |
dec 11 |
dec 12
DUE: Final project writeup and code |
dec 15
Final exam week
(No final in 6.858) |
dec 16
Final exam week
(No final in 6.858) |
dec 17
Final exam week
(No final in 6.858) |
dec 18
Final exam week
(No final in 6.858) |
dec 19
Final exam week
(No final in 6.858) |
