Fall 2015

The schedule will change as the course progresses, in part based on student interests. If you are particularly interested in some topic not covered here, send mail to the course staff.

The year of publication for class readings are shown in parentheses.

MondayTuesday WednesdayThursday Friday
sep 7
Labor day
sep 8
Reg day
sep 9
LEC 1: Introduction, threat models (video 2014)
Assigned: Lab 1: Buffer overflows
First day of classes
sep 10 sep 11
sep 14
REC 1: Lab 1 Buffer overflow exploits (code)
sep 15 sep 16
LEC 2: Control hijacking attacks (video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
sep 17 sep 18
DUE: Lab 1 parts 1+2
sep 21
LEC 3: User authentication (video 2014) (Slides)
Preparation: Read The Quest to Replace Passwords (2012) and optionally the extended version (Question)
sep 22 sep 23
LEC 4: Guest lecture:
Paul Youn from Airbnb (video 2014)
Assigned: Lab 2: Privilege separation
sep 24 sep 25
DUE: Lab 1 all parts
sep 28
LEC 5: Privilege separation (video 2014)
Preparation: Read OKWS (2004) (Question)
sep 29 sep 30
LEC 6: Capabilities (video 2014)
Preparation: Read Confused Deputy (1988) and Capsicum (2010) (Question)
oct 1 oct 2
DUE: Lab 2 part 1
oct 5
Hacking day
oct 6 oct 7
LEC 7: Sandboxing native code (video 2014)
Preparation: Read Native Client (2009) (Question)
oct 8 oct 9
DUE: Lab 2 parts 2+3
ADD DATE
oct 12
Columbus day
oct 13
Monday schedule
Hacking day
oct 14
LEC 8: Isolation with Intel SGX
Preparation: Read until Section 3.2 of Using innovatative instructions to create trustworthy software solutions (2013) and Read until Section 6 of Shielding applications from an untrusted cloud with Haven (2014) (Question)
Assigned: Lab 3: Symbolic execution
oct 15 oct 16
DUE: Lab 2 all parts
oct 19
LEC 9: Symbolic execution (lab 3)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)
oct 20 oct 21
LEC 10: Mobile phone security (video 2014)
Preparation: Read Understanding Android Security (2009) + errata (Question)
Assigned: Lab 5: Final project
oct 22 oct 23
DUE: Lab 3 part 1
oct 26
Hacking day
oct 27 oct 28
LEC 11: Web security model (video 2014)
Preparation: Read The Tangled Web (2012), Chapters 9-11 (Question)
Assigned: Lab 4: Browser security
oct 29
DUE: Final project proposal (if you are not doing the default project)
oct 30
DUE: Lab 3 all parts
nov 2
REC 2: Web Security (video 2014)
Preparation: Read The Tangled Web (2012), Chapters 12-13 and OWASP top 10 (Question)
nov 3 nov 4
LEC 12: Ur/Web (video 2014)
(Guest lecture by Adam Chlipala, MIT CSAIL)
Preparation: Read Ur/Web (2015) (Question)
nov 5 nov 6
DUE: Lab 4 part 1 and 2
nov 9
Quiz 1: Covers lectures 1-10 and labs 1-3
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: 26-100
nov 10 nov 11
Veterans day
nov 12 nov 13
DUE: Lab 4 all parts
nov 16
LEC 13: Network security (video 2014)
Preparation: Read Security Problems in TCP/IP (2004) (Question)
nov 17 nov 18
LEC 14: Network protocols (video 2014)
Preparation: Read Kerberos (1988) (Question)
DROP DATE
nov 19 nov 20
nov 23
LEC 15: SSL and HTTPS (video 2014)
Preparation: Read ForceHTTPS (2008) (Question)
nov 24 nov 25
LEC 16: Side-channel attacks (video 2014)
Preparation: Read Remote timing attacks (2003) (Question)
nov 26
Thanksgiving
nov 27
Thanksgiving
nov 30
LEC 17: Guest lecture: Nick Mathewson, Anonymous communication (video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)
dec 1 dec 2
LEC 18: Guest lecture:
Mark Silis and David LaPorte from MIT IS&T (Slides) (video 2014)
dec 3 dec 4
DUE: Final project writeup and code
dec 7
LEC 19: Guest lecture:
Butler Lampson (Microsoft and MIT): What has worked in computer security and what hasn't? (Slides)
dec 8 dec 9
LEC 20: Project presentations (video)
DUE: Final project presentation
dec 10
Last day of classes
dec 11
dec 14
Thursday Dec 17 Quiz 2

Quiz 2: Emphasis on lectures 11-20 and lab 4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location:1:30-3:30, du Pont
Quiz 2 Review Quiz 2 Review 2 Notes
dec 15
Thursday Dec 17 Quiz 2

Quiz 2: Emphasis on lectures 11-20 and lab 4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location:1:30-3:30, du Pont
Quiz 2 Review Quiz 2 Review 2 Notes
dec 16
Thursday Dec 17 Quiz 2

Quiz 2: Emphasis on lectures 11-20 and lab 4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location:1:30-3:30, du Pont
Quiz 2 Review Quiz 2 Review 2 Notes
dec 17
Thursday Dec 17 Quiz 2

Quiz 2: Emphasis on lectures 11-20 and lab 4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location:1:30-3:30, du Pont
Quiz 2 Review Quiz 2 Review 2 Notes
dec 18
Thursday Dec 17 Quiz 2

Quiz 2: Emphasis on lectures 11-20 and lab 4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location:1:30-3:30, du Pont
Quiz 2 Review Quiz 2 Review 2 Notes

Questions or comments regarding 6.858? Send e-mail to the course staff at 6858-staff@lists.csail.mit.edu.

Top // 6.858 home // Last updated Friday, 29-Jan-2016 11:50:12 EST