Spring 2017

The schedule will change as the course progresses, in part based on student interests. If you are particularly interested in some topic not covered here, send mail to the course staff.

The year of publication for class readings are shown in parentheses.

MondayTuesday WednesdayThursday Friday
feb 6
Reg day
feb 7
First day of classes
feb 8
LEC 1: Introduction, threat models (2014 video)
Assigned: Lab 1: Buffer overflows
feb 9 feb 10
feb 13
REC 1: Lab 1 Buffer overflow exploits (2014 notes) (code)
feb 14 feb 15
LEC 2: Security architecture
Preparation: Read Google Security Overview (2017) (Question)
feb 16 feb 17
DUE: Lab 1 parts 1+2
feb 20
Presidents Day
feb 21
LEC 3: User authentication (slides) (2014 video)
Preparation: Read The Quest to Replace Passwords (2012) and optionally the extended version (Question)
Monday schedule
feb 22
LEC 4: Buffer overflow defenses (video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
Assigned: Lab 2: Privilege separation
feb 23 feb 24
DUE: Lab 1 all parts
feb 27
LEC 5: Privilege separation (2014 video)
Preparation: Read OKWS (2004) (Question)
feb 28 mar 1
LEC 6: Capabilities (2014 video)
Preparation: Read Confused Deputy (1988) and Capsicum (2010) (Question)
mar 2 mar 3
DUE: Lab 2 part 1
mar 6
LEC 7: Guest lecture:
Paul Youn from Airbnb (2014 video)
mar 7 mar 8
LEC 8: Sandboxing native code (2014 video)
Preparation: Read Native Client (2009) (Question)
mar 9 mar 10
DUE: Lab 2 parts 2+3
ADD DATE
mar 13
LEC 9: Intel SGX
Preparation: Read Innovative instructions (2013) up to section 3.2 + Ryoan (2016) (Question)
mar 14 mar 15
LEC 10: Secure client
Preparation: Read Cloud Terminal (2012) (Question)
Assigned: Lab 3: Symbolic execution
mar 16 mar 17
DUE: Lab 2 all parts
mar 20
LEC 11: Mobile phone security (2014 video)
Preparation: Read Understanding Android Security (2009) + errata (Question)
Assigned: Lab 5: Final project
mar 21 mar 22
Quiz 1: Covers lectures 1-11 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: 50-340 (Walker 3rd floor)
NOTE! Quiz will be at 7PM, and NOT during lecture time
mar 23 mar 24
DUE: Final project proposal (if you are not doing the default project)
mar 27
Spring Vacation
mar 28
Spring Vacation
mar 29
Spring Vacation
mar 30
Spring Vacation
mar 31
Spring Vacation
apr 3
LEC 12: Symbolic execution
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)
apr 4 apr 5
LEC 13: Web security model (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 9-11 (Question)
apr 6 apr 7
DUE: Lab 3 part 1
apr 10
REC 2: Web Security (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 12-13 and OWASP top 10 (Question)
apr 11 apr 12
LEC 14: Ur/Web (2014 video)
(Guest lecture by Adam Chlipala, MIT CSAIL)
Preparation: Read Ur/Web (2015) (Question)
Assigned: Lab 4: Browser security
apr 13 apr 14
DUE: Lab 3 all parts
apr 17
Patriots Day
apr 18
Patriots Day
apr 19
No class, work on final project
apr 20 apr 21
DUE: Lab 4 part 1 and 2
apr 24
LEC 15: Network security (2014 video)
Preparation: Read Security Problems in TCP/IP (2004) (Question)
apr 25 apr 26
LEC 16: Network protocols (2014 video)
Preparation: Read Kerberos (1988) (Question)
apr 27
DROP DATE
apr 28
DUE: Lab 4 all parts
may 1
LEC 17: SSL and HTTPS (2014 video)
Preparation: Read ForceHTTPS (2008) (Question)
may 2 may 3
LEC 18: Side-channel attacks (2014 video)
Preparation: Read Remote timing attacks (2003) (Question)
may 4 may 5
may 8
LEC 19: Guest lecture: Nick Mathewson, Anonymous communication (video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)
may 9 may 10
LEC 20: Guest lecture:
Mark Silis from MIT IS&T (Slides) (2014 video)
may 11 may 12
DUE: Final project writeup and code
may 15
LEC 21: TBD
may 16 may 17
LEC 22: Project presentations (video)
DUE: Final project presentation
may 18
Last day of classes
may 19
may 22 may 23 may 24 may 25
Final exam: Emphasis on lectures 12-21 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location:1:30-4:30, Walker (50-340)
may 26

Questions or comments regarding 6.858? Send e-mail to the course staff at 6858-staff@lists.csail.mit.edu.

Top // 6.858 home // Last updated Wednesday, 22-Feb-2017 16:01:04 EST