The schedule will change as the course progresses, in part based on student
interests. If you are particularly interested in some topic not covered here,
send mail to the course staff.
The year of publication for class readings are shown in parentheses.
Monday | Tuesday |
Wednesday | Thursday |
Friday |
feb 6
Reg day |
feb 7
First day of classes |
feb 8
LEC 1: Introduction, threat models (2014 video)
Assigned: Lab 1: Buffer overflows |
feb 9 |
feb 10 |
feb 13
REC 1: Lab 1 Buffer overflow exploits (2014 notes) (code) |
feb 14 |
feb 15
LEC 2: Security architecture
Preparation: Read Google Security Overview (2017) (Question) |
feb 16 |
feb 17
DUE: Lab 1 parts 1+2 |
feb 20
Presidents Day |
feb 21
LEC 3: User authentication (slides) (2014 video)
Preparation: Read The Quest to Replace Passwords (2012) and optionally the extended version (Question)
Monday schedule |
feb 22
LEC 4: Buffer overflow defenses (2014 video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
Assigned: Lab 2: Privilege separation |
feb 23 |
feb 24
DUE: Lab 1 all parts |
feb 27
LEC 5: Privilege separation (2014 video)
Preparation: Read OKWS (2004) (Question) |
feb 28 |
mar 1
LEC 6: Capabilities (2014 video)
Preparation: Read Confused Deputy (1988) and Capsicum (2010) (Question) |
mar 2 |
mar 3
DUE: Lab 2 part 1 |
mar 6
LEC 7: Guest lecture: Paul Youn from Airbnb (2014 video) |
mar 7 |
mar 8
LEC 8: Software fault isolation (2014 video)
Preparation: Read Native Client (2009) (Question) |
mar 9 |
mar 10
DUE: Lab 2 parts 2+3
ADD DATE |
mar 13
LEC 9: Secure client
Preparation: Read Cloud Terminal (2012) (Question) |
mar 14 |
mar 15
LEC 10: Intel SGX
Preparation: Read Innovative instructions (2013) up to section 3.2 + Ryoan (2016); optional SGX details, section 5 (2016) (Question)
Assigned: Lab 3: Symbolic execution |
mar 16 |
mar 17
DUE: Lab 2 all parts |
mar 20
LEC 11: Mobile phone security (2014 video)
Preparation: Read Understanding Android Security (2009) + errata (Question)
Assigned: Lab 5: Final project |
mar 21 |
mar 22
Quiz 1: Covers lectures 1-11 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: Split: 66-168 (last names A-E), E25-111 (last names F-Z)
CHANGE! Quiz will be during NORMAL LECTURE TIME |
mar 23 |
mar 24
DUE: Final project proposal (if you are not doing the default project) |
mar 27
Spring Vacation |
mar 28
Spring Vacation |
mar 29
Spring Vacation |
mar 30
Spring Vacation |
mar 31
Spring Vacation |
apr 3
LEC 12: Symbolic execution
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question) |
apr 4 |
apr 5
LEC 13: Web security model (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 9-11 (Question) |
apr 6 |
apr 7
DUE: Lab 3 part 1 |
apr 10
REC 2: Web Security (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 12-13 and OWASP top 10 |
apr 11 |
apr 12
LEC 14: Network security (2014 video)
Preparation: Read Security Problems in TCP/IP (2004) (Question)
Assigned: Lab 4: Browser security |
apr 13 |
apr 14
DUE: Lab 3 all parts |
apr 17
Patriots Day |
apr 18
Patriots Day |
apr 19
No class, work on final project |
apr 20 |
apr 21
DUE: Lab 4 part 1 and 2 |
apr 24
LEC 15: Network protocols (2014 video)
Preparation: Read Kerberos (1988) (Question) |
apr 25 |
apr 26
LEC 16: SSL and HTTPS (2014 video)
Preparation: Read ForceHTTPS (2008) (Question) |
apr 27
DROP DATE |
apr 28
DUE: Lab 4 all parts |
may 1
LEC 17: Side-channel attacks (2014 video)
Preparation: Read Remote timing attacks (2003) (Question) |
may 2 |
may 3
LEC 18: Security economics (2014 video)
Preparation: Read Click Trajectories (2011) (Question) |
may 4 |
may 5 |
may 8
LEC 19: Email/messaging security
Preparation: Read Secure Messaging (or extended version) and optionally email security (Question) |
may 9 |
may 10
LEC 20: Guest lecture: Nick Mathewson, Anonymous communication (2014 video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question) |
may 11 |
may 12
DUE: Final project writeup and code |
may 15
LEC 21: Guest lecture: Mark Silis from MIT IS&T (2014 video) |
may 16 |
may 17
LEC 22: Project presentations (2014 video)
DUE: Final project presentation |
may 18
Last day of classes
Final exam review
Time: 7PM
Location: 32-155 |
may 19 |
may 22 |
may 23 |
may 24 |
may 25
Final exam: Emphasis on lectures 12-21 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location:1:30-4:30, Walker (50-340) |
may 26 |