feb 6
Reg day |
feb 7
First day of classes |
feb 8
LEC 1: Introduction, threat models (2014 video)
Assigned: Lab 1: Buffer overflows |
feb 9 |
feb 10 |
feb 13
REC 1: Lab 1 Buffer overflow exploits (2014 notes) (code) |
feb 14 |
feb 15
LEC 2: Security architecture
Preparation: Read Google Security Overview (2017) (Question) |
feb 16 |
feb 17
DUE: Lab 1 parts 1+2 |
feb 20
Presidents Day |
feb 21
LEC 3: User authentication (slides) (2014 video)
Preparation: Read The Quest to Replace Passwords (2012) and optionally the extended version (Question)
Monday schedule |
feb 22
LEC 4: Buffer overflow defenses (2014 video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
Assigned: Lab 2: Privilege separation |
feb 23 |
feb 24
DUE: Lab 1 all parts |
feb 27
LEC 5: Privilege separation (2014 video)
Preparation: Read OKWS (2004) (Question) |
feb 28 |
mar 1
LEC 6: Capabilities (2014 video)
Preparation: Read Confused Deputy (1988) and Capsicum (2010) (Question) |
mar 2 |
mar 3
DUE: Lab 2 part 1 |
mar 6
LEC 7: Guest lecture: Paul Youn from Airbnb (2014 video) |
mar 7 |
mar 8
LEC 8: Software fault isolation (2014 video)
Preparation: Read Native Client (2009) (Question) |
mar 9 |
mar 10
DUE: Lab 2 parts 2+3
ADD DATE |
mar 13
LEC 9: Secure client
Preparation: Read Cloud Terminal (2012) (Question) |
mar 14 |
mar 15
LEC 10: Intel SGX
Preparation: Read Innovative instructions (2013) up to section 3.2 + Ryoan (2016); optional SGX details, section 5 (2016) (Question)
Assigned: Lab 3: Symbolic execution |
mar 16 |
mar 17
DUE: Lab 2 all parts |
mar 20
LEC 11: Mobile phone security (2014 video)
Preparation: Read Understanding Android Security (2009) + errata (Question)
Assigned: Lab 5: Final project |
mar 21 |
mar 22
Quiz 1: Covers lectures 1-11 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: Split: 66-168 (last names A-E), E25-111 (last names F-Z)
CHANGE! Quiz will be during NORMAL LECTURE TIME |
mar 23 |
mar 24
DUE: Final project proposal (if you are not doing the default project) |
mar 27
Spring Vacation |
mar 28
Spring Vacation |
mar 29
Spring Vacation |
mar 30
Spring Vacation |
mar 31
Spring Vacation |
apr 3
LEC 12: Symbolic execution
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question) |
apr 4 |
apr 5
LEC 13: Web security model (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 9-11 (Question) |
apr 6 |
apr 7
DUE: Lab 3 part 1 |
apr 10
REC 2: Web Security (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 12-13 and OWASP top 10 |
apr 11 |
apr 12
LEC 14: Network security (2014 video)
Preparation: Read Security Problems in TCP/IP (2004) (Question)
Assigned: Lab 4: Browser security |
apr 13 |
apr 14
DUE: Lab 3 all parts |
apr 17
Patriots Day |
apr 18
Patriots Day |
apr 19
No class, work on final project |
apr 20 |
apr 21
DUE: Lab 4 part 1 and 2 |
apr 24
LEC 15: Network protocols (2014 video)
Preparation: Read Kerberos (1988) (Question) |
apr 25 |
apr 26
LEC 16: SSL and HTTPS (2014 video)
Preparation: Read ForceHTTPS (2008) (Question) |
apr 27
DROP DATE |
apr 28
DUE: Lab 4 all parts |
may 1
LEC 17: Side-channel attacks (2014 video)
Preparation: Read Remote timing attacks (2003) (Question) |
may 2 |
may 3
LEC 18: Security economics (2014 video)
Preparation: Read Click Trajectories (2011) (Question) |
may 4 |
may 5 |
may 8
LEC 19: Email/messaging security
Preparation: Read Secure Messaging (or extended version) and optionally email security (Question) |
may 9 |
may 10
LEC 20: Guest lecture: Nick Mathewson, Anonymous communication (2014 video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question) |
may 11 |
may 12
DUE: Final project writeup and code |
may 15
LEC 21: Guest lecture: Mark Silis from MIT IS&T (2014 video) |
may 16 |
may 17
LEC 22: Project presentations (2014 video)
DUE: Final project presentation |
may 18
Last day of classes
Final exam review
Time: 7PM
Location: 32-155 |
may 19 |
may 22 |
may 23 |
may 24 |
may 25
Final exam: Emphasis on lectures 12-21 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location:1:30-4:30, Walker (50-340) |
may 26 |