Links to notes etc. on future days are copies of materials from 2018 to give
you an idea of what the future will bring. We will update the notes as the
course progresses. If you are particularly interested in some topic not covered here,
send mail to the course staff.
The lecture notes may help you remember the lecture content, but they are not
a replacement for attending lectures.
| Monday | Tuesday |
Wednesday | Thursday |
Friday |
feb 4
Reg day |
feb 5
First day of classes |
feb 6
LEC 1 (fk): Introduction, threat models (2014 video)
Assigned: Lab 1: Buffer overflows |
feb 7 |
feb 8 |
feb 11
LEC 2 (rtm): Security architecture
Preparation: Read Google Infrastructure Security (2017) and optionally other details (2018) (Question) |
feb 12 |
feb 13
LEC 3 (fk): User authentication (2014 video)
Preparation: Read Mandatory password changes (2016) and U2F (2017) (Question) |
feb 14 |
feb 15
DUE: Lab 1 parts 1+2 |
feb 18
Presidents Day |
feb 19
LEC 4 (fk): Buffer overflow defenses (2014 video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
Monday schedule |
feb 20
LEC 5 (rtm): Privilege separation (2014 video)
Preparation: Read OKWS (2004) but skip section 7 (Question)
Assigned: Lab 2: Privilege separation |
feb 21 |
feb 22
DUE: Lab 1 all parts |
feb 25
REC 1: Unix security
Preparation: Read Chroot (1979) |
feb 26 |
feb 27
LEC 6 (rtm): Software fault isolation (2014 video)
Preparation: Read Native Client (2009) (Question) |
feb 28 |
mar 1
DUE: Lab 2 part 1 |
mar 4
LEC 7 (fk): Intel SGX
Preparation: Read Innovative instructions (2013) up to section 3.2 + Haven (2014) up to but not including section 6; optional SGX details (2016), section 5 (Question) |
mar 5 |
mar 6
LEC 8 (rtm): Client device security
Preparation: Read iOS Security (2018), pages 1-25 (Question) |
mar 7 |
mar 8
DUE: Lab 2 parts 2+3
ADD DATE |
mar 11
LEC 9 (rtm): Android security (2014 video)
Preparation: Read Understanding Android Security (2009) + errata (Question) |
mar 12 |
mar 13
LEC 10 (fk): Symbolic execution (2014 video)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)
Assigned: Lab 3: Symbolic execution
Quiz review; notes on Baggy Bounds and buffer overflows |
mar 14 |
mar 15
DUE: Lab 2 all parts |
mar 18
LEC 11 (rtm): Web security model (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 9-11 (Question)
Assigned: Lab 5: Final project |
mar 19 |
mar 20
Quiz 1: Covers lectures 1-10 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location: 1-2:30p, 32-123 (Lecture hall) |
mar 21 |
mar 22
DUE: Final project proposal (if you are not doing the default project) |
mar 25
Spring Vacation |
mar 26
Spring Vacation |
mar 27
Spring Vacation |
mar 28
Spring Vacation |
mar 29
Spring Vacation |
apr 1
REC 2: Web security (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 12-13 and OWASP top 10 (2017) |
apr 2 |
apr 3
LEC 12 (fk): Network security (2014 video)
Preparation: Read Security Problems in TCP/IP (2004) (Question) |
apr 4 |
apr 5
DUE: Lab 3 part 1 |
apr 8
LEC 13 (fk): Secure channels (2014 video)
Preparation: Read Analysis of SSL 3.0 (1996) (Question) |
apr 9 |
apr 10
LEC 14 (rtm): Certificates (2014 video)
Preparation: Read SSL and HTTPS (2013) (Question)
Assigned: Lab 4: Browser security |
apr 11 |
apr 12
DUE: Lab 3 all parts |
apr 15
Patriots Day |
apr 16
Patriots Day |
apr 17
LEC 15 (fk): CPU timing attacks (2014 video)
Preparation: Read Spectre (2018) (Question) |
apr 18 |
apr 19
DUE: Lab 4 part 1 and 2 |
apr 22
LEC 16 (guest): Max Burkhardt from Airbnb (Sneaking in network security) |
apr 23 |
apr 24
LEC 17 (rtm): Messaging security
Preparation: Read Secure messaging (2015) (or extended version) (Question) |
apr 25
DROP DATE |
apr 26
DUE: Lab 4 all parts |
apr 29
LEC 18 (guest): Security Topics at MIT (Mark Silis, Jessica Murray, and Garry Zacheiss, MIT IS&T) (2014 video) |
apr 30 |
may 1
LEC 19 (guest): Nick Mathewson, Anonymous communication (2014 video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question) |
may 2 |
may 3 |
may 6
LEC 20 (guest): Max Krohn, Keybase
Preparation: Read Keybase |
may 7 |
may 8
No class, hack on final projects |
may 9 |
may 10
DUE: Final project writeup and code |
may 13
LEC 21 (guest): Nickolai Zeldovich, Distributed Ledgers
Preparation: Read Bitcoin challenges (2015) (Question) |
may 14 |
may 15
LEC 22 (students): Project presentations (2014 video)
DUE: Final project presentation |
may 16
Last day of classes |
may 17 |
| may 20 |
may 21 |
may 22 |
may 23
Final exam: Emphasis on lectures 11-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location: 9am-11am, 10-250 |
may 24 |
