Spring 2020

Links to notes etc. on future days are copies of materials from 2019 to give you an idea of what the future will bring. We will update the notes as the course progresses. If you are particularly interested in some topic not covered here, send mail to the course staff.

The year of publication for class readings are shown in parentheses.

The lecture notes may help you remember the lecture content, but they are not a replacement for attending lectures.

MondayTuesday WednesdayThursday Friday
feb 3
LEC 1: Introduction, threat models (2014 video)
First day of classes
feb 4 feb 5
LEC 2: Security architecture
Preparation: Read Google Infrastructure Security (2017) and optionally other details (2018) (Question)
Assigned: Lab 1: Buffer overflows
feb 6 feb 7
feb 10
LEC 3: User authentication (2014 video)
Preparation: Read Mandatory password changes (2016) and U2F (2017) (Question)
feb 11 feb 12
LEC 4: Buffer overflow defenses (2014 video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
feb 13 feb 14
DUE: Lab 1 parts 1+2
feb 17
Presidents day
feb 18
LEC 5: Privilege separation (2014 video)
Preparation: Read OKWS (2004) but skip section 7 (Question)
Monday schedule
feb 19
REC 1: Unix security
Preparation: Read Chroot (1979)
Assigned: Lab 2: Privilege separation
feb 20 feb 21
DUE: Lab 1 all parts
feb 24
LEC 6: Software fault isolation (2014 video)
Preparation: Read Native Client (2009) (Question)
feb 25 feb 26
LEC 7: Intel SGX
Preparation: Read Innovative instructions (2013) up to section 3.2 + Haven (2014) up to but not including section 6; optional SGX details (2016), section 5 (Question)
feb 27 feb 28
DUE: Lab 2 part 1
mar 2
LEC 8: Client device security
Preparation: Read iOS Security (2018), pages 1-25 (Question)
mar 3 mar 4
LEC 9: Android security (2014 video)
Preparation: Read Understanding Android Security (2009) + errata (Question)
mar 5 mar 6
DUE: Lab 2 parts 2+3
ADD DATE
mar 9
LEC 10: Symbolic execution (2014 video)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)
Quiz review; notes on Baggy Bounds and buffer overflows
mar 10 mar 11
LEC 11: Web security model (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 9-11 (Question)
Assigned: Lab 3: Symbolic execution
mar 12 mar 13
DUE: Lab 2 all parts
mar 16
Quiz 1: Covers lectures 1-10 and labs 1-2
Assigned: Lab 5: Final project
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location: 1-2:30p, 32-123 (Lecture hall)
mar 17 mar 18
REC 2: Web security (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 12-13 and OWASP top 10 (2017)
mar 19 mar 20
DUE: Final project proposal (if you are not doing the default project)
mar 23
Spring vacation
mar 24
Spring vacation
mar 25
Spring vacation
mar 26
Spring vacation
mar 27
Spring vacation
mar 30
LEC 12: Network security (2014 video)
Preparation: Read Security Problems in TCP/IP (2004) (Question)
mar 31 apr 1
LEC 13: Secure channels (2014 video)
Preparation: Read Analysis of SSL 3.0 (1996) (Question)
apr 2 apr 3
DUE: Lab 3 part 1
apr 6
LEC 14: Certificates (2014 video)
Preparation: Read SSL and HTTPS (2013) (Question)
apr 7 apr 8
LEC 15: CPU timing attacks (2014 video)
Preparation: Read Spectre (2018) (Question)
Assigned: Lab 4: Browser security
apr 9 apr 10
DUE: Lab 3 all parts
apr 13
LEC 16 (guest): Max Burkhardt from Airbnb (Sneaking in network security)
apr 14 apr 15
LEC 17: Messaging security
Preparation: Read Secure messaging (2015) (or extended version) (Question)
apr 16 apr 17
DUE: Lab 4 part 1 and 2
apr 20
Patriots day
apr 21
DROP DATE
apr 22
LEC 18 (guest): Security Topics at MIT (Mark Silis, Jessica Murray, and Garry Zacheiss, MIT IS&T) (2014 video)
apr 23 apr 24
DUE: Lab 4 all parts
apr 27
LEC 19 (guest): Nick Mathewson, Anonymous communication (2014 video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)
apr 28 apr 29
LEC 20 (guest): Max Krohn, Keybase
Preparation: Read Keybase
apr 30 may 1
may 4
No class, hack on final projects
may 5 may 6
LEC 21 (guest): Nickolai Zeldovich, Distributed Ledgers
Preparation: Read Bitcoin challenges (2015) (Question)
may 7 may 8
DUE: Final project writeup and code
may 11
LEC 22 (students): Project presentations (2014 video)
DUE: Final project presentation
may 12
Last day of classes
may 13 may 14 may 15
Final exam: Emphasis on lectures 11-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location: TBD
may 18
Final exam: Emphasis on lectures 11-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location: TBD
may 19
Final exam: Emphasis on lectures 11-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location: TBD
may 20
Final exam: Emphasis on lectures 11-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location: TBD
may 21 may 22

Questions or comments regarding 6.858? Send e-mail to the course staff at 6858-staff@lists.csail.mit.edu.

Top // 6.858 home // Last updated Thursday, 02-Jan-2020 17:53:27 EST