Links to notes etc. on future days are copies of materials from 2022 to give you an idea of what the future will bring. We will update the notes as the course progresses. The year of publication for class readings are shown in parentheses.

MondayTuesday WednesdayThursday Friday
feb 6
First day of classes
feb 7
LEC 1: Introduction, threat models (2022 video)
Assigned: Lab 1: Buffer overflows
feb 8 feb 9
LEC 2: Security architecture (2022 video)
Preparation: Read Google Infrastructure Security (2017) and optionally other details (2018) (Question)
feb 10
feb 13 feb 14
LEC 3: Buffer overflow defenses (2022 video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
feb 15 feb 16
LEC 4: Privilege separation (2022 video)
Preparation: Read OKWS (2004) but skip section 7 (Question)
feb 17
DUE: Lab 1 part 1
DUE: Lab 1 part 2
feb 20
Presidents day
feb 21
Assigned: Lab 2: Privilege separation
Monday schedule
feb 22 feb 23
REC 1: Linux Containers (2020 video)
Preparation: Read Chroot (1979), LXC, and iptables
Note: No in-person lecture; watch the video
feb 24
DUE: Lab 1 all parts
feb 27 feb 28
LEC 5: OS and VM isolation (2022 video)
Preparation: Read Firecracker (2020) (Question)
mar 1 mar 2
LEC 6: Software fault isolation (2022 video)
Preparation: Read WebAssembly (2017) (Question)
mar 3
DUE: Lab 2 part 1
mar 6 mar 7
LEC 7: Sandboxing libraries (2022 video)
Preparation: Read RLbox (2020) (Question)
mar 8 mar 9
LEC 8: Client device security (2022 video)
Preparation: Read iOS Security (2019), pages 1-28 (Question)
mar 10
DUE: Lab 2 parts 2+3
ADD DATE
mar 13 mar 14
LEC 9: Android security (2022 video)
Preparation: Read Android Platform Security Model (2019) (Question)
Assigned: Lab 3: Symbolic execution
Assigned: Lab 5: Final project
mar 15 mar 16
LEC 10: Symbolic execution (2022 video)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)
mar 17
DUE: Lab 2 all parts
mar 20 mar 21
Quiz 1: Covers lectures 1-11 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: 2:30-4p in 26-100
mar 22 mar 23
LEC 11: Web security model (2022 video)
Preparation: Read about web security (2022) (Question)
mar 24
DUE: Final project proposal (if you are not doing the default project)
mar 27
Spring vacation
mar 28
Spring vacation
mar 29
Spring vacation
mar 30
Spring vacation
mar 31
Spring vacation
apr 3 apr 4
REC 2: Web security
Preparation: Read OWASP top 10 (2021) and Web security guidelines (2018)
Note: No in-person lecture; read through slides.
apr 5 apr 6
LEC 12: Network security (2022 video)
Preparation: Read Security Problems in TCP/IP (2004) (Question)
apr 7
DUE: Lab 3 part 1
apr 10 apr 11
LEC 13: User authentication (2022 video)
Preparation: Read Your password doesn't matter (2019) and U2F (2016) (Question)
Assigned: Lab 4: Browser security
apr 12 apr 13
LEC 14: Secure channels (2022 video)
Preparation: Read Analysis of SSL 3.0 (1996) (Question)
apr 14
DUE: Lab 3 all parts
apr 17
Patriots day
apr 18
LEC 15: Certificates (2022 video)
Preparation: Read SSL and HTTPS (2013) (Question)
apr 19 apr 20
LEC 16 (guest): Information security in real life (Max Burkhardt) (2022 video)
apr 21
DUE: Lab 4 part 1
apr 24 apr 25
LEC 17: Messaging security (2022 video)
Preparation: Read Secure messaging (2015) (or extended version) (Question)
DROP DATE
apr 26 apr 27
LEC 18 (guest): IoT Security: Microsoft Azure Sphere (Galen Hunt) (2022 video)
Preparation: Read What is Azure Sphere? (2022) and optional paper (2020)
apr 28
DUE: Lab 4 all parts
may 1 may 2
LEC 19 (guest): Anonymous communication (Nick Mathewson) (2022 video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012); optionally watch the 2014 video (Question)
may 3 may 4
LEC 20: CPU timing attacks (2022 video)
Preparation: Read On Spectre and Meltdown (2019) (Question)
may 5
may 8 may 9
LEC 21 (guest): Hardware security (bunnie) (2022 video)
Preparation: Read betrusted (2022)
may 10 may 11
LEC 22 (guest): Zoom security (Max Krohn) (2022 video)
Preparation: Read E2E Encryption for Zoom (2021), sections 1-3, and optionally section 4 (Question)
may 12
DUE: Lab 5, or final project writeup and code
may 15 may 16
LEC 23 (students): Project presentations and reports (2022 video)
DUE: Final project presentation
Last day of classes
may 17 may 18 may 19
Final exam: Emphasis on lectures 12-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: Johnson Ice Rink, 1:30-3:30pm
may 22
Final exam: Emphasis on lectures 12-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: Johnson Ice Rink, 1:30-3:30pm
may 23
Final exam: Emphasis on lectures 12-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: Johnson Ice Rink, 1:30-3:30pm
may 24
Final exam: Emphasis on lectures 12-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: Johnson Ice Rink, 1:30-3:30pm
may 25 may 26