6.5660 / Spring 2023

Links to notes etc. on future days are copies of materials from 2022 to give you an idea of what the future will bring. We will update the notes as the course progresses. The year of publication for class readings are shown in parentheses.

Monday Tuesday Wednesday Thursday Friday

feb 6
First day of classes feb 7
LEC 1 (nz): Introduction, threat models (2023 video)
Preparation: Optionally watch Hacking Google videos
Assigned: Lab 1: Buffer overflows feb 8 feb 9
LEC 2 (nz): Security architecture (2023 video)
Preparation: Read Google Infrastructure Security (2022) and optionally other details (2023) (Question) feb 10

feb 13 feb 14
LEC 3 (sd): Buffer overflow defenses (2023 video)
Preparation: Read Baggy bounds checking (2009) + errata (Question) feb 15 feb 16
LEC 4 (nz): Privilege separation (2023 video)
Preparation: Read OKWS (2004) but skip section 7 (Question) feb 17
DUE: Lab 1 part 1
DUE: Lab 1 part 2

feb 20
Presidents day feb 21
Monday schedule feb 22 feb 23
LEC 5 (nz): OS and VM isolation (2023 video)
Preparation: Read Containers and VMs (2020) (Question)
Assigned: Lab 2: Privilege separation feb 24
DUE: Lab 1 all parts

feb 27 feb 28
LEC 6 (nz): Software fault isolation (2023 video)
Preparation: Read WebAssembly (2022) (Question) mar 1 mar 2
LEC 7 (nz): Sandboxing libraries (2023 video)
Preparation: Read KSplit (2022) (Question) mar 3
DUE: Lab 2 part 1

mar 6 mar 7
LEC 8 (sd): Client device security (2023 video)
Preparation: Read iOS Security (2019), pages 1-28 (Question) mar 8 mar 9
LEC 9 (nz): Android security (2023 video)
Preparation: Read Android Platform Security Model (2021) (Question) mar 10
DUE: Lab 2 parts 2+3
ADD DATE

mar 13 mar 14
LEC 10 (sd): CPU timing attacks (2023 video)
Preparation: Read Transient Execution Attacks and Defenses (2019) (Question)
Assigned: Lab 3: Symbolic execution mar 15 mar 16
LEC 11 (nz): Symbolic execution (2023 video)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question) mar 17
DUE: Lab 2 all parts

mar 20 mar 21
LEC 12 (nz): Verification (2023 video)
Preparation: Read Knox (2022) (Question) mar 22 mar 23
Quiz 1: Covers lectures 1-12 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: 2:30-4p in 26-100 mar 24
Assigned: Lab 4: Browser security

mar 27
Spring vacation mar 28
Spring vacation mar 29
Spring vacation mar 30
Spring vacation mar 31
Spring vacation

apr 3 apr 4
LEC 13 (nz): Web security model (2023 video)
Preparation: Read about web security (2022) (Question) apr 5 apr 6
LEC 14 (guest): Information security in real life (Max Burkhardt) (2023 video) apr 7
DUE: Lab 3 part 1
Assigned: Lab 5: ACME + WebAuthn

apr 10 apr 11
REC 1 (ariel): Web security (2023 video)
Preparation: Read OWASP top 10 (2021) and Web security guidelines (2018) apr 12 apr 13
LEC 15 (nz): Network security (2023 video)
Preparation: Read Security Problems in TCP/IP (2004) (Question) apr 14
DUE: Lab 3 all parts

apr 17
Patriots day apr 18
LEC 16 (sd): Secure channels (2023 video)
Preparation: Read Analysis of SSL 3.0 (1996) (Question) apr 19 apr 20
LEC 17 (sd): Certificates (2023 video)
Preparation: Read SSL and HTTPS (2013) (Question) apr 21
DUE: Lab 4 part 1

apr 24 apr 25
LEC 18 (sd): User authentication (2023 video)
Preparation: Read U2F (2016) (Question)
DROP DATE apr 26 apr 27
LEC 19 (sd): Messaging security (2023 video)
Preparation: Read Secure messaging (2015) (or extended version) (Question) apr 28
DUE: Lab 4 all parts

may 1 may 2
LEC 20 (guest): Supply Chain Security (Jon Gjengset) (2023 video)
Preparation: Read Software Bill-of-Materials (2020) may 3 may 4
LEC 21 (sd): Anonymous Communication (2023 video)
Preparation: Read Circuit fingerprinting (2015) (Question) may 5
DUE: Lab 5 part 1

may 8 may 9
LEC 22 (nz): Untrusted storage servers (2023 video)
Preparation: Read SUNDR (2004) (Question) may 10 may 11
LEC 23 (sd): Secure Processors (2023 video)
Preparation: Read Controlled-channel attacks (2015) (Question) may 12
DUE: Lab 5 all parts

may 15 may 16
LEC 24 (guest): Zoom security (Max Krohn) (2023 video)
Preparation: Read E2E Encryption for Zoom (2022), sections 1-3 and 7 (Question)
Last day of classes may 17 may 18 may 19

may 22 may 23
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: 1:30-4:30pm, Johnson Ice Rink may 24 may 25 may 26

Monday	Tuesday	Wednesday	Thursday	Friday
feb 6 First day of classes	feb 7 LEC 1 (nz): Introduction, threat models (2023 video) Preparation: Optionally watch Hacking Google videos Assigned: Lab 1: Buffer overflows	feb 8	feb 9 LEC 2 (nz): Security architecture (2023 video) Preparation: Read Google Infrastructure Security (2022) and optionally other details (2023) (Question)	feb 10
feb 13	feb 14 LEC 3 (sd): Buffer overflow defenses (2023 video) Preparation: Read Baggy bounds checking (2009) + errata (Question)	feb 15	feb 16 LEC 4 (nz): Privilege separation (2023 video) Preparation: Read OKWS (2004) but skip section 7 (Question)	feb 17 DUE: Lab 1 part 1 DUE: Lab 1 part 2
feb 20 Presidents day	feb 21 Monday schedule	feb 22	feb 23 LEC 5 (nz): OS and VM isolation (2023 video) Preparation: Read Containers and VMs (2020) (Question) Assigned: Lab 2: Privilege separation	feb 24 DUE: Lab 1 all parts
feb 27	feb 28 LEC 6 (nz): Software fault isolation (2023 video) Preparation: Read WebAssembly (2022) (Question)	mar 1	mar 2 LEC 7 (nz): Sandboxing libraries (2023 video) Preparation: Read KSplit (2022) (Question)	mar 3 DUE: Lab 2 part 1
mar 6	mar 7 LEC 8 (sd): Client device security (2023 video) Preparation: Read iOS Security (2019), pages 1-28 (Question)	mar 8	mar 9 LEC 9 (nz): Android security (2023 video) Preparation: Read Android Platform Security Model (2021) (Question)	mar 10 DUE: Lab 2 parts 2+3 ADD DATE
mar 13	mar 14 LEC 10 (sd): CPU timing attacks (2023 video) Preparation: Read Transient Execution Attacks and Defenses (2019) (Question) Assigned: Lab 3: Symbolic execution	mar 15	mar 16 LEC 11 (nz): Symbolic execution (2023 video) Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)	mar 17 DUE: Lab 2 all parts
mar 20	mar 21 LEC 12 (nz): Verification (2023 video) Preparation: Read Knox (2022) (Question)	mar 22	mar 23 Quiz 1: Covers lectures 1-12 and labs 1-2 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: 2:30-4p in 26-100	mar 24 Assigned: Lab 4: Browser security
mar 27 Spring vacation	mar 28 Spring vacation	mar 29 Spring vacation	mar 30 Spring vacation	mar 31 Spring vacation
apr 3	apr 4 LEC 13 (nz): Web security model (2023 video) Preparation: Read about web security (2022) (Question)	apr 5	apr 6 LEC 14 (guest): Information security in real life (Max Burkhardt) (2023 video)	apr 7 DUE: Lab 3 part 1 Assigned: Lab 5: ACME + WebAuthn
apr 10	apr 11 REC 1 (ariel): Web security (2023 video) Preparation: Read OWASP top 10 (2021) and Web security guidelines (2018)	apr 12	apr 13 LEC 15 (nz): Network security (2023 video) Preparation: Read Security Problems in TCP/IP (2004) (Question)	apr 14 DUE: Lab 3 all parts
apr 17 Patriots day	apr 18 LEC 16 (sd): Secure channels (2023 video) Preparation: Read Analysis of SSL 3.0 (1996) (Question)	apr 19	apr 20 LEC 17 (sd): Certificates (2023 video) Preparation: Read SSL and HTTPS (2013) (Question)	apr 21 DUE: Lab 4 part 1
apr 24	apr 25 LEC 18 (sd): User authentication (2023 video) Preparation: Read U2F (2016) (Question) DROP DATE	apr 26	apr 27 LEC 19 (sd): Messaging security (2023 video) Preparation: Read Secure messaging (2015) (or extended version) (Question)	apr 28 DUE: Lab 4 all parts
may 1	may 2 LEC 20 (guest): Supply Chain Security (Jon Gjengset) (2023 video) Preparation: Read Software Bill-of-Materials (2020)	may 3	may 4 LEC 21 (sd): Anonymous Communication (2023 video) Preparation: Read Circuit fingerprinting (2015) (Question)	may 5 DUE: Lab 5 part 1
may 8	may 9 LEC 22 (nz): Untrusted storage servers (2023 video) Preparation: Read SUNDR (2004) (Question)	may 10	may 11 LEC 23 (sd): Secure Processors (2023 video) Preparation: Read Controlled-channel attacks (2015) (Question)	may 12 DUE: Lab 5 all parts
may 15	may 16 LEC 24 (guest): Zoom security (Max Krohn) (2023 video) Preparation: Read E2E Encryption for Zoom (2022), sections 1-3 and 7 (Question) Last day of classes	may 17	may 18	may 19
may 22	may 23 Final exam: Emphasis on lectures 13-24 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: 1:30-4:30pm, Johnson Ice Rink	may 24	may 25	may 26