The schedule will change as the course progresses, in part based on student
interests. If you are particularly interested in some topic not covered here,
send mail to the course staff.
| Monday | Tuesday |
Wednesday | Thursday |
Friday |
sep 3
Labor day |
sep 4
Reg day |
sep 5
LEC 1: Introduction, threat models
Assigned: Lab 1: Buffer overflows
First day of classes |
sep 6 |
sep 7
TUT 1: Getting started with lab 1 (optional)
2pm in 32-123 |
sep 10
LEC 2: Control hijacking attacks
Preparation: Read Baggy bounds checking + errata (Question) |
sep 11 |
sep 12
LEC 3: Privilege separation
Preparation: Read OKWS (Question) |
sep 13 |
sep 14
DUE: Lab 1 part 1 |
sep 17
LEC 4: Evolving OS isolation mechanisms
Preparation: Read Capsicum (Question) |
sep 18 |
sep 19
LEC 5: Guest lecture:
Paul Youn from iSEC Partners
Assigned: Lab 2: Privilege separation |
sep 20 |
sep 21
DUE: Lab 1 all parts |
sep 24
LEC 6: Network protocols
Preparation: Read Kerberos (Question) |
sep 25 |
sep 26
LEC 7: Web application security
Preparation: Read Browser Security Handbook, Part 2 and skim OWASP Top 10 (Question) |
sep 27 |
sep 28
DUE: Lab 2 part 1 |
oct 1
LEC 8: Finding bugs in server-side code
Preparation: Read Static Detection of Scripting Vulnerabilities (notation) (Question) |
oct 2 |
oct 3
LEC 9: Javascript sandboxing
Preparation: Read Run-Time Enforcement for Javascript (Question)
Assigned: Lab 3: Server-side sandboxing |
oct 4 |
oct 5
DUE: Lab 2 all parts
ADD DATE |
oct 8
Columbus day |
oct 9
Columbus day |
oct 10
LEC 10: SSL and HTTPS
Preparation: Read ForceHTTPS (Question) |
oct 11 |
oct 12
DUE: Lab 3 parts 1 + 2 |
oct 15
LEC 11: Sandboxing native code
Preparation: Read Native Client (Question) |
oct 16 |
oct 17
LEC 12: User authentication
Preparation: Read The Quest to Replace Passwords (Question) |
oct 18 |
oct 19
DUE: Lab 3 all parts
Assigned: Lab 4: Attacking the server |
oct 22
Quiz 1: Covers lectures + labs 1, 2, and 3
NOTE: in room 50-340 (third floor of Walker)
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet |
oct 23 |
oct 24
LEC 13: Single signon
Preparation: Read Empirical Analysis of OAuth (Question)
Assigned: Lab 5: Browser security
Assigned: Lab 7: Final project |
oct 25 |
oct 26
DUE: Lab 4 |
oct 29
DUE: Post your final project idea on Piazza
No lecture
MIT closed due to hurricane Sandy |
oct 30 |
oct 31
LEC 14: Mobile phone security
Preparation: Read Understanding Android Security + errata (Question) |
nov 1 |
nov 2 |
nov 5
LEC 15: Platform-enforced privacy
Preparation: Read Koi + errata (Question)
DUE: Final project proposal |
nov 6 |
nov 7
LEC 16: Anonymous communication
Preparation: Read Tor (Question)
Assigned: Lab 6: Javascript sandboxing |
nov 8 |
nov 9
DUE: Lab 5 |
nov 12
Veteran's day |
nov 13 |
nov 14
No lecture, hack on lab |
nov 15 |
nov 16
DUE: Lab 6 |
nov 19
LEC 17: Side-channel attacks
Preparation: Read Remote timing attacks (Question) |
nov 20 |
nov 21
LEC 18: File system encryption
Preparation: Read BitLocker (Question)
DROP DATE |
nov 22
Thanksgiving |
nov 23
Thanksgiving |
nov 26
LEC 19: Trusted hardware
Preparation: Read TrInc + errata (Question) |
nov 27 |
nov 28
LEC 20: Intrusion detection and analysis
Preparation: Read Backtracker (Question) |
nov 29 |
nov 30 |
dec 3
LEC 21: Security economics
Preparation: Read Click Trajectories (Question) |
dec 4 |
dec 5
Quiz 2: Covers lectures + labs since quiz 1
NOTE: Last names A-L go to 3-370; last names M-Z go to 4-237
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet |
dec 6 |
dec 7 |
dec 10
No class, hack on final projects |
dec 11 |
dec 12
LEC 22: Project presentations
DUE: Final project presentation
Last day of classes |
dec 13 |
dec 14 |
dec 17
Final exam week
(No final in 6.858) |
dec 18
Final exam week
(No final in 6.858) |
dec 19
Final exam week
(No final in 6.858) |
dec 20
Final exam week
(No final in 6.858) |
dec 21
Final exam week
(No final in 6.858) |
