6.566 / Spring 2024

The lectures cover a broad overview of systems security together with a deeper focus on several topics: isolation techniques, privilege separation, dealing with buggy code, networked and distributed systems, and human-focused security and privacy.

Links to notes etc. on future days are copies of materials from last year, to give you an idea of what the future will bring. We will update the notes as the course progresses. The year of publication for class readings are shown in parentheses.

Monday Tuesday Wednesday Thursday Friday

feb 5
First day of classes feb 6
LEC 1: Introduction, threat models (video)
Preparation: Optionally read Modern Android exploit
Assigned: Lab 1: Buffer overflows feb 7 feb 8
LEC 2: OS and VM isolation (video)
Preparation: Read about OS and VM isolation (Question) feb 9

feb 12 feb 13
LEC 3: Software fault isolation (video)
Preparation: Read about WebAssembly (Question) feb 14 feb 15
LEC 4: Trusted hardware (video)
Preparation: Read BitLocker (2006), sections 1-2 (Question) feb 16
DUE: Lab 1 part 1
DUE: Lab 1 part 2

feb 19
Presidents day feb 20
Monday schedule feb 21 feb 22
LEC 5: CPU side-channels (video)
Preparation: Read Transient Execution Attacks and Defenses (2019) (Question)
Assigned: Lab 2: Privilege separation feb 23
DUE: Lab 1 all parts

feb 26 feb 27
LEC 6: Privilege separation (video)
Preparation: Read OpenSSH (2003) (Question) feb 28 feb 29
LEC 7: Data center infrastructure (video)
Preparation: Read Google Infrastructure Security (2023) and BeyondProd (2023) (Question) mar 1
DUE: Lab 2 part 1

mar 4 mar 5
LEC 8: Mobile phone security (video)
Preparation: Read about iOS Security (Question) mar 6 mar 7
LEC 9: Web security model (video)
Preparation: Read about web security (2022) (Question) mar 8
DUE: Lab 2 parts 2+3
ADD DATE

mar 11 mar 12
LEC 10: Buffer overflow defenses (video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
Assigned: Lab 3: Symbolic execution mar 13 mar 14
LEC 11: Symbolic execution (video)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question) mar 15
DUE: Lab 2 all parts

mar 18 mar 19
LEC 12: Verification (video)
Preparation: Read HACL* (2017) (Question) mar 20 mar 21
Quiz 1: Covers lectures 1-12 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: 2:30-4p in 45-230 mar 22
Assigned: Lab 4: Browser security

mar 25
Spring vacation mar 26
Spring vacation mar 27
Spring vacation mar 28
Spring vacation mar 29
Spring vacation

apr 1
REC 1 (anna): Getting started with lab 3
Time and Location: 4-5pm in 24-115 apr 2
LEC 13 (guest): Supply chain security (Russ Cox) (video)
Preparation: Read Trusting Trust (1984) and Russ's blog post (2023), and optionally xz attack (2024) apr 3 apr 4
LEC 14: Network security (video)
Preparation: Read about network security (Question) apr 5
DUE: Lab 3 part 1

apr 8 apr 9
LEC 15: Secure channels (video)
Preparation: Read TLS 1.3 blog post (2018) (Question) apr 10 apr 11
LEC 16: Certificates (video)
Preparation: Read Let's Encrypt (2019) (Question) apr 12
DUE: Lab 3 all parts
Assigned: Lab 5: ACME + WebAuthn

apr 15
Patriots day apr 16
REC 2 (bill): Getting started with lab 4 (video)
Time and Location: 2:30-4pm in 45-230 apr 17 apr 18
LEC 17: User authentication (video)
Preparation: Read U2F (2016) and optionally from U2F to passkeys (2023) (Question) apr 19
DUE: Lab 4 part 1

apr 22 apr 23
LEC 18: Messaging security (video)
Preparation: Read Analysis of Signal (2019), sections 1-3 (Question)
DROP DATE apr 24 apr 25
LEC 19: Key transparency (video)
Preparation: Read CONIKS (2015) (Question) apr 26
DUE: Lab 4 all parts

apr 29
REC 3 (sanjit): Getting started with lab 5 (video)
Time and Location: 10-11am in 24-121 apr 30
LEC 20: Anonymous communication (video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question) may 1 may 2
LEC 21 (guest): Cybersecurity policy (Daniel Weitzner) (video)
Preparation: Read Keys under doormats (2015) and Cyber risk (2024) may 3
DUE: Lab 5 part 1

may 6 may 7
LEC 22: Security economics (video)
Preparation: Read Click trajectories (2011) (Question) may 8 may 9
LEC 23: Differential privacy (video)
Preparation: Read PINQ (2009) (Question) may 10
DUE: Lab 5 all parts

may 13 may 14
LEC 24 (guest): Information security in real life (Max Burkhardt) (video)
Last day of classes may 15 may 16 may 17

may 20 may 21 may 22
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: Johnson Ice Rink, 1:30-4:30pm may 23 may 24

Monday	Tuesday	Wednesday	Thursday	Friday
feb 5 First day of classes	feb 6 LEC 1: Introduction, threat models (video) Preparation: Optionally read Modern Android exploit Assigned: Lab 1: Buffer overflows	feb 7	feb 8 LEC 2: OS and VM isolation (video) Preparation: Read about OS and VM isolation (Question)	feb 9
feb 12	feb 13 LEC 3: Software fault isolation (video) Preparation: Read about WebAssembly (Question)	feb 14	feb 15 LEC 4: Trusted hardware (video) Preparation: Read BitLocker (2006), sections 1-2 (Question)	feb 16 DUE: Lab 1 part 1 DUE: Lab 1 part 2
feb 19 Presidents day	feb 20 Monday schedule	feb 21	feb 22 LEC 5: CPU side-channels (video) Preparation: Read Transient Execution Attacks and Defenses (2019) (Question) Assigned: Lab 2: Privilege separation	feb 23 DUE: Lab 1 all parts
feb 26	feb 27 LEC 6: Privilege separation (video) Preparation: Read OpenSSH (2003) (Question)	feb 28	feb 29 LEC 7: Data center infrastructure (video) Preparation: Read Google Infrastructure Security (2023) and BeyondProd (2023) (Question)	mar 1 DUE: Lab 2 part 1
mar 4	mar 5 LEC 8: Mobile phone security (video) Preparation: Read about iOS Security (Question)	mar 6	mar 7 LEC 9: Web security model (video) Preparation: Read about web security (2022) (Question)	mar 8 DUE: Lab 2 parts 2+3 ADD DATE
mar 11	mar 12 LEC 10: Buffer overflow defenses (video) Preparation: Read Baggy bounds checking (2009) + errata (Question) Assigned: Lab 3: Symbolic execution	mar 13	mar 14 LEC 11: Symbolic execution (video) Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)	mar 15 DUE: Lab 2 all parts
mar 18	mar 19 LEC 12: Verification (video) Preparation: Read HACL* (2017) (Question)	mar 20	mar 21 Quiz 1: Covers lectures 1-12 and labs 1-2 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: 2:30-4p in 45-230	mar 22 Assigned: Lab 4: Browser security
mar 25 Spring vacation	mar 26 Spring vacation	mar 27 Spring vacation	mar 28 Spring vacation	mar 29 Spring vacation
apr 1 REC 1 (anna): Getting started with lab 3 Time and Location: 4-5pm in 24-115	apr 2 LEC 13 (guest): Supply chain security (Russ Cox) (video) Preparation: Read Trusting Trust (1984) and Russ's blog post (2023), and optionally xz attack (2024)	apr 3	apr 4 LEC 14: Network security (video) Preparation: Read about network security (Question)	apr 5 DUE: Lab 3 part 1
apr 8	apr 9 LEC 15: Secure channels (video) Preparation: Read TLS 1.3 blog post (2018) (Question)	apr 10	apr 11 LEC 16: Certificates (video) Preparation: Read Let's Encrypt (2019) (Question)	apr 12 DUE: Lab 3 all parts Assigned: Lab 5: ACME + WebAuthn
apr 15 Patriots day	apr 16 REC 2 (bill): Getting started with lab 4 (video) Time and Location: 2:30-4pm in 45-230	apr 17	apr 18 LEC 17: User authentication (video) Preparation: Read U2F (2016) and optionally from U2F to passkeys (2023) (Question)	apr 19 DUE: Lab 4 part 1
apr 22	apr 23 LEC 18: Messaging security (video) Preparation: Read Analysis of Signal (2019), sections 1-3 (Question) DROP DATE	apr 24	apr 25 LEC 19: Key transparency (video) Preparation: Read CONIKS (2015) (Question)	apr 26 DUE: Lab 4 all parts
apr 29 REC 3 (sanjit): Getting started with lab 5 (video) Time and Location: 10-11am in 24-121	apr 30 LEC 20: Anonymous communication (video) Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)	may 1	may 2 LEC 21 (guest): Cybersecurity policy (Daniel Weitzner) (video) Preparation: Read Keys under doormats (2015) and Cyber risk (2024)	may 3 DUE: Lab 5 part 1
may 6	may 7 LEC 22: Security economics (video) Preparation: Read Click trajectories (2011) (Question)	may 8	may 9 LEC 23: Differential privacy (video) Preparation: Read PINQ (2009) (Question)	may 10 DUE: Lab 5 all parts
may 13	may 14 LEC 24 (guest): Information security in real life (Max Burkhardt) (video) Last day of classes	may 15	may 16	may 17
may 20	may 21	may 22 Final exam: Emphasis on lectures 13-24 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: Johnson Ice Rink, 1:30-4:30pm	may 23	may 24