6.5660 / Spring 2024

Links to notes etc. on future days are copies of materials from last year, to give you an idea of what the future will bring. We will update the notes as the course progresses. The year of publication for class readings are shown in parentheses.

Monday Tuesday Wednesday Thursday Friday

feb 5
First day of classes feb 6
LEC 1: Introduction, threat models (2023 video)
Preparation: Optionally read Modern Android exploit
Assigned: Lab 1: Buffer overflows feb 7 feb 8
LEC 2: OS and VM isolation (2023 video)
Preparation: Read about OS and VM isolation (Question) feb 9

feb 12 feb 13
LEC 3: Software fault isolation (2023 video)
Preparation: Read about WebAssembly (Question) feb 14 feb 15
LEC 4: CPU side-channels (2023 video)
Preparation: Read Transient Execution Attacks and Defenses (2019) (Question) feb 16
DUE: Lab 1 part 1
DUE: Lab 1 part 2

feb 19
Presidents day feb 20
Monday schedule feb 21 feb 22
LEC 5: Privilege separation (2023 video)
Preparation: Read OpenSSH (2003) (Question)
Assigned: Lab 2: Privilege separation feb 23
DUE: Lab 1 all parts

feb 26 feb 27
LEC 6: Security architecture (2023 video)
Preparation: Read Google Infrastructure Security (2022) and optionally other details (2023) (Question) feb 28 feb 29
LEC 7: Client device security (2023 video)
Preparation: Read about iOS Security (Question) mar 1
DUE: Lab 2 part 1

mar 4 mar 5
LEC 8: Android security (2023 video)
Preparation: Read Android Security (2023), pages 1-35 and 44-48 (Question) mar 6 mar 7
LEC 9: Web security model (2023 video)
Preparation: Read about web security (2022) (Question) mar 8
DUE: Lab 2 parts 2+3
ADD DATE

mar 11 mar 12
LEC 10: Buffer overflow defenses (2023 video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
Assigned: Lab 3: Symbolic execution mar 13 mar 14
LEC 11: Symbolic execution (2023 video)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question) mar 15
DUE: Lab 2 all parts

mar 18 mar 19
LEC 12: Verification
Preparation: Read HACL* (2019) (Question) mar 20 mar 21
Quiz 1: Covers lectures 1-12 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: 2:30-4p in 26-100 mar 22
Assigned: Lab 4: Browser security

mar 25
Spring vacation mar 26
Spring vacation mar 27
Spring vacation mar 28
Spring vacation mar 29
Spring vacation

apr 1 apr 2
LEC 13 (guest): Information security in real life (Max Burkhardt) (2023 video) apr 3 apr 4
LEC 14: Network security (2023 video)
Preparation: Read Security Problems in TCP/IP (2004), skipping sections 3.1, 4, 5.4, 5.5, and 7.3 (Question) apr 5
DUE: Lab 3 part 1
Assigned: Lab 5: ACME + WebAuthn

apr 8 apr 9
LEC 15: Secure channels (2023 video)
Preparation: Read TLS 1.3 blog post (2018) (Question) apr 10 apr 11
LEC 16: Certificates (2023 video)
Preparation: Read Let's Encrypt (2019) (Question) apr 12
DUE: Lab 3 all parts

apr 15
Patriots day apr 16
LEC 17: User authentication (2023 video)
Preparation: Read U2F (2016) and optionally from U2F to passkeys (2023) (Question) apr 17 apr 18
LEC 18: Messaging security (2023 video)
Preparation: Read Secure messaging (2015) (or extended version) (Question) apr 19
DUE: Lab 4 part 1

apr 22 apr 23
LEC 19: Key transparency
Preparation: Read CONIKS (2015) (Question)
DROP DATE apr 24 apr 25
LEC 20 (guest): Supply Chain Security (Jon Gjengset) (2023 video)
Preparation: Read Software Bill-of-Materials (2020) apr 26
DUE: Lab 4 all parts

apr 29 apr 30
LEC 21: Anonymous Communication (2023 video)
Preparation: Read Circuit fingerprinting (2015) (Question) may 1 may 2
LEC 22: Untrusted storage servers (2023 video)
Preparation: Read SUNDR (2004) (Question) may 3
DUE: Lab 5 part 1

may 6 may 7
LEC 23: Secure Processors (2023 video)
Preparation: Read Controlled-channel attacks (2015) (Question) may 8 may 9
LEC 24 (guest): Zoom security (Max Krohn) (2023 video)
Preparation: Read E2E Encryption for Zoom (2022), sections 1-3 and 7 (Question) may 10
DUE: Lab 5 all parts

may 13 may 14
LEC 25: Differential privacy
Preparation: Read Plume (2022) (Question)
Last day of classes may 15 may 16 may 17
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD

may 20
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD may 21
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD may 22
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD may 23 may 24

Monday	Tuesday	Wednesday	Thursday	Friday
feb 5 First day of classes	feb 6 LEC 1: Introduction, threat models (2023 video) Preparation: Optionally read Modern Android exploit Assigned: Lab 1: Buffer overflows	feb 7	feb 8 LEC 2: OS and VM isolation (2023 video) Preparation: Read about OS and VM isolation (Question)	feb 9
feb 12	feb 13 LEC 3: Software fault isolation (2023 video) Preparation: Read about WebAssembly (Question)	feb 14	feb 15 LEC 4: CPU side-channels (2023 video) Preparation: Read Transient Execution Attacks and Defenses (2019) (Question)	feb 16 DUE: Lab 1 part 1 DUE: Lab 1 part 2
feb 19 Presidents day	feb 20 Monday schedule	feb 21	feb 22 LEC 5: Privilege separation (2023 video) Preparation: Read OpenSSH (2003) (Question) Assigned: Lab 2: Privilege separation	feb 23 DUE: Lab 1 all parts
feb 26	feb 27 LEC 6: Security architecture (2023 video) Preparation: Read Google Infrastructure Security (2022) and optionally other details (2023) (Question)	feb 28	feb 29 LEC 7: Client device security (2023 video) Preparation: Read about iOS Security (Question)	mar 1 DUE: Lab 2 part 1
mar 4	mar 5 LEC 8: Android security (2023 video) Preparation: Read Android Security (2023), pages 1-35 and 44-48 (Question)	mar 6	mar 7 LEC 9: Web security model (2023 video) Preparation: Read about web security (2022) (Question)	mar 8 DUE: Lab 2 parts 2+3 ADD DATE
mar 11	mar 12 LEC 10: Buffer overflow defenses (2023 video) Preparation: Read Baggy bounds checking (2009) + errata (Question) Assigned: Lab 3: Symbolic execution	mar 13	mar 14 LEC 11: Symbolic execution (2023 video) Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)	mar 15 DUE: Lab 2 all parts
mar 18	mar 19 LEC 12: Verification Preparation: Read HACL* (2019) (Question)	mar 20	mar 21 Quiz 1: Covers lectures 1-12 and labs 1-2 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: 2:30-4p in 26-100	mar 22 Assigned: Lab 4: Browser security
mar 25 Spring vacation	mar 26 Spring vacation	mar 27 Spring vacation	mar 28 Spring vacation	mar 29 Spring vacation
apr 1	apr 2 LEC 13 (guest): Information security in real life (Max Burkhardt) (2023 video)	apr 3	apr 4 LEC 14: Network security (2023 video) Preparation: Read Security Problems in TCP/IP (2004), skipping sections 3.1, 4, 5.4, 5.5, and 7.3 (Question)	apr 5 DUE: Lab 3 part 1 Assigned: Lab 5: ACME + WebAuthn
apr 8	apr 9 LEC 15: Secure channels (2023 video) Preparation: Read TLS 1.3 blog post (2018) (Question)	apr 10	apr 11 LEC 16: Certificates (2023 video) Preparation: Read Let's Encrypt (2019) (Question)	apr 12 DUE: Lab 3 all parts
apr 15 Patriots day	apr 16 LEC 17: User authentication (2023 video) Preparation: Read U2F (2016) and optionally from U2F to passkeys (2023) (Question)	apr 17	apr 18 LEC 18: Messaging security (2023 video) Preparation: Read Secure messaging (2015) (or extended version) (Question)	apr 19 DUE: Lab 4 part 1
apr 22	apr 23 LEC 19: Key transparency Preparation: Read CONIKS (2015) (Question) DROP DATE	apr 24	apr 25 LEC 20 (guest): Supply Chain Security (Jon Gjengset) (2023 video) Preparation: Read Software Bill-of-Materials (2020)	apr 26 DUE: Lab 4 all parts
apr 29	apr 30 LEC 21: Anonymous Communication (2023 video) Preparation: Read Circuit fingerprinting (2015) (Question)	may 1	may 2 LEC 22: Untrusted storage servers (2023 video) Preparation: Read SUNDR (2004) (Question)	may 3 DUE: Lab 5 part 1
may 6	may 7 LEC 23: Secure Processors (2023 video) Preparation: Read Controlled-channel attacks (2015) (Question)	may 8	may 9 LEC 24 (guest): Zoom security (Max Krohn) (2023 video) Preparation: Read E2E Encryption for Zoom (2022), sections 1-3 and 7 (Question)	may 10 DUE: Lab 5 all parts
may 13	may 14 LEC 25: Differential privacy Preparation: Read Plume (2022) (Question) Last day of classes	may 15	may 16	may 17 Final exam: Emphasis on lectures 13-24 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD
may 20 Final exam: Emphasis on lectures 13-24 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD	may 21 Final exam: Emphasis on lectures 13-24 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD	may 22 Final exam: Emphasis on lectures 13-24 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD	may 23	may 24