Fall 2013

The schedule will change as the course progresses, in part based on student interests. If you are particularly interested in some topic not covered here, send mail to the course staff.

The year of publication for class readings are shown in parentheses.

MondayTuesday WednesdayThursday Friday
sep 2
Labor day
sep 3
Reg day
sep 4
LEC 1: Introduction, threat models
Assigned: Lab 1: Buffer overflows
First day of classes
sep 5 sep 6
sep 9
LEC 2: Control hijacking attacks
Preparation: Read Baggy bounds checking (2009) + errata (Question)
sep 10 sep 11
LEC 3: Integer overflows and static analysis unsigned int
Preparation: Read KINT (2012) (Question)
sep 12 sep 13
DUE: Lab 1 parts 1+2
sep 16
LEC 4: Privilege separation
Preparation: Read OKWS (2004) (Question)
Assigned: Lab 2: Privilege separation
sep 17 sep 18
LEC 5: Guest lecture:
Paul Youn from iSEC Partners
sep 19 sep 20
DUE: Lab 1 all parts
sep 23
LEC 6: Evolving OS isolation mechanisms
Preparation: Read Capsicum (2010) and optionally access-control extensibility (2013) (Question)
sep 24 sep 25
LEC 7: Sandboxing native code
Preparation: Read Native Client (2009) (Question)
sep 26 sep 27
DUE: Lab 2 parts 1+2
sep 30
LEC 8: Network security
Preparation: Read Security Problems in TCP/IP (2004) (Question)
oct 1 oct 2
LEC 9: Network protocols
Preparation: Read Kerberos (1988) (Question)
oct 3 oct 4
DUE: Lab 2 parts 3+4
ADD DATE
oct 7
LEC 10: Web security model
Preparation: Read The Tangled Web (2012), Chapters 9-13 (Question)
oct 8 oct 9
LEC 11: Securing web applications
Preparation: Read Security in Django (2012) and Django CSRF (Question)
Assigned: Lab 3: Server-side sandboxing
oct 10 oct 11
DUE: Lab 2 all parts
oct 14
Columbus day
oct 15
Columbus day
oct 16
LEC 12: SSL and HTTPS
Preparation: Read ForceHTTPS (2008) (Question)
Assigned: Lab 7: Final project
oct 17 oct 18
DUE: Lab 3 all parts
Assigned: Lab 4: Attacking the server
oct 21
LEC 13: Side-channel attacks
Preparation: Read Remote timing attacks (2003) (Question)
oct 22 oct 23
LEC 14: Privacy and data lifetime
Preparation: Read Private browsing (2010) (Question)
Assigned: Lab 5: Browser security
Quiz 1 Review: 7:30pm - 9:30pm in 34-101.
oct 24
DUE: Post your final project idea on Piazza
oct 25
DUE: Lab 4
oct 28
Quiz 1: Covers lectures 1-12 and labs 1-3
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: 50-340 (Walker)
oct 29 oct 30
LEC 15: User authentication (Slides)
Preparation: Read The Quest to Replace Passwords (2012) and optionally the extended version (Question)
oct 31 nov 1
DUE: Final project proposal
nov 4
No lecture, work on lab 5
nov 5 nov 6
LEC 16: Anonymous communication
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)
Assigned: Lab 6: Javascript sandboxing
nov 7 nov 8
DUE: Lab 5
nov 11
Veteran's day
nov 12 nov 13
LEC 17: Mobile phone security (Slides)
Preparation: Read Understanding Android Security (2009) + errata (Question)
nov 14 nov 15
DUE: Lab 6
nov 18
LEC 18: File system encryption
Preparation: Read BitLocker (2006) (Question)
nov 19 nov 20
LEC 19: Database encryption
Preparation: Read CryptDB (2011) (Question)
DROP DATE
nov 21 nov 22
DUE: Email us a status update on your final project (couple of paragraphs)
nov 25
LEC 20: Guest lecture:
Mark Silis from MIT IS&T
Quiz 2 Review: 7:30pm - 9:30pm in 32-141.
Slides/Notes 1 2 3 4
nov 26 nov 27
LEC 21: Obfuscation and reverse-engineering
Preparation: Read Looking inside Dropbox (2013) (Question)
nov 28
Thanksgiving
nov 29
Thanksgiving
dec 2
Quiz 2: Focuses on lectures 13-21 and labs 4-6 (but may build on earlier material)
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: 50-340 (Walker)
dec 3 dec 4
LEC 22: Security economics
Preparation: Read Click Trajectories (2011) (Question)
dec 5 dec 6
dec 9
No class, hack on final projects
dec 10 dec 11
LEC 23: Project presentations
DUE: Final project presentation
Last day of classes
dec 12 dec 13
DUE: Final project writeup and code
dec 16
Final exam week
(No final in 6.858)
dec 17
Final exam week
(No final in 6.858)
dec 18
Final exam week
(No final in 6.858)
dec 19
Final exam week
(No final in 6.858)
dec 20
Final exam week
(No final in 6.858)

Questions or comments regarding 6.858? Send e-mail to the course staff at 6.858-staff@pdos.csail.mit.edu.

Top // 6.858 home // Last updated Friday, 29-Jan-2016 11:49:53 EST