The schedule will change as the course progresses, in part based on student
interests. If you are particularly interested in some topic not covered here,
send mail to the course staff.
The year of publication for class readings are shown in parentheses.
Monday | Tuesday |
Wednesday | Thursday |
Friday |
feb 5
Reg day |
feb 6
First day of classes |
feb 7
LEC 1 (nz): Introduction, threat models (2014 video)
Assigned: Lab 1: Buffer overflows |
feb 8 |
feb 9 |
feb 12
LEC 2 (nz): Security architecture
Preparation: Read Google Infrastructure Security (2017) and optionally other details (2018) (Question) |
feb 13 |
feb 14
LEC 3 (fk): User authentication (2014 video)
Preparation: Read Mandatory password changes (2016) and U2F (2017) (Question) |
feb 15 |
feb 16
DUE: Lab 1 parts 1+2 |
feb 19
Presidents Day |
feb 20
LEC 4 (fk): Buffer overflow defenses (2014 video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
Monday schedule |
feb 21
LEC 5 (nz): Privilege separation (2014 video)
Preparation: Read OKWS (2004) but skip section 7 (Question)
Assigned: Lab 2: Privilege separation |
feb 22 |
feb 23
DUE: Lab 1 all parts |
feb 26
LEC 6 (nz): OS security (2014 video)
Preparation: Read Capsicum (2010) (Question) |
feb 27 |
feb 28
LEC 7 (fk): Software fault isolation (2014 video)
Preparation: Read Native Client (2009) (Question) |
mar 1 |
mar 2
DUE: Lab 2 part 1 |
mar 5
LEC 8 (guest): Paul Youn from Airbnb (2014 video) |
mar 6 |
mar 7
LEC 9 (fk): Intel SGX
Preparation: Read Innovative instructions (2013) up to section 3.2 + Haven (2014) up to but not including section 6; optional SGX details (2016), section 5 (Question) |
mar 8 |
mar 9
DUE: Lab 2 parts 2+3
ADD DATE |
mar 12
LEC 10 (nz): Client device security
Preparation: Read iOS Security (2018), pages 1-25 (Question) |
mar 13 |
mar 14
LEC 11 (nz): Android security (2014 video)
Preparation: Read Understanding Android Security (2009) + errata (Question)
Assigned: Lab 3: Symbolic execution |
mar 15 |
mar 16
DUE: Lab 2 all parts |
mar 19
LEC 12 (fk): Symbolic execution (2014 video)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)
Assigned: Lab 5: Final project
Quiz review; notes on Baggy Bounds and buffer overflows |
mar 20 |
mar 21
Quiz 1: Covers lectures 1-11 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: Walker, 50-340 |
mar 22 |
mar 23
DUE: Final project proposal (if you are not doing the default project) |
mar 26
Spring Vacation |
mar 27
Spring Vacation |
mar 28
Spring Vacation |
mar 29
Spring Vacation |
mar 30
Spring Vacation |
apr 2
LEC 13 (nz): Web security model (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 9-11 (Question) |
apr 3 |
apr 4
REC 1: Web security (2014 video)
Preparation: Read The Tangled Web (2012), Chapters 12-13 and OWASP top 10 (2017) |
apr 5 |
apr 6
DUE: Lab 3 part 1 |
apr 9
LEC 14 (fk): Network security (2014 video)
Preparation: Read Security Problems in TCP/IP (2004) (Question) |
apr 10 |
apr 11
LEC 15 (fk): Secure channels (2014 video)
Preparation: Read Analysis of SSL 3.0 (1996) (Question)
Assigned: Lab 4: Browser security |
apr 12 |
apr 13
DUE: Lab 3 all parts |
apr 16
Patriots Day |
apr 17
Patriots Day |
apr 18
LEC 16 (fk): Certificates (2014 video)
Preparation: Read SSL and HTTPS (2013) (Question) |
apr 19 |
apr 20
DUE: Lab 4 part 1 and 2 |
apr 23
LEC 17 (fk): CPU timing attacks (2014 video)
Preparation: Read Spectre (2018) (Question) |
apr 24 |
apr 25
LEC 18 (nz): Security economics (2014 video)
Preparation: Read Click Trajectories (2011) (Question) |
apr 26
DROP DATE |
apr 27
DUE: Lab 4 all parts |
apr 30
LEC 19 (guest): Tim Leek, MIT Lincoln Lab
Preparation: Read LAVA (2016) (Question) |
may 1 |
may 2
LEC 20 (guest): Nick Mathewson, Anonymous communication (2014 video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question) |
may 3 |
may 4 |
may 7
LEC 21 (nz): Bitcoin
Preparation: Read Bitcoin challenges (2015) (Question) |
may 8 |
may 9
LEC 22 (dl): Email/messaging security
Preparation: Read Secure messaging (2015) (or extended version) (Question) |
may 10 |
may 11
DUE: Final project writeup and code |
may 14
LEC 23 (guest): Mark Silis and Jessica Murray, MIT IS&T (2014 video) |
may 15 |
may 16
LEC 24 (students): Project presentations (2014 video)
DUE: Final project presentation |
may 17
Last day of classes |
may 18
Final exam review
Time: 7PM
Location: 32-141 |
may 21
Final exam: Emphasis on lectures 12-24 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Time and Location: 9am-11am, Ice Rink |
may 22 |
may 23 |
may 24 |
may 25 |