Links to notes etc. on future days are copies of materials from 2020 to give you an idea of what the future will bring. We will update the notes as the course progresses. The year of publication for class readings are shown in parentheses.

MondayTuesday WednesdayThursday Friday
jan 31
First day of classes
feb 1
LEC 1 (nz): Introduction, threat models (2022 video, Youtube)
Assigned: Lab 1: Buffer overflows
feb 2 feb 3
LEC 2 (nz): Security architecture (2022 video, Youtube)
Preparation: Read Google Infrastructure Security (2017) and optionally other details (2018) (Question)
feb 4
feb 7 feb 8
LEC 3 (nz): User authentication (2022 video, Youtube)
Preparation: Read Your password doesn't matter (2019) and U2F (2016) (Question)
feb 9 feb 10
LEC 4 (nz): Buffer overflow defenses (2022 video, Youtube)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
feb 11
DUE: Lab 1 part 1
DUE: Lab 1 part 2
feb 14 feb 15
LEC 5 (nz): Privilege separation (2022 video, Youtube)
Preparation: Read OKWS (2004) but skip section 7 (Question)
Assigned: Lab 2: Privilege separation
feb 16 feb 17
REC 1: Linux Containers (2020 video)
Preparation: Read Chroot (1979), LXC, and iptables
Note: No in-person lecture; watch the video
feb 18
DUE: Lab 1 all parts
feb 21
Presidents day
feb 22
Monday schedule
feb 23 feb 24
LEC 6 (nz): OS and VM isolation (2022 video, Youtube)
Preparation: Read Firecracker (2020) (Question)
feb 25
DUE: Lab 2 part 1
feb 28 mar 1
LEC 7 (nz): Software fault isolation (2022 video, Youtube)
Preparation: Read WebAssembly (2017) (Question)
mar 2 mar 3
LEC 8 (nz): Sandboxing libraries (2022 video, Youtube)
Preparation: Read RLbox (2020) (Question)
mar 4
DUE: Lab 2 parts 2+3
ADD DATE
mar 7 mar 8
LEC 9 (nz): Client device security (2022 video, Youtube)
Preparation: Read iOS Security (2019), pages 1-28 (Question)
Assigned: Lab 3: Symbolic execution
Assigned: Lab 5: Final project
mar 9 mar 10
LEC 10 (nz): Android security (2022 video, Youtube)
Preparation: Read Android Platform Security Model (2019) (Question)
mar 11
DUE: Lab 2 all parts
mar 14 mar 15
LEC 11 (nz): Symbolic execution (2022 video, Youtube)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)
mar 16 mar 17
Quiz 1: Covers lectures 1-11 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: 2:30-4p in 26-100
mar 18
DUE: Final project proposal (if you are not doing the default project)
mar 21
Spring vacation
mar 22
Spring vacation
mar 23
Spring vacation
mar 24
Spring vacation
mar 25
Spring vacation
mar 28 mar 29
LEC 12 (nz): Web security model (2022 video, Youtube)
Preparation: Read about web security (2022) (Question)
mar 30 mar 31
REC 2: Web security
Preparation: Read OWASP top 10 (2021) and Web security guidelines (2018)
Note: No in-person lecture; read through slides.
apr 1
DUE: Lab 3 part 1
apr 4 apr 5
LEC 13 (nz): Network security (2022 video, Youtube)
Preparation: Read Security Problems in TCP/IP (2004) (Question)
Assigned: Lab 4: Browser security
apr 6 apr 7
LEC 14 (nz): Secure channels (2022 video, Youtube)
Preparation: Read Analysis of SSL 3.0 (1996) (Question)
apr 8
DUE: Lab 3 all parts
apr 11 apr 12
LEC 15 (nz): Certificates (2022 video, Youtube)
Preparation: Read SSL and HTTPS (2013) (Question)
apr 13 apr 14
LEC 16 (guest): Information security in real life (Max Burkhardt) (2022 video, Youtube)
apr 15
DUE: Lab 4 part 1
apr 18
Patriots day
apr 19
LEC 17 (nz): Messaging security (2022 video, Youtube)
Preparation: Read Secure messaging (2015) (or extended version) (Question)
DROP DATE
apr 20 apr 21
LEC 18 (guest): IoT Security: Microsoft Azure Sphere (Galen Hunt) (2022 video, Youtube)
Preparation: Read What is Azure Sphere? (2022) and optional paper (2020)
apr 22
DUE: Lab 4 all parts
apr 25 apr 26
LEC 19 (guest): Anonymous communication (Nick Mathewson) (2022 video, Youtube)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012); optionally watch the 2014 video (Question)
apr 27 apr 28
LEC 20 (nz): CPU timing attacks (2022 video, Youtube)
Preparation: Read On Spectre and Meltdown (2019) (Question)
apr 29
may 2
Please complete the subject evaluation
may 3
LEC 21 (guest): Hardware security (bunnie) (2022 video, Youtube)
Preparation: Read betrusted (2022)
may 4 may 5
LEC 22 (guest): Zoom security (Max Krohn) (2022 video, Youtube)
Preparation: Read E2E Encryption for Zoom (2021), sections 1-3, and optionally section 4 (Question)
may 6
DUE: Lab 5, or final project writeup and code
may 9 may 10
LEC 23 (students): Project presentations and reports (2022 video, Youtube)
DUE: Final project presentation
Last day of classes
may 11 may 12 may 13
may 16 may 17
Final exam: Emphasis on lectures 12-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: Johnson Ice Rink, 1:30-3:30pm
may 18 may 19 may 20