6.566 / Spring 2026

The lectures cover a broad overview of systems security together with a deeper focus on several topics: isolation techniques, privilege separation, dealing with buggy code, and networked and distributed systems.

Links to notes etc. on future days are copies of materials from last year, to give you an idea of what the future will bring. We will update the notes as the course progresses. The year of publication for class readings are shown in parentheses.

Monday Tuesday Wednesday Thursday Friday

feb 2
First day of classes feb 3
LEC 1: Introduction, threat models (video)
Preparation: Optionally read about what a modern vulnerability looks like (2026)
Assigned: Lab 1: Buffer overflows feb 4 feb 5
LEC 2: OS and VM isolation (video)
Preparation: Read about OS and VM isolation (Question) feb 6

feb 9 feb 10
LEC 3: Software fault isolation (video)
Preparation: Read about WebAssembly (Question) feb 11 feb 12
LEC 4: Trusted hardware (video)
Preparation: Read BitLocker (2006), sections 1-2 (Question) feb 13
DUE: Lab 1 part 1
DUE: Lab 1 part 2

feb 16
Presidents day feb 17
Monday schedule feb 18 feb 19
Hacking day: no class meeting, work on lab
Assigned: Lab 2: Privilege separation feb 20
DUE: Lab 1 all parts

feb 23 feb 24
Snow day, lecture cancelled feb 25 feb 26
LEC 5: Privilege separation (video)
Preparation: Read OpenSSH (2003) (Question) feb 27
DUE: Lab 2 part 1

mar 2 mar 3
LEC 6: Data center infrastructure (video)
Preparation: Read Google Infrastructure Security (2024) and BeyondProd (2024) (Question) mar 4 mar 5
LEC 7: Mobile phone security (video)
Preparation: Read about iOS Security (Question) mar 6
DUE: Lab 2 parts 2+3
ADD DATE

mar 9 mar 10
LEC 8: Web security model (video)
Preparation: Read about web security (2022) (Question)
Assigned: Lab 3: Symbolic execution mar 11 mar 12
LEC 9: Buffer overflow defenses (video)
Preparation: Read Baggy bounds checking (2009) + errata (Question) mar 13
DUE: Lab 2 all parts

mar 16 mar 17
LEC 10: Symbolic execution (video)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question) mar 18 mar 19
Quiz 1: Covers lectures 1-10 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: 2:30-4p in 45-230 mar 20
Assigned: Lab 4: Browser security

mar 23
Spring vacation mar 24
Spring vacation mar 25
Spring vacation mar 26
Spring vacation mar 27
Spring vacation

mar 30 mar 31
Hacking day: no class meeting, work on lab apr 1 apr 2
LEC 11 (guest): Supply chain security (Russ Cox) (video)
Preparation: Read 50 years of open-source supply chain (2025) apr 3
DUE: Lab 3 part 1

apr 6 apr 7
LEC 12: Network security (video)
Preparation: Read about network security (Question) apr 8 apr 9
LEC 13: Secure channels (video)
Preparation: Read TLS 1.3 blog post (2018) (Question) apr 10
DUE: Lab 3 all parts
Assigned: Lab 5: ACME + WebAuthn

apr 13 apr 14
LEC 14: Certificates (video)
Preparation: Read Let's Encrypt (2019) (Question) apr 15 apr 16
LEC 15: User authentication (video)
Preparation: Read U2F (2016) and optionally from U2F to passkeys (2023) (Question) apr 17
DUE: Lab 4 part 1

apr 20
Patriots day apr 21
Hacking day: no class meeting, work on lab
DROP DATE apr 22 apr 23
Hacking day: no class meeting, work on lab apr 24
DUE: Lab 4 all parts

apr 27 apr 28
LEC 16 (guest): Decentralized key management (Max Krohn) (video)
Preparation: Read FOKS (2025) (Question) apr 29 apr 30
LEC 17 (guest): AI agent security (Anish Athalye) (video)
Preparation: Read CaMeL (2025), skipping the appendices (Question) may 1
DUE: Lab 5 part 1

may 4 may 5
LEC 18: Messaging security (video)
Preparation: Read Analysis of Signal (2019), sections 1-3 (Question) may 6 may 7
LEC 19 (guest): Information security in real life (Colby Morgan) (video) may 8
DUE: Lab 5 all parts

may 11 may 12
LEC 20: Anonymous communication (video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)
Last day of classes may 13 may 14 may 15
Final exam: Emphasis on lectures 11-20 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD

may 18
Final exam: Emphasis on lectures 11-20 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD may 19
Final exam: Emphasis on lectures 11-20 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD may 20
Final exam: Emphasis on lectures 11-20 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD may 21 may 22

Monday	Tuesday	Wednesday	Thursday	Friday
feb 2 First day of classes	feb 3 LEC 1: Introduction, threat models (video) Preparation: Optionally read about what a modern vulnerability looks like (2026) Assigned: Lab 1: Buffer overflows	feb 4	feb 5 LEC 2: OS and VM isolation (video) Preparation: Read about OS and VM isolation (Question)	feb 6
feb 9	feb 10 LEC 3: Software fault isolation (video) Preparation: Read about WebAssembly (Question)	feb 11	feb 12 LEC 4: Trusted hardware (video) Preparation: Read BitLocker (2006), sections 1-2 (Question)	feb 13 DUE: Lab 1 part 1 DUE: Lab 1 part 2
feb 16 Presidents day	feb 17 Monday schedule	feb 18	feb 19 Hacking day: no class meeting, work on lab Assigned: Lab 2: Privilege separation	feb 20 DUE: Lab 1 all parts
feb 23	feb 24 Snow day, lecture cancelled	feb 25	feb 26 LEC 5: Privilege separation (video) Preparation: Read OpenSSH (2003) (Question)	feb 27 DUE: Lab 2 part 1
mar 2	mar 3 LEC 6: Data center infrastructure (video) Preparation: Read Google Infrastructure Security (2024) and BeyondProd (2024) (Question)	mar 4	mar 5 LEC 7: Mobile phone security (video) Preparation: Read about iOS Security (Question)	mar 6 DUE: Lab 2 parts 2+3 ADD DATE
mar 9	mar 10 LEC 8: Web security model (video) Preparation: Read about web security (2022) (Question) Assigned: Lab 3: Symbolic execution	mar 11	mar 12 LEC 9: Buffer overflow defenses (video) Preparation: Read Baggy bounds checking (2009) + errata (Question)	mar 13 DUE: Lab 2 all parts
mar 16	mar 17 LEC 10: Symbolic execution (video) Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)	mar 18	mar 19 Quiz 1: Covers lectures 1-10 and labs 1-2 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: 2:30-4p in 45-230	mar 20 Assigned: Lab 4: Browser security
mar 23 Spring vacation	mar 24 Spring vacation	mar 25 Spring vacation	mar 26 Spring vacation	mar 27 Spring vacation
mar 30	mar 31 Hacking day: no class meeting, work on lab	apr 1	apr 2 LEC 11 (guest): Supply chain security (Russ Cox) (video) Preparation: Read 50 years of open-source supply chain (2025)	apr 3 DUE: Lab 3 part 1
apr 6	apr 7 LEC 12: Network security (video) Preparation: Read about network security (Question)	apr 8	apr 9 LEC 13: Secure channels (video) Preparation: Read TLS 1.3 blog post (2018) (Question)	apr 10 DUE: Lab 3 all parts Assigned: Lab 5: ACME + WebAuthn
apr 13	apr 14 LEC 14: Certificates (video) Preparation: Read Let's Encrypt (2019) (Question)	apr 15	apr 16 LEC 15: User authentication (video) Preparation: Read U2F (2016) and optionally from U2F to passkeys (2023) (Question)	apr 17 DUE: Lab 4 part 1
apr 20 Patriots day	apr 21 Hacking day: no class meeting, work on lab DROP DATE	apr 22	apr 23 Hacking day: no class meeting, work on lab	apr 24 DUE: Lab 4 all parts
apr 27	apr 28 LEC 16 (guest): Decentralized key management (Max Krohn) (video) Preparation: Read FOKS (2025) (Question)	apr 29	apr 30 LEC 17 (guest): AI agent security (Anish Athalye) (video) Preparation: Read CaMeL (2025), skipping the appendices (Question)	may 1 DUE: Lab 5 part 1
may 4	may 5 LEC 18: Messaging security (video) Preparation: Read Analysis of Signal (2019), sections 1-3 (Question)	may 6	may 7 LEC 19 (guest): Information security in real life (Colby Morgan) (video)	may 8 DUE: Lab 5 all parts
may 11	may 12 LEC 20: Anonymous communication (video) Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question) Last day of classes	may 13	may 14	may 15 Final exam: Emphasis on lectures 11-20 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD
may 18 Final exam: Emphasis on lectures 11-20 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD	may 19 Final exam: Emphasis on lectures 11-20 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD	may 20 Final exam: Emphasis on lectures 11-20 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD	may 21	may 22