6.566 / Spring 2026

The lectures cover a broad overview of systems security together with a deeper focus on several topics: isolation techniques, privilege separation, dealing with buggy code, networked and distributed systems, and human-focused security and privacy.

Links to notes etc. on future days are copies of materials from last year, to give you an idea of what the future will bring. We will update the notes as the course progresses. The year of publication for class readings are shown in parentheses.

Monday Tuesday Wednesday Thursday Friday

feb 2
First day of classes feb 3
LEC 1: Introduction, threat models
Preparation: Optionally read Modern Android exploit
Assigned: Lab 1: Buffer overflows feb 4 feb 5
LEC 2: OS and VM isolation
Preparation: Read about OS and VM isolation (Question) feb 6

feb 9 feb 10
LEC 3: Software fault isolation (video)
Preparation: Read about WebAssembly (Question) feb 11 feb 12
LEC 4: Trusted hardware
Preparation: Read BitLocker (2006), sections 1-2 (Question) feb 13
DUE: Lab 1 part 1
DUE: Lab 1 part 2

feb 16
Presidents day feb 17
Monday schedule feb 18 feb 19
Hacking day: no class meeting, work on lab
Assigned: Lab 2: Privilege separation feb 20
DUE: Lab 1 all parts

feb 23 feb 24
LEC 5: Privilege separation
Preparation: Read OpenSSH (2003) (Question) feb 25 feb 26
LEC 6: Data center infrastructure
Preparation: Read Google Infrastructure Security (2023) and BeyondProd (2023) (Question) feb 27
DUE: Lab 2 part 1

mar 2 mar 3
LEC 7: Mobile phone security
Preparation: Read about iOS Security (Question) mar 4 mar 5
LEC 8: Web security model
Preparation: Read about web security (2022) (Question) mar 6
DUE: Lab 2 parts 2+3
ADD DATE

mar 9 mar 10
LEC 9: Buffer overflow defenses
Preparation: Read Baggy bounds checking (2009) + errata (Question)
Assigned: Lab 3: Symbolic execution mar 11 mar 12
LEC 10: Symbolic execution
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question) mar 13
DUE: Lab 2 all parts

mar 16 mar 17
LEC 11: Verification
Preparation: Read HACL* (2017) (Question) mar 18 mar 19
Quiz 1: Covers lectures 1-12 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: 2:30-4p in 45-230 mar 20
Assigned: Lab 4: Browser security

mar 23
Spring vacation mar 24
Spring vacation mar 25
Spring vacation mar 26
Spring vacation mar 27
Spring vacation

mar 30 mar 31
LEC 12 (guest): Supply chain security (Russ Cox)
Preparation: Read Trusting Trust (1984) and Russ's blog post (2023), and optionally xz attack (2024) apr 1 apr 2
LEC 13: Network security
Preparation: Read about network security (Question) apr 3
DUE: Lab 3 part 1

apr 6 apr 7
LEC 14: Secure channels
Preparation: Read TLS 1.3 blog post (2018) (Question) apr 8 apr 9
LEC 15: Certificates
Preparation: Read Let's Encrypt (2019) (Question) apr 10
DUE: Lab 3 all parts
Assigned: Lab 5: ACME + WebAuthn

apr 13 apr 14
LEC 16: User authentication
Preparation: Read U2F (2016) and optionally from U2F to passkeys (2023) (Question) apr 15 apr 16
LEC 17: Messaging security
Preparation: Read Analysis of Signal (2019), sections 1-3 (Question) apr 17
DUE: Lab 4 part 1

apr 20
Patriots day apr 21
LEC 18: Key transparency
Preparation: Read CONIKS (2015) (Question)
DROP DATE apr 22 apr 23
LEC 19: Anonymous communication
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question) apr 24
DUE: Lab 4 all parts

apr 27 apr 28
LEC 20: TBD apr 29 apr 30
LEC 21: TBD may 1
DUE: Lab 5 part 1

may 4 may 5
LEC 22: TBD may 6 may 7
LEC 23 (guest): Information security in real life (Max Burkhardt) may 8
DUE: Lab 5 all parts

may 11 may 12
LEC 24: TBD
Last day of classes may 13 may 14 may 15
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD

may 18
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD may 19
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD may 20
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: TBD may 21 may 22

Monday	Tuesday	Wednesday	Thursday	Friday
feb 2 First day of classes	feb 3 LEC 1: Introduction, threat models Preparation: Optionally read Modern Android exploit Assigned: Lab 1: Buffer overflows	feb 4	feb 5 LEC 2: OS and VM isolation Preparation: Read about OS and VM isolation (Question)	feb 6
feb 9	feb 10 LEC 3: Software fault isolation (video) Preparation: Read about WebAssembly (Question)	feb 11	feb 12 LEC 4: Trusted hardware Preparation: Read BitLocker (2006), sections 1-2 (Question)	feb 13 DUE: Lab 1 part 1 DUE: Lab 1 part 2
feb 16 Presidents day	feb 17 Monday schedule	feb 18	feb 19 Hacking day: no class meeting, work on lab Assigned: Lab 2: Privilege separation	feb 20 DUE: Lab 1 all parts
feb 23	feb 24 LEC 5: Privilege separation Preparation: Read OpenSSH (2003) (Question)	feb 25	feb 26 LEC 6: Data center infrastructure Preparation: Read Google Infrastructure Security (2023) and BeyondProd (2023) (Question)	feb 27 DUE: Lab 2 part 1
mar 2	mar 3 LEC 7: Mobile phone security Preparation: Read about iOS Security (Question)	mar 4	mar 5 LEC 8: Web security model Preparation: Read about web security (2022) (Question)	mar 6 DUE: Lab 2 parts 2+3 ADD DATE
mar 9	mar 10 LEC 9: Buffer overflow defenses Preparation: Read Baggy bounds checking (2009) + errata (Question) Assigned: Lab 3: Symbolic execution	mar 11	mar 12 LEC 10: Symbolic execution Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)	mar 13 DUE: Lab 2 all parts
mar 16	mar 17 LEC 11: Verification Preparation: Read HACL* (2017) (Question)	mar 18	mar 19 Quiz 1: Covers lectures 1-12 and labs 1-2 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: 2:30-4p in 45-230	mar 20 Assigned: Lab 4: Browser security
mar 23 Spring vacation	mar 24 Spring vacation	mar 25 Spring vacation	mar 26 Spring vacation	mar 27 Spring vacation
mar 30	mar 31 LEC 12 (guest): Supply chain security (Russ Cox) Preparation: Read Trusting Trust (1984) and Russ's blog post (2023), and optionally xz attack (2024)	apr 1	apr 2 LEC 13: Network security Preparation: Read about network security (Question)	apr 3 DUE: Lab 3 part 1
apr 6	apr 7 LEC 14: Secure channels Preparation: Read TLS 1.3 blog post (2018) (Question)	apr 8	apr 9 LEC 15: Certificates Preparation: Read Let's Encrypt (2019) (Question)	apr 10 DUE: Lab 3 all parts Assigned: Lab 5: ACME + WebAuthn
apr 13	apr 14 LEC 16: User authentication Preparation: Read U2F (2016) and optionally from U2F to passkeys (2023) (Question)	apr 15	apr 16 LEC 17: Messaging security Preparation: Read Analysis of Signal (2019), sections 1-3 (Question)	apr 17 DUE: Lab 4 part 1
apr 20 Patriots day	apr 21 LEC 18: Key transparency Preparation: Read CONIKS (2015) (Question) DROP DATE	apr 22	apr 23 LEC 19: Anonymous communication Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)	apr 24 DUE: Lab 4 all parts
apr 27	apr 28 LEC 20: TBD	apr 29	apr 30 LEC 21: TBD	may 1 DUE: Lab 5 part 1
may 4	may 5 LEC 22: TBD	may 6	may 7 LEC 23 (guest): Information security in real life (Max Burkhardt)	may 8 DUE: Lab 5 all parts
may 11	may 12 LEC 24: TBD Last day of classes	may 13	may 14	may 15 Final exam: Emphasis on lectures 13-24 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD
may 18 Final exam: Emphasis on lectures 13-24 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD	may 19 Final exam: Emphasis on lectures 13-24 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD	may 20 Final exam: Emphasis on lectures 13-24 and labs 3-5 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: TBD	may 21	may 22