Project-related deadlines are shown in red. Note that that there will be no extensions for projects!

Module 1 (Weeks 1-5) — Memory-based attacks

Week 1: Stack Smashing

• Tuesday (1/23): Course intro, buffer overflows, basic assembly
• Wednesday (1/24) Lab 1: Assembly for x86
• Tuesday (1/25) Exploiting Buffer overflows
• Assigned reading:
  • SoK: Eternal War in Memory
  • “StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks”
  • x86 Assembly Guide
• Projects and homework:
  • Project 1I (individual) handed out

Week 2: Defense: Stack Canaries, ASLR, and W^X

• Tuesday (1/30): Shellcoding and Memory Defenses
• Wednesday (1/31) Lab 2: Learning with Friends
• Thursday (2/1): Interview with Jimmy Wylie
• Assigned reading:
  • Reflections on Trusting Trust

Week 3: Return-Oriented Programming and CFI

• Tuesday (2/6): Modern Attacks: Return-to-libc and Return-oriented-programming
• Wednesday (2/7): Lab 3: Group forming and individual work
• Thursday (2/8) Return-Oriented Programming and Control-Flow Integrity (CFI)
• Friday (2/9) at 5:59PM: Project 1I due!!!
• Assigned reading:
  • On the Effectiveness of Address-Space Randomization
  • The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls
• Optional reading:
  • Baby’s first NX+ASLR bypass
• Projects and homework:
  • Project 1G (group) handed out

Week 4: Secure Coding, Malware, and Static Analysis

• Tuesday (2/13): Return-Oriented Programming
• Wednesday (2/14): Lab 4: Group Work on Projects and HTTP overview
• Thursday (2/15) Identifying and exploiting ROP gadgets

Module 2: Systems Security

Week 5: Access Control and Sandboxing

• Tuesday: Access Control Policies: MLS, MAC, and RBAC
• Wednesday (2/14): In-group lab work
• Thursday: SELinux, Policies, and Sandboxing
• Projects and homework:
  • Friday: Project 2I Handed Out

Module 3: Crypto

Week 6: Basics and Symmetric Crypto

• Monday (2/25) at 5:59PM: Project 1G due!!!
• Tuesday: Hashes, Block ciphers, nonces
• Wednesday: EXAM 1! (Note that exams are on-your-own)
  • (Note that there will be no lab because of Exam 1)
• Thursday: More Block Ciphers and Encryption Modes

Spring Break!!!

Week 7: Public-key (Asymmetric) crypto

• Tuesday: Public-Key crypto, digital signatures
• Thursday: Authentication and Anonymity
• Friday at 5:59PM: Project 2I due!!!
• Assigned reading:
  • Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

Module 4: Network and Web Security

Week 8: Networking Intro and Packet Capture

• Tuesday: Networking Intro
• Thursday: TCP and Packet Captures
• Projects and homework:
  • Monday: Project 2G Handed Out

Week 9: Network Security, HTTPS, and TLS

• Tuesday: Network Security and TLS
• Thursday: DHCP and DNS attacks, intro to Web Security

Week 10: Web Attacks: SQLi, XSS, XSRF

• Tuesday: Web Applications, REST, and SQL Injections
• Thursday: Cross-Site Request Forgery and Cross-Site Scripting
• Projects and homework:
  • Monday at 5:59PM: Project 2G due!!!
  • Monday: Project 3I Handed Out

Module 5: Information Flow and Side Channels

Week 11: Information Flow and Jeeves

• Tuesday: Defining Information Flow
• Thursday: Jeeves: Policy-Agnostic Programming in Python

Week 12: Side-Channel Attacks

• Tuesday: Side Channels
• Thursday: Meltdown and Spectre
• Projects and homework:
  • Monday at 5:59PM: Project 2I due!!!
  • Monday: Project 3G Handed Out

Module 6: Program Analysis for Security

Week 13: Dynamic and Static Analysis

• Tuesday: Dynamic Analysis: Valgrind, Taint Tracking, etc..
• Thursday: Static Analysis: Symbolic Execution, KLEE, etc…

Module 7: Usable Security and Wrap Up

Week 14: Usable Security, User Studies, and Experimental Design

• Tuesday: Usable Security and Human Factors
• Thursday: In-class Experiments and Wrap-Up
• Projects and Homework
  • Wednesday at 5:59PM: Project 3G due!!!