Project-related deadlines are shown in red. Note that that there will be no extensions for projects!

Module 1 (Weeks 1-5) — Memory-based attacks

Week 1: Stack Smashing

Week 2: Defense: Stack Canaries, ASLR, and W^X

Week 3: Return-Oriented Programming and CFI

Week 4: Secure Coding, Malware, and Static Analysis

Module 2: Systems Security

Week 5: Access Control and Sandboxing

  • Tuesday: Access Control Policies: MLS, MAC, and RBAC
  • Wednesday (2/14): In-group lab work
  • Thursday: SELinux, Policies, and Sandboxing
  • Projects and homework:
    • Friday: Project 2I Handed Out

Module 3: Crypto

Week 6: Basics and Symmetric Crypto

Spring Break!!!

Week 7: Public-key (Asymmetric) crypto

Module 4: Network and Web Security

Week 8: Networking Intro and Packet Capture

Week 9: Network Security, HTTPS, and TLS

Week 10: Web Attacks: SQLi, XSS, XSRF

Module 5: Information Flow and Side Channels

Week 11: Information Flow and Jeeves

Week 12: Side-Channel Attacks

Module 6: Program Analysis for Security

Week 13: Dynamic and Static Analysis

Module 7: Usable Security and Wrap Up

Week 14: Usable Security, User Studies, and Experimental Design