| Date |
Topic |
Notes |
| |
|
Introduction
|
| |
Mon Aug 27
|
Course intro (slides)
|
| |
Wed Aug 29
|
Security intro (slides)
|
| |
Mon Sep 3
|
No class (holiday)
|
| |
|
Part 1: Secure Coding
|
| |
Wed Sep 5
|
Memory safety and vulnerabilities: attacks and defenses (I) (slides)
Optional Reading:
Memory Safety Notes
Smashing the stack for fun and profit
Frame pointer overwrite
Basic integer overflows
Optional Videos:
Control Hijacking 1
Control Hijacking 2
|
Lab 1 out
|
| |
Mon Sep 10
|
Memory safety and vulnerabilities: attacks and defenses (II) (slides)
Optional Reading:
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
Bypassing Browser Memory Protections
Optional Videos:
Control Hijacking 3
Control Hijacking 4
Control Hijacking 5
|
| |
Wed Sep 12
|
Fuzzing (slides)
Optional Reading:
The Legitimate Vulnerability Market. Inside the Secretive World of 0-day Exploit Sales
How hackers look for bug
Real world fuzzing
Effective Bug Discovery
|
| |
Mon Sep 17
|
Symbolic execution and static analysis (slides) (section slides)
Optional Reading:
Automated Whitebox Fuzz Testing
Optional Videos:
Dynamic Symbolic Execution
Static Analysis 1
Static Analysis 2
Static Analysis 3
|
Lab 1 due & Lab 2 out
|
| |
Wed Sep 19
|
Program verification (slides) (section slides)
Optional Reading:
Notes on Reasoning about Code
|
| |
|
Part 2: Secure Architecture Concepts and Principles
|
| |
Mon Sep 24
|
Secure architecture principles I (slides)
(videos 1,
2,
3,
4)
Optional Reading:
Operating System Security
A note on the confinement problem
Optional Videos:
Confinement Problem
|
| |
Wed Sep 26
|
Secure architecture principles II (slides)
(videos 1,
2,
3,
4,
5)
Optional Reading:
Privtrans: Automatic Privilege Separation
|
| |
Mon Oct 8
|
Secure architecture principles III (slides)
Optional Reading:
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools
Efficient Software-Based Fault Isolation
Optional Videos:
System Call Interposition
Virtual Machine Isolation
VM Isolation Failures
Software Fault Isolation
|
| |
|
Part 3: Cryptography
|
| |
Mon Oct 1
|
Cryptography I (Guest Lecture by Mario Frank)
(slides)
Optional Videos:
Background
Block Ciphers
Block Cipher Modes
Message Integrity
Authentication
|
Lab 2 due & Lab
3 out
|
| |
Wed Oct 3
|
Cryptography II (slides)
Optional Reading:
Notes on Asymmetric Cryptography
|
| |
|
Part 4: Network Security and Malware
|
| |
Wed Oct 10
|
Malware overview, Viruses, Worms and Botnets (slides)
Optional Reading:
Fighting viruses, defending the net
|
Lab 3 due
|
| |
Mon Oct 15
|
Midterm review I
(slides)
(Study guide)
|
| |
Wed Oct 17
|
Midterm I
|
| |
Mon Oct 22
|
Network protocol security
(Slides)
|
Lab 4 out
|
| |
Wed Oct 24
|
Denial-of-service attacks and defenses
(Slides)
|
| |
Mon Oct 29
|
Worms and Botnets
(slides)
Optional Reading:
Reflections on Trusting Trust
|
| |
|
Part 5: Web Security
|
| |
Wed Oct 31
|
Web security overview and concepts
(slides)
|
Lab 4 due
|
| |
Mon Nov 5
|
Web application security I
(slides)
Optional Videos:
Web Intro
The HTTP Protocol
Rendering
Isolation
Communication
Navigation
Cookies
Secure UI
Framebusting
Command Injection
|
Lab 5 out
|
| |
Wed Nov 7
|
Web application security II
(slides)
Optional Reading:
SQL Injection Attacks by Example
XSS Attack Examples
XSS Cheat Sheet
SQL Injection Cheat Sheet
Optional Videos:
SQL Injection
Cross Site Scripting
|
| |
Mon Nov 12
|
No class (holiday)
|
| |
Wed Nov 14
|
Web application security III
(slides)
Optional Videos:
More on Cookies
Cookie Protocol Problems
Session Management
Session Hijacking
Generating Session Tokens
|
| |
|
Part 6: Mobile Security
|
| |
Mon Nov 19
|
Mobile security, platform and overview
(slides)
|
Lab 5 due & Lab 6 out
|
| |
Wed Nov 21
|
No Class (Thanksgiving Break)
|
| |
Mon Nov 26
|
Midterm review II (practice
queststions), (Study
guide)
|
| |
Wed Nov 28
|
Midterm II
|
| |
Mon Dec 3
|
Reading week (no class)
|
| |
Wed Dec 5
|
Reading week (no class)
|
Lab 6 due
|