sep 1
Labor day |
sep 2
Reg day |
sep 3
LEC 1: Introduction, threat models (video)
Assigned: Lab 1: Buffer overflows
First day of classes |
sep 4 |
sep 5 |
sep 8
LEC 2: Control hijacking attacks (video)
Preparation: Read Baggy bounds checking (2009) + errata (Question) |
sep 9 |
sep 10
LEC 3: Buffer overflow exploits and defenses (video)
Preparation: Read Hacking blind (2014) (Question) |
sep 11 |
sep 12
DUE: Lab 1 parts 1+2 |
sep 15
LEC 4: Privilege separation (video)
Preparation: Read OKWS (2004) (Question) |
sep 16 |
sep 17
LEC 5: Guest lecture:
Paul Youn from iSEC Partners (video)
Assigned: Lab 2: Privilege separation |
sep 18 |
sep 19
DUE: Lab 1 all parts |
sep 22
LEC 6: Capabilities (video)
Preparation: Read Confused Deputy (1988) and Capsicum (2010) (Question) |
sep 23 |
sep 24
LEC 7: Sandboxing native code (video)
Preparation: Read Native Client (2009) (Question) |
sep 25 |
sep 26
DUE: Lab 2 part 1 |
sep 29
LEC 8: Web security model (video)
Preparation: Read OWASP top 10 and The Tangled Web (2012), Chapters 9-13 (Question) |
sep 30 |
oct 1
LEC 9: Securing web applications (video)
Preparation: Read Security in Django (2012) and Django CSRF (Question) |
oct 2 |
oct 3
DUE: Lab 2 parts 2+3
ADD DATE |
oct 6
Hacking day |
oct 7 |
oct 8
LEC 10: Symbolic execution (video)
(Guest lecture by Armando Solar-Lezama, MIT CSAIL)
Preparation: Read KLEE (2008) (Question) |
oct 9 |
oct 10
DUE: Lab 2 all parts
Assigned: Lab 3: Symbolic execution |
oct 13
Columbus day |
oct 14 |
oct 15
LEC 11: Ur/Web (video)
(Guest lecture by Adam Chlipala, MIT CSAIL)
Preparation: Read Ur/Web (2015) (Question)
Assigned: Lab 7: Final project |
oct 16 |
oct 17
DUE: Lab 3 part 1 |
oct 20
LEC 12: Network security (video)
Preparation: Read Security Problems in TCP/IP (2004) (Question) |
oct 21 |
oct 22
LEC 13: Network protocols (video)
Preparation: Read Kerberos (1988) (Question)
Assigned: Lab 4: Attacking the server
Quiz 1 Review Notes: 7-9pm in 32-123 |
oct 23
DUE: Post your final project idea on Piazza |
oct 24
DUE: Lab 3 all parts |
oct 27
LEC 14: SSL and HTTPS (video)
Preparation: Read ForceHTTPS (2008) (Question)
Assigned: Lab 5: Browser security |
oct 28 |
oct 29
Quiz 1: Covers lectures 1-14 and labs 1-3
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: Walker, 50-340 |
oct 30 |
oct 31
DUE: Lab 4
DUE: Final project proposal |
nov 3
LEC 15: Medical software (video)
(Guest lecture by Kevin Fu, U. Michigan)
Preparation: Read Trustworthy Medical Device Software (Question) |
nov 4 |
nov 5
LEC 16: Side-channel attacks (video)
Preparation: Read Remote timing attacks (2003) (Question)
Assigned: Lab 6: Javascript sandboxing |
nov 6 |
nov 7 |
nov 10
Veterans day |
nov 11
Veterans day |
nov 12
LEC 17: User authentication (video)
Preparation: Read The Quest to Replace Passwords (2012) and optionally the extended version (Question) |
nov 13 |
nov 14
DUE: Lab 5 |
nov 17
LEC 18: Private browsing (video)
Preparation: Read Private browsing (2010) (Question) |
nov 18 |
nov 19
LEC 19: Anonymous communication (video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)
DROP DATE |
nov 20 |
nov 21
DUE: Lab 6
DUE: Email us a status update on your final project (couple of paragraphs) |
nov 24
LEC 20: Mobile phone security (video)
Preparation: Read Understanding Android Security (2009) + errata (Question)
Quiz 2 Review Quiz 2 Review 2 Notes: 7-9pm in 34-101 |
nov 25 |
nov 26
LEC 21: Data tracking (video)
Preparation: Read TaintDroid (2010) (Question) |
nov 27
Thanksgiving |
nov 28
Thanksgiving |
dec 1
Quiz 2: Covers lectures 15-21 and labs 4-6
Reference: Past quizzes, solutions
Materials: Open laptop, no Internet
Location: Walker, 50-340 |
dec 2 |
dec 3
LEC 22: Guest lecture:
Mark Silis and David LaPorte from MIT IS&T (video) |
dec 4 |
dec 5 |
dec 8
LEC 23: Security economics (video)
Preparation: Read Click Trajectories (2011) (Question) |
dec 9 |
dec 10
LEC 24: Project presentations (video)
DUE: Final project presentation
Last day of classes |
dec 11 |
dec 12
DUE: Final project writeup and code |
dec 15
Final exam week
(No final in 6.858) |
dec 16
Final exam week
(No final in 6.858) |
dec 17
Final exam week
(No final in 6.858) |
dec 18
Final exam week
(No final in 6.858) |
dec 19
Final exam week
(No final in 6.858) |
