| Date | Topic and Slides | Recommended Readings | Assignments |
|---|---|---|---|
| Week 1 | |||
| 09/29/2021 | Course overview slides | Security Engineering Chapter 1 | |
| 10/01/2021 | Introduction to security slides | Multics Security Evaluation (Section 3.4.5) and Reflections on Trusting Trust | |
| Week 2 | |||
| 10/04/2021 | Software security: Buffer overflows slides | ||
| 10/06/2021 | Software security: Buffer overflows continued slides, inked | Smashing the Stack for Fun and Profit [Corrected and reformatted, original] and Exploiting Format String Vulnerabilities and Once Upon a free() | |
| 10/08/2021 | Software security: Buffer overflow defenses slides | Re-read last readings :) | Homework #1 due (11:59pm) |
| Week 3 | |||
| 10/11/2021 | Software security: Misc and principles slides | The Eternal War in Memory and Memory Safety in Chrome (2021) | |
| 10/13/2021 | Cryptography: Introduction slides | Security Engineering Ch5 | |
| 10/15/2021 | Cryptography: Symmetric encryption slides | Keep reading the previous one! | Lab #1a due (11:59pm) |
| Week 4 | |||
| 10/18/2021 | Cryptography: Symmetric encryptionslides | ||
| 10/20/2021 | Cryptography: Block Cipher Modes, Hash functions and MACs slides | ||
| 10/22/2021 | Cryptography: Hash functions, MACs, and Asymmetric key crypto slides | ||
| Week 5 | |||
| 10/25/2021 | Cryptography: Asymmetric key crypto slides | Blog: Don't use RSA | |
| 10/27/2021 | End of Cryptography and Web security: Certificates slides | Certificate Transparency | Lab #1b due (11:59pm) |
| 10/29/2021 | Web security: Overview and browser security model slides | TLS 1.3 Illustrated | |
| Week 6 | |||
| 11/01/2021 | Web security: Web application security slides | ||
| 11/03/2021 | Cancelled | ||
| 11/05/2021 | Web security: Web application securityslides | Strongly recommended: Advanced SQL Injection, XSS Cheat Sheet | Homework #2 due (11:59pm) |
| Week 7 | |||
| 11/08/2021 | Web security: Web application security slides | ||
| 11/10/2021 | Authentication slides | ||
| 11/12/2021 | Web privacy slides | Final Project checkpoint #1 due (11:59pm) | |
| Week 8 | |||
| 11/15/2021 | Guest lecture: Alex Gantman (Qualcomm) Head of Product Security Engineering -- Not recorded | None | |
| 11/17/2021 | Anonymity slides | None | |
| 11/19/2021 | Mobile platform security slides | Lab #2 due (11:59pm) | |
| Week 9 | |||
| 11/22/2021 | Usable security slides | None | |
| 11/24/2021 | Physical Security (fun, not important) -- Not recorded | None | |
| 11/26/2021 | No Class: Thanksgiving | None | Final Project checkpoint #2 due (11:59pm) |
| Week 10 | |||
| 11/29/2021 | Guest lecture: Joe DeBlasio, Google Chrome -- Not recorded | None | Homework #3 due (11:59pm) |
| 12/1/2021 | Side channels pt1 slides | None | |
| 12/3/2021 | Guest lecture: Emily McReynolds, Law+Policy+Security -- Not recorded | ||
| Week 11 | |||
| 12/6/2021 | Side channels pt2 slides | None | |
| 12/8/2021 | Surprise Security Topic -- Not Recorded | Relevant readings: The Export of Cryptography in the 20th Century and the 21st, Diffie and Landau. Lawful Device Access without Mass Surveillance Risk: A Technical Design Discussion, Savage. | Lab #3 due (11:59pm) Materials on assignments page. |
| 12/10/2021 | Emerging technologies / Wrap-up -- On Zoom, see Canvas slides | ||
| Finals Week | |||
| 12/13/2021 | (No Meeting) | None | Final Project due (11:59pm) |