CS 161: Computer Security

Instructors: Raluca Ada Popa and David Wagner

Lecture: M/W/F 1-2pm at Dwinelle 155

Skip to current week

Date Lecture Readings Discussion
Wed
01/22
Introduction

Required: If You Are Being Stalked by an Ex, an App Can’t Protect You

Optional: G&T § 1.1, Craft § 1-1.1, 1.3]

No discussion!
Fri
01/24
Security principles

Notes on Principles for Building Secure Systems.

Notes on Design Patterns for Building Secure Systems.

Optional: G&T § 1.1.4, 3.4.6

Mon
01/27
Buffer overflows

Notes on Memory Safety.

Smashing The Stack For Fun And Profit, by Aleph One

Optional: G&T § 3.4, Craft § 6.1-6.3

Homework 0 Released

x86, GDB, and Security Principles (solutions)
Wed
01/29
Memory safety

Slides from Matthias Vallentin on a Normal x86 function call, a crash, a control-flow diversion, and Code Injection.

Homework 1 Released

Fri
01/31
Memory Safety Defenses

Notes on Reasoning About Code

Optional: G&T § 9.4-9.5; Craft § 6.5-6.7

Homework 0 Due

Mon
02/03
Software Security

Notes on Secure Software Development

Optional: G&T § 9.4-9.5; Craft § 6.5-6.7

Optional: Eevee’s guide for Testing for People Who Hate Testing

Software Security (solutions)
Wed
02/05
Cryptography: Definitions

Notes.
[G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3]

Technical Analysis of the Pegasus Exploits on iOS

Engima Machine Notebook

Project 1 Released

Fri
02/07
Block Ciphers and Symmetric key encryption

Notes.
[G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3]

Optional: Stick figure guide to AES

Homework 1 Due

Mon
02/10
Symmetric key encryption

AES Demo

Cryptography I (solutions)
Wed
02/12
Public Key Exchange

Notes, section 1

[G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5]

Fri
02/14
Public Key Encryption

The Debian PGP disaster that almost was

DSA requirements for random k value

U2F ECDSA vulnerability

Notes, section 2

[G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2]

Sat
02/15

Project 1 Party (4-7pm, Soda Hall - Wozniak Lounge)

Sun
02/16

MT 1 Review (5-7pm, HP Auditorium)

MT Review (solutions)
Mon
02/17
Holiday

Project 1 Due

Homework 2 Released

Wed
02/19
Midterm 1 In-Class Review

Midterm 1 8:00-9:30pm, 150 Wheeler

Fri
02/21
Hashing

A GIF which displays its own MD5 hash

Another one, with a writeup

Mon
02/24
Integrity and Authentication

Notes.
[G&T § 1.3.2, 1.3.4, 8.2.3, 8.3, 8.4.1, 8.4.3; Craft § 7.4.2]

Cryptography II (solutions)
Tue
02/25

Homework 2a Due

Wed
02/26
Key Management

Key Management Notes (Paxson)

Project 2 Released

Fri
02/28
Hierarchical Key Management

Password Notes

Mon
03/02
Network Security: Background

Networking terminology quick-reference.
[G&T § 5.1-5.1.2, 5.3-5.3.1, 5.4-5.4.2, 6.1-6.1.2, 7.1-7.1.1; Craft § 5.1, 5.4.1]

Homework 2b Due

Cryptography III (solutions)
Wed
03/04
Network Background

[G&T § 5.1.3, 5.2.3, 5.3.3-5.3.4, 5.4.4; Craft § 5.3.1]

Fri
03/06
Network Attacks: TCP, DHCP, DNS

G&T § 6.1.3 (pp. 278-284), 1.1.1, 7.1.2, 8.3

Packet Capturing Demo
Project 2 Design Doc Due

Sat
03/07

Networking Tutorial (5-7pm, HP Auditorium)

Mon
03/09
Network Attacks: DNS

Reliable DNS Forgery in 2008: Kaminsky’s Discovery
An Illustrated Guide to the Kaminsky DNS Vulnerability

Network Security I (solutions)
Wed
03/11
DNSSEC

How DNSSEC Works

Fri
03/13
Denial of Service
Mon
03/16
Firewalls

Notes on Firewalls.
[G&T § 6.2, 6.3 intro, 6.3.3; Craft § 5.3.2]

Network Security II (solutions)
Wed
03/18
Intrusion Detection
Fri
03/20
Detection, Secure Channels
Mon
03/23
Spring break No discussion!
Wed
03/25
Spring break
Fri
03/27
Spring break
Mon
03/30
TLS

G&T § 1.1.1, 7.1.2, 8.3

Network Security III (solutions)
Tue
03/31

Project 2 Implementation Due (11:59pm)

Wed
04/01
Intro to WebSec, Same-origin policy

[G&T § 7.1.1, 7.1.3-7.1.4, 7.3.1-7.3.2, 7.3.4, 7.3.6; Craft § 12.1.1, 12.1.2, 12.1.3]
Web Security: Are You Part Of The Problem?

Spanish Flu

Same-origin policy

Fri
04/03
SQL Injection

SQL Injection Attacks by Example

Mon
04/06
Midterm 2 Review

Midterm 2 5:00-6:30pm

Networking Notes

Web Security I
Wed
04/08
XSS

XSS (Cross Site Scripting) Prevention Cheat Sheet

Fri
04/10
Session Management

OWASP Cheatsheet Series (take a look at XSS, CSRF, SQL Injection, Clickjacking and Command Injection)

Secure Session Management With Cookies for Web Applications

[G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4]

Cookies

Squigler Demo

Optional: “Cookies Lack Integrity”

Mon
04/13
CSRF Web Security II
Wed
04/15
Phishing and UI-Based Attacks
Fri
04/17
Web Security
Mon
04/20
Bitcoin Web Security III
Wed
04/22
Certificate Transparency
Fri
04/24
Malware

[G&T § 6.4][G&T § 4.2, 4.5].
Optional but cool: Outwitting the Witty Worm

Mon
04/27
Anonymity, Tor Miscellaneous Topics
Wed
04/29
TBD
Fri
05/01
TBD
Mon
05/04
RRR Week
Wed
05/06
RRR Week
Fri
05/08
RRR Week
Mon
05/11
Finals Week
Tue
05/12

Final (8-11am)

Wed
05/13
Finals Week
Fri
05/15
Finals Week