CS 161
CS 161: Computer Security
Instructors: Raluca Ada Popa and David Wagner
Lecture: M/W/F 1-2pm at Dwinelle 155
| Date | Lecture | Readings | Discussion |
|---|---|---|---|
| Wed 01/22 |
Introduction | Required: If You Are Being Stalked by an Ex, an App Can’t Protect You Optional: G&T § 1.1, Craft § 1-1.1, 1.3] |
No discussion! |
| Fri 01/24 |
Security principles | Notes on Principles for Building Secure Systems. Notes on Design Patterns for Building Secure Systems. Optional: G&T § 1.1.4, 3.4.6 |
|
| Mon 01/27 |
Buffer overflows | Notes on Memory Safety. Smashing The Stack For Fun And Profit, by Aleph One Optional: G&T § 3.4, Craft § 6.1-6.3 |
x86, GDB, and Security Principles (solutions) |
| Wed 01/29 |
Memory safety | Slides from Matthias Vallentin on a Normal x86 function call, a crash, a control-flow diversion, and Code Injection. |
|
| Fri 01/31 |
Memory Safety Defenses | Notes on Reasoning About Code Optional: G&T § 9.4-9.5; Craft § 6.5-6.7 |
|
| Mon 02/03 |
Software Security | Notes on Secure Software Development Optional: G&T § 9.4-9.5; Craft § 6.5-6.7 Optional: Eevee’s guide for Testing for People Who Hate Testing |
Software Security (solutions) |
| Wed 02/05 |
Cryptography: Definitions | Notes. |
|
| Fri 02/07 |
Block Ciphers and Symmetric key encryption | Notes. Optional: Stick figure guide to AES |
|
| Mon 02/10 |
Symmetric key encryption | Cryptography I (solutions) | |
| Wed 02/12 |
Public Key Exchange |
[G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5] |
|
| Fri 02/14 |
Public Key Encryption | The Debian PGP disaster that almost was DSA requirements for random k value [G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2] |
|
| Sat 02/15 |
Project 1 Party (4-7pm, Soda Hall - Wozniak Lounge) |
||
| Sun 02/16 |
MT 1 Review (5-7pm, HP Auditorium) |
Cryptography II/MT Review (solutions) | |
| Mon 02/17 |
Holiday | ||
| Wed 02/19 |
Midterm 1 In-Class Review | Midterm 1 8:00-9:30pm, 150 Wheeler |
|
| Fri 02/21 |
Hashing | ||
| Mon 02/24 |
Integrity and Authentication | Notes. |
Cryptography III |
| Wed 02/26 |
Cryptography | ||
| Fri 02/28 |
Cryptography | ||
| Mon 03/02 |
Network Security: Background | Networking terminology quick-reference. |
Network Security I |
| Wed 03/04 |
Network Attacks: Lower Layers | [G&T § 5.1.3, 5.2.3, 5.3.3-5.3.4, 5.4.4; Craft § 5.3.1] |
|
| Fri 03/06 |
Network Attacks: DNS | G&T § 6.1.3 (pp. 278-284) |
|
| Mon 03/09 |
Network Attacks: TCP | G&T § 6.1.3 (pp. 278-284) |
Network Security II |
| Wed 03/11 |
Network Security: TCP and TLS | G&T § 1.1.1, 7.1.2, 8.3 |
|
| Fri 03/13 |
Denial of Service | ||
| Mon 03/16 |
Firewalls | Notes on Firewalls. |
Network Security III |
| Wed 03/18 |
DNSSEC | ||
| Fri 03/20 |
Intrusion Detection | ||
| Mon 03/23 |
Spring break | No discussion! | |
| Wed 03/25 |
Spring break | ||
| Fri 03/27 |
Spring break | ||
| Mon 03/30 |
Intro to web security | [G&T § 7.1.1, 7.1.3-7.1.4, 7.3.1-7.3.2, 7.3.4, 7.3.6; Craft § 12.1.1, 12.1.2, 12.1.3] |
Web Security I |
| Wed 04/01 |
Same-origin policy |
Optional: “Cookies Lack Integrity” |
|
| Fri 04/03 |
SQL Injection | ||
| Mon 04/06 |
Midterm 2 | 8:30-10:00pm |
Web Security II |
| Wed 04/08 |
XSS | ||
| Fri 04/10 |
CSRF and Session Management | OWASP Cheatsheet Series (take a look at XSS, CSRF, SQL Injection, Clickjacking and Command Injection) Secure Session Management With Cookies for Web Applications [G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4] |
|
| Mon 04/13 |
Phishing and UI-Based Attacks | Web Security III | |
| Wed 04/15 |
Web Security | ||
| Fri 04/17 |
Web Security | ||
| Mon 04/20 |
Bitcoin | TBA | |
| Wed 04/22 |
Certificate Transparency | ||
| Fri 04/24 |
Malware | [G&T § 6.4][G&T § 4.2, 4.5]. |
|
| Mon 04/27 |
Anonymity, Tor | Miscellaneous Topics | |
| Wed 04/29 |
TBD | ||
| Fri 05/01 |
TBD | ||
| Mon 05/04 |
RRR Week | ||
| Wed 05/06 |
RRR Week | ||
| Fri 05/08 |
RRR Week | ||
| Mon 05/11 |
Finals Week | ||
| Tue 05/12 |
Final (8-11am) |
||
| Wed 05/13 |
Finals Week | ||
| Fri 05/15 |
Finals Week | ||
