CS 161: Computer Security

Instructor: Nicholas Weaver

Lecture: M/W/F 2-3pm at Dwinelle 155

Skip to current week

Date Lecture Readings Discussion
Wed
08/28
Introduction

Required: If You Are Being Stalked by an Ex, an App Can’t Protect You

Optional: G&T § 1.1, Craft § 1-1.1, 1.3]

No discussion!
Fri
08/30
Security Principles

Required: Notes on Principles for Building Secure Systems.

Required: Notes on Design Patterns for Building Secure Systems.

Optional: G&T § 1.1.4, 3.4.6

Sun
09/01

Homework 1 Released

x86, GDB, and Security Principles (solutions)
Mon
09/02
Labor Day
Wed
09/04
More Security Principles
Fri
09/06
Memory Safety

Notes on Memory Safety.
[G&T § 3.4, Craft § 6.1-6.3]
Smashing The Stack For Fun And Profit, by Aleph One

Notes on Reasoning About Code and Secure Software Development.
[G&T § 9.4-9.5; Craft § 6.5-6.7]
Eevee’s guide for Testing for People Who Hate Testing

Sun
09/08

Project 1 Released

Software Security (solutions)
Mon
09/09
Memory Safety Defenses

Slides from Matthias Vallentin on a Normal x86 function call, a crash, a control-flow diversion, and Code Injection.

Wed
09/11
IND-CPA, OTP and Block ciphers

Notes.
[G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3]

Technical Analysis of the Pegasus Exploits on iOS

Engima Machine Notebook

Fri
09/13
Symmetric key encryption

Notes.
[G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3]

Optional: Stick figure guide to AES

Sun
09/15

Homework 1 Due

Cryptography I (solutions)
Mon
09/16
Hashing

A GIF which displays its own MD5 hash

Another one, with a writeup

Wed
09/18
Public Key Exchange

Notes, section 1

[G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5]

Fri
09/20

Project 1 Due

Fri
09/20
Public Key Encryption, Hashing

The Debian PGP disaster that almost was

DSA requirements for random k value

U2F ECDSA vulnerability

Notes, section 2

[G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2]

Mon
09/23

Midterm 1 (7-9pm)

Cryptography II
Mon
09/23
No lecture.
Wed
09/25
Integrity and Authentication

Notes.
[G&T § 1.3.2, 1.3.4, 8.2.3, 8.3, 8.4.1, 8.4.3; Craft § 7.4.2]

Fri
09/27
CryptoFails

Notes.
[G&T § 1.3.2, 1.3.4, 8.2.3, 8.3, 8.4.1, 8.4.3; Craft § 7.4.2]
Risks of Cryptocurrencies

Mon
09/30
TBA Cryptography III
Wed
10/02
Network security: Background

Networking terminology quick-reference.
[G&T § 5.1-5.1.2, 5.3-5.3.1, 5.4-5.4.2, 6.1-6.1.2, 7.1-7.1.1; Craft § 5.1, 5.4.1]

Fri
10/04
Network Attacks: Lower Layers

[G&T § 5.1.3, 5.2.3, 5.3.3-5.3.4, 5.4.4; Craft § 5.3.1]

Mon
10/07
TBA Network Security I
Wed
10/09
Network Attacks: DNS & TCP

G&T § 6.1.3 (pp. 278-284)
Reliable DNS Forgery in 2008: Kaminsky’s Discovery
An Illustrated Guide to the Kaminsky DNS Vulnerability

Fri
10/11
Network: TCP and TLS

G&T § 1.1.1, 7.1.2, 8.3

Mon
10/14
TBA Network Security II
Wed
10/16
Denial of Service, Firewalls

[G&T § 5-5.4]
Mitigating Multiple DDoS Attack Vectors [G&T § 4.4, 6.1.4]
The WoSign Saga

Fri
10/18
DNSSEC

Notes on Firewalls.
[G&T § 6.2, 6.3 intro, 6.3.3; Craft § 5.3.2]

Mon
10/21
TBA Network Security III
Wed
10/23
Intro to web security, Same-origin policy

[G&T § 7.1.1, 7.1.3-7.1.4, 7.3.1-7.3.2, 7.3.4, 7.3.6; Craft § 12.1.1, 12.1.2, 12.1.3]
Web Security: Are You Part Of The Problem?

Fri
10/25
SQL Injection

SQL Injection Attacks by Example
XSS (Cross Site Scripting) Prevention Cheat Sheet

Mon
10/28
TBA Web Security I
Wed
10/30
XSS and Cookies

Secure Session Management With Cookies for Web Applications

Fri
11/01
CSRF and Session Management

[G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4]

Mon
11/04
TBA Web Security II
Wed
11/06
Phishing and UI-Based Attacks
Fri
11/08
Bitcoin

Bitcoin: A Peer-to-Peer Electronic Cash System

Mon
11/11
TBA Web Security III
Wed
11/13
Network Monitoring

[G&T § 6.4]

Thu
11/14

Midterm 2 (7-9pm)

Fri
11/15
Abusing Network Monitoring

[G&T § 6.4]

Mon
11/18
Veterans Day TBA
Wed
11/20
Malcode and Reflections on Trusting Trust

[G&T § 6.4][G&T § 4.2, 4.5], A Taxonomy of Computer Worms. Optional but cool: Outwitting the Witty Worm. Reflections on Trusting Trust.

Fri
11/22
Tor, 737-Max, and Nukes

How the 737-Max Crash Looks to a Software Developer

Mon
11/25
TBA No discussion!
Wed
11/27
Thanksgiving
Fri
11/29
Thanksgiving
Mon
12/02
TBA Miscellaneous Topics
Wed
12/04
Certificate Transparency

Certificate Transparency
Merkle Trees

Fri
12/06
Conclusions
Mon
12/09
RRR Week
Wed
12/11
RRR Week
Fri
12/13
RRR Week
Mon
12/16
Finals Week
Wed
12/18
Finals Week
Thu
12/19

Final (3-6pm)

Fri
12/20
Finals Week