CS 161: Computer Security

Announcements:

  • Homework 4 has been released. It is due Sunday, July 19 at 11:59pm PT.
  • Project 2 has been released. The first part is due Wednesday, July 22 at 11:59pm PT.

Instructors: Peyrin Kao and Ryan Lehmkuhl

Lecture: Online

Show/hide optional readings

Skip to current week

Date Lecture Readings Discussion HW
Mon
06/22
Introduction

Optional: CS61C review

No discussion! HW1
Tue
06/23
Security Principles

Notes (Principles)

Notes (Design Patterns)

Wed
06/24

Project 1 released

x86, GDB, and Security Principles (solutions)
Wed
06/24
Buffer Overflows

Notes

Smashing The Stack For Fun And Profit, by Aleph One

Thu
06/25
Buffer Overflow Defenses

Notes

Mon
06/29
IND-CPA, OTP and Block ciphers

Notes, sections 1-5

Software Security (solutions)HW2
Tue
06/30
Symmetric key encryption + PRG

Notes, section 6

AES Demo

Wed
07/01
Public Key Exchange

Notes, section 1

Cryptography I (solutions)
Thu
07/02
Public Key Encryption + Hashing

Notes, section 2

Mon
07/06
Integrity and Authentication + Key Management

Notes

Cryptography II (solutions)HW3
Tue
07/07

Project 1 due (11:59pm PT)

Tue
07/07
Hierarchical Key Management + Password Hashing

Notes (Key Management)

Notes (Passwords)

Wed
07/08
Networking Background

Notes, section 1

Networking terminology quick-reference

Cryptography III (solutions)
Thu
07/09
Networking Attacks - TCP and DHCP

Notes, section 2

Packet Capturing Demo

Mon
07/13

Midterm

No discussion! HW4
Mon
07/13
Midterm (no lecture)

None

Tue
07/14

Project 2 released

Tue
07/14
TLS

Notes, section 5

Wed
07/15
DNS

Notes, sections 6-7

Network Security I
Thu
07/16
DNSSEC

Notes, sections 7-8

Reliable DNS Forgery in 2008: Kaminsky’s Discovery

Mon
07/20
Denial of Service

Notes, section 8

How DNSSEC Works

Network Security II HW5
Tue
07/21
Firewalls

None

Wed
07/22

Project 2 design doc due

Network Security III
Wed
07/22
Intrusion Detection

Notes

Thu
07/23
Intro to web security, Same-origin policy (Clickjacking)

Same-origin policy

Mon
07/27
SQL Injection

SQL Injection Attacks by Example

Squigler Demo

Web Security I HW6
Tue
07/28
XSS and Cookies
Wed
07/29

Project 2 due

Web Security II
Wed
07/29
CSRF and Session Management

Secure Session Management With Cookies for Web Applications

Thu
07/30

Project 3A released

Thu
07/30
Phishing + UI Attacks

OWASP Cheatsheet Series (take a look at XSS, CSRF, SQL Injection, Clickjacking and Command Injection)

Mon
08/03
Anonymity, Tor Web Security III HW7
Tue
08/04

Project 3A due

Tue
08/04
Contact Tracing

Contact Tracing Reading

Wed
08/05

Project 3B released

Miscellaneous Topics
Wed
08/05
Bitcoin

Bitcoin Paper

Thu
08/06
Bitcoin
Mon
08/10

Project 3B due

Final Review
Mon
08/10
Certificate Transparency
Tue
08/11
TBA
Wed
08/12
TBA
Thu
08/13

Final exam

Thu
08/13
Final exam (no lecture)