CS 161: Computer Security

Fall 2020 students: The tentative course website is at https://fa20.cs161.org/.

Announcements:

Final logistics have been released.
Homework 7 has been released. It is due Sunday, August 9 at 11:59pm PT.
Project 3 has been released. It is due Monday, August 10 at 11:59pm PT.

Instructors: Peyrin Kao and Ryan Lehmkuhl

Lecture: Online

Date	Lecture	Readings	Discussion	HW
Mon 06/22	Introduction	Optional: CS61C review Optional: G&T § 1.1, Craft § 1-1.1, 1.3	No discussion!	HW1
Tue 06/23	Security Principles	Notes (Principles) Notes (Design Patterns) Optional: G&T § 1.1.4, 3.4.6	No discussion!
Wed 06/24	Project 1 released		x86, GDB, and Security Principles (solutions)
Wed 06/24	Buffer Overflows	Notes Smashing The Stack For Fun And Profit, by Aleph One Optional: G&T § 3.4, Craft § 6.1-6.3
Thu 06/25	Buffer Overflow Defenses	Notes Optional: G&T § 9.4-9.5; Craft § 6.5-6.7
Mon 06/29	IND-CPA, OTP and Block ciphers	Notes, sections 1-5 Optional: G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3	Software Security (solutions)	HW2
Tue 06/30	Symmetric key encryption + PRG	Notes, section 6 AES Demo Optional: Stick figure guide to AES, G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3	Software Security (solutions)
Wed 07/01	Public Key Exchange	Notes, section 1 Optional: G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5	Cryptography I (solutions)
Thu 07/02	Public Key Encryption + Hashing	Notes, section 2 Optional: G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2	Cryptography I (solutions)
Mon 07/06	Integrity and Authentication + Key Management	Notes Optional: G&T § 1.3.2, 1.3.4, 8.2.3, 8.3, 8.4.1, 8.4.3; Craft § 7.4.2	Cryptography II (solutions)	HW3
Tue 07/07	Project 1 due (11:59pm PT)
Tue 07/07	Hierarchical Key Management + Password Hashing	Notes (Key Management) Notes (Passwords)
Wed 07/08	Networking Background	Notes, section 1-3 Networking terminology quick-reference Optional: G&T § 5.1-5.1.2, 5.3-5.3.1, 5.4-5.4.2, 6.1-6.1.2, 7.1-7.1.1; Craft § 5.1, 5.4.1	Cryptography III (solutions)
Thu 07/09	Networking Attacks - TCP and DHCP	Notes, section 4 Packet Capturing Demo Optional: G&T § 5.1.3, 5.2.3, 5.3.3-5.3.4, 5.4.4; Craft § 5.3.1	Cryptography III (solutions)
Mon 07/13	Midterm		No discussion!	HW4
Mon 07/13	Midterm (no lecture)	None
Tue 07/14	Project 2 released
Tue 07/14	TLS	Notes, section 5 Optional: G&T § 6.1.3 (pp. 278-284), 1.1.1, 7.1.2, 8.3
Wed 07/15	DNS	Notes, sections 6-7 Optional: G&T § 1.1.1, 7.1.2, 8.3	Network Security I (solutions)
Thu 07/16	DNSSEC	Notes, sections 7-8 Reliable DNS Forgery in 2008: Kaminsky’s Discovery Optional: An Illustrated Guide to the Kaminsky DNS Vulnerability	Network Security I (solutions)
Mon 07/20	Denial of Service	Notes, section 8 How DNSSEC Works	Network Security II (solutions)	HW5
Tue 07/21	Firewalls	Notes Optional: G&T § 5-5.4	Network Security II (solutions)
Wed 07/22	Project 2 design doc due (11:59pm PT)		Network Security III (solutions)
Wed 07/22	Intrusion Detection	Optional: G&T § 6.2, 6.3 intro, 6.3.3; Craft § 5.3.2
Thu 07/23	Intro to web security, Same-origin policy	Same-origin policy Optional: Web Security: Are You Part Of The Problem?, Clickjacking Paper, G&T § 7.1.1, 7.1.3-7.1.4, 7.3.1-7.3.2, 7.3.4, 7.3.6; Craft § 12.1.1, 12.1.2, 12.1.3]
Mon 07/27	SQL Injection	SQL Injection Attacks by Example	Web Security I (solutions)	HW6
Tue 07/28	XSS		Web Security I (solutions)
Wed 07/29	Project 2 due (11:59pm PT)		Web Security II (solutions)
Wed 07/29	Cookies and Session Management	Cookies Optional: Secure Session Management With Cookies for Web Applications, G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4
Thu 07/30	Project 3 released
Thu 07/30	CSRF + Phishing	OWASP Cheatsheet Series (take a look at XSS, CSRF, SQL Injection, Clickjacking and Command Injection)
Mon 08/03	UI Attacks		Web Security III (solutions)	HW7
Tue 08/04	Anonymity, Tor		Web Security III (solutions)
Wed 08/05	Bitcoin	Bitcoin Paper	Miscellaneous Topics
Thu 08/06	Bitcoin		Miscellaneous Topics
Mon 08/10	Project 3 due (11:59pm PT)		Final Review
Mon 08/10	Optional Lecture: COVID-19 Contact Tracing (5:00pm-6:00pm PT)
Tue 08/11	Optional Lecture: Signal Protocol (5:00pm-5:30pm PT)
Tue 08/11	Optional Lecture: DNA Cryptography (5:30pm-6:00pm PT)
Wed 08/12	Optional Lecture: Using Buffer Overflows to Speedrun Super Mario Bros. 3 (5:00pm-6:00pm PT)
Thu 08/13	Final exam