CS 161: Computer Security

Instructors: Raluca Ada Popa and David Wagner

Lecture: M/W/F 1-2pm at Dwinelle 155

Date	Lecture	Readings	Discussion
Wed 01/22	Introduction	Required: If You Are Being Stalked by an Ex, an App Can’t Protect You Optional: G&T § 1.1, Craft § 1-1.1, 1.3]	No discussion!
Fri 01/24	Security principles	Notes on Principles for Building Secure Systems. Notes on Design Patterns for Building Secure Systems. Optional: G&T § 1.1.4, 3.4.6	No discussion!
Mon 01/27	Buffer overflows	Notes on Memory Safety. Smashing The Stack For Fun And Profit, by Aleph One Optional: G&T § 3.4, Craft § 6.1-6.3 Homework 0 Released	x86, GDB, and Security Principles (solutions)
Wed 01/29	Memory safety	Slides from Matthias Vallentin on a Normal x86 function call, a crash, a control-flow diversion, and Code Injection. Homework 1 Released
Fri 01/31	Memory Safety Defenses	Notes on Reasoning About Code Optional: G&T § 9.4-9.5; Craft § 6.5-6.7 Homework 0 Due
Mon 02/03	Software Security	Notes on Secure Software Development Optional: G&T § 9.4-9.5; Craft § 6.5-6.7 Optional: Eevee’s guide for Testing for People Who Hate Testing	Software Security (solutions)
Wed 02/05	Cryptography: Definitions	Notes. [G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3] Technical Analysis of the Pegasus Exploits on iOS Engima Machine Notebook Project 1 Released
Fri 02/07	Block Ciphers and Symmetric key encryption	Notes. [G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3] Optional: Stick figure guide to AES Homework 1 Due
Mon 02/10	Symmetric key encryption	AES Demo	Cryptography I (solutions)
Wed 02/12	Public Key Exchange	Notes, section 1 [G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5]
Fri 02/14	Public Key Encryption	The Debian PGP disaster that almost was DSA requirements for random k value U2F ECDSA vulnerability Notes, section 2 [G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2]
Sat 02/15	Project 1 Party (4-7pm, Soda Hall - Wozniak Lounge)
Sun 02/16	MT 1 Review (5-7pm, HP Auditorium)		MT Review (solutions)
Mon 02/17	Holiday	Project 1 Due Homework 2 Released
Wed 02/19	Midterm 1 In-Class Review	Midterm 1 8:00-9:30pm, 150 Wheeler
Fri 02/21	Hashing	A GIF which displays its own MD5 hash Another one, with a writeup
Mon 02/24	Integrity and Authentication	Notes. [G&T § 1.3.2, 1.3.4, 8.2.3, 8.3, 8.4.1, 8.4.3; Craft § 7.4.2]	Cryptography II (solutions)
Tue 02/25	Homework 2a Due
Wed 02/26	Key Management	Key Management Notes (Paxson) Project 2 Released
Fri 02/28	Hierarchical Key Management	Password Notes
Mon 03/02	Network Security: Background	Networking terminology quick-reference. [G&T § 5.1-5.1.2, 5.3-5.3.1, 5.4-5.4.2, 6.1-6.1.2, 7.1-7.1.1; Craft § 5.1, 5.4.1] Homework 2b Due	Cryptography III (solutions)
Wed 03/04	Network Background	[G&T § 5.1.3, 5.2.3, 5.3.3-5.3.4, 5.4.4; Craft § 5.3.1]
Fri 03/06	Network Attacks: TCP, DHCP, DNS	G&T § 6.1.3 (pp. 278-284), 1.1.1, 7.1.2, 8.3 Packet Capturing Demo Project 2 Design Doc Due
Sat 03/07	Networking Tutorial (5-7pm, HP Auditorium)
Mon 03/09	Network Attacks: DNS	Reliable DNS Forgery in 2008: Kaminsky’s Discovery An Illustrated Guide to the Kaminsky DNS Vulnerability	Network Security I (solutions)
Wed 03/11	DNSSEC	How DNSSEC Works
Fri 03/13	Denial of Service
Mon 03/16	Firewalls	Notes on Firewalls. [G&T § 6.2, 6.3 intro, 6.3.3; Craft § 5.3.2]	Network Security II (solutions)
Wed 03/18	Intrusion Detection
Fri 03/20	Detection, Secure Channels
Mon 03/23	Spring break		No discussion!
Wed 03/25	Spring break
Fri 03/27	Spring break
Mon 03/30	TLS	G&T § 1.1.1, 7.1.2, 8.3	Network Security III (solutions)
Tue 03/31	Project 2 Implementation Due (11:59pm)
Wed 04/01	Intro to WebSec, Same-origin policy	[G&T § 7.1.1, 7.1.3-7.1.4, 7.3.1-7.3.2, 7.3.4, 7.3.6; Craft § 12.1.1, 12.1.2, 12.1.3] Web Security: Are You Part Of The Problem? Spanish Flu Same-origin policy
Fri 04/03	SQL Injection	SQL Injection Attacks by Example
Mon 04/06	Midterm 2 Review	Midterm 2 5:00-6:30pm Networking Notes	Web Security I
Wed 04/08	XSS	XSS (Cross Site Scripting) Prevention Cheat Sheet
Fri 04/10	Session Management	OWASP Cheatsheet Series (take a look at XSS, CSRF, SQL Injection, Clickjacking and Command Injection) Secure Session Management With Cookies for Web Applications [G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4] Cookies Squigler Demo Optional: “Cookies Lack Integrity”
Mon 04/13	CSRF		Web Security II
Wed 04/15	Phishing and UI-Based Attacks
Fri 04/17	Web Security
Mon 04/20	Bitcoin		Web Security III
Wed 04/22	Certificate Transparency
Fri 04/24	Malware	[G&T § 6.4][G&T § 4.2, 4.5]. Optional but cool: Outwitting the Witty Worm
Mon 04/27	Anonymity, Tor		Miscellaneous Topics
Wed 04/29	TBD
Fri 05/01	TBD
Mon 05/04	RRR Week
Wed 05/06	RRR Week
Fri 05/08	RRR Week
Mon 05/11	Finals Week
Tue 05/12	Final (8-11am)
Wed 05/13	Finals Week
Fri 05/15	Finals Week