CS 161: Computer Security

Announcements:

Homework 4 has been released. It is due Sunday, July 19 at 11:59pm PT.
Project 2 has been released. The first part is due Wednesday, July 22 at 11:59pm PT.

Instructors: Peyrin Kao and Ryan Lehmkuhl

Lecture: Online

Date	Lecture	Readings	Discussion	HW
Mon 06/22	Introduction	Optional: CS61C review Optional: G&T § 1.1, Craft § 1-1.1, 1.3	No discussion!	HW1
Tue 06/23	Security Principles	Notes (Principles) Notes (Design Patterns) Optional: G&T § 1.1.4, 3.4.6	No discussion!
Wed 06/24	Project 1 released		x86, GDB, and Security Principles (solutions)
Wed 06/24	Buffer Overflows	Notes Smashing The Stack For Fun And Profit, by Aleph One Optional: G&T § 3.4, Craft § 6.1-6.3
Thu 06/25	Buffer Overflow Defenses	Notes Optional: G&T § 9.4-9.5; Craft § 6.5-6.7
Mon 06/29	IND-CPA, OTP and Block ciphers	Notes, sections 1-5 Optional: G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3	Software Security (solutions)	HW2
Tue 06/30	Symmetric key encryption + PRG	Notes, section 6 AES Demo Optional: Stick figure guide to AES, G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3	Software Security (solutions)
Wed 07/01	Public Key Exchange	Notes, section 1 Optional: G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5	Cryptography I (solutions)
Thu 07/02	Public Key Encryption + Hashing	Notes, section 2 Optional: G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2	Cryptography I (solutions)
Mon 07/06	Integrity and Authentication + Key Management	Notes Optional: G&T § 1.3.2, 1.3.4, 8.2.3, 8.3, 8.4.1, 8.4.3; Craft § 7.4.2	Cryptography II (solutions)	HW3
Tue 07/07	Project 1 due (11:59pm PT)
Tue 07/07	Hierarchical Key Management + Password Hashing	Notes (Key Management) Notes (Passwords)
Wed 07/08	Networking Background	Notes, section 1 Networking terminology quick-reference Optional: G&T § 5.1-5.1.2, 5.3-5.3.1, 5.4-5.4.2, 6.1-6.1.2, 7.1-7.1.1; Craft § 5.1, 5.4.1	Cryptography III (solutions)
Thu 07/09	Networking Attacks - TCP and DHCP	Notes, section 2 Packet Capturing Demo Optional: G&T § 5.1.3, 5.2.3, 5.3.3-5.3.4, 5.4.4; Craft § 5.3.1	Cryptography III (solutions)
Mon 07/13	Midterm		No discussion!	HW4
Mon 07/13	Midterm (no lecture)	None
Tue 07/14	Project 2 released
Tue 07/14	TLS	Notes, section 5 Optional: G&T § 6.1.3 (pp. 278-284), 1.1.1, 7.1.2, 8.3
Wed 07/15	DNS	Notes, sections 6-7 Optional: G&T § 1.1.1, 7.1.2, 8.3	Network Security I
Thu 07/16	DNSSEC	Notes, sections 7-8 Reliable DNS Forgery in 2008: Kaminsky’s Discovery Optional: An Illustrated Guide to the Kaminsky DNS Vulnerability	Network Security I
Mon 07/20	Denial of Service	Notes, section 8 How DNSSEC Works	Network Security II	HW5
Tue 07/21	Firewalls	None Optional: G&T § 5-5.4	Network Security II
Wed 07/22	Project 2 design doc due		Network Security III
Wed 07/22	Intrusion Detection	Notes Optional: G&T § 6.2, 6.3 intro, 6.3.3; Craft § 5.3.2
Thu 07/23	Intro to web security, Same-origin policy (Clickjacking)	Same-origin policy Optional: Web Security: Are You Part Of The Problem?, Clickjacking Paper, G&T § 7.1.1, 7.1.3-7.1.4, 7.3.1-7.3.2, 7.3.4, 7.3.6; Craft § 12.1.1, 12.1.2, 12.1.3]
Mon 07/27	SQL Injection	SQL Injection Attacks by Example Squigler Demo	Web Security I	HW6
Tue 07/28	XSS and Cookies		Web Security I
Wed 07/29	Project 2 due		Web Security II
Wed 07/29	CSRF and Session Management	Secure Session Management With Cookies for Web Applications Optional: G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4
Thu 07/30	Project 3A released
Thu 07/30	Phishing + UI Attacks	OWASP Cheatsheet Series (take a look at XSS, CSRF, SQL Injection, Clickjacking and Command Injection)
Mon 08/03	Anonymity, Tor		Web Security III	HW7
Tue 08/04	Project 3A due
Tue 08/04	Contact Tracing	Contact Tracing Reading
Wed 08/05	Project 3B released		Miscellaneous Topics
Wed 08/05	Bitcoin	Bitcoin Paper
Thu 08/06	Bitcoin
Mon 08/10	Project 3B due		Final Review
Mon 08/10	Certificate Transparency
Tue 08/11	TBA
Wed 08/12	TBA
Thu 08/13	Final exam
Thu 08/13	Final exam (no lecture)