CS 161: Computer Security

Instructors: Raluca Ada Popa and David Wagner

Lecture: M/W/F 1-2pm at Dwinelle 155

Skip to current week

Date Lecture Readings Discussion
Wed
01/22
Introduction

Required: If You Are Being Stalked by an Ex, an App Can’t Protect You

Optional: G&T § 1.1, Craft § 1-1.1, 1.3]

No discussion!
Fri
01/24
Security principles

Notes on Principles for Building Secure Systems.

Notes on Design Patterns for Building Secure Systems.

Optional: G&T § 1.1.4, 3.4.6

Mon
01/27
Buffer overflows

Notes on Memory Safety.

Smashing The Stack For Fun And Profit, by Aleph One

Optional: G&T § 3.4, Craft § 6.1-6.3

Homework 0 Released

x86, GDB, and Security Principles (solutions)
Wed
01/29
Memory safety

Slides from Matthias Vallentin on a Normal x86 function call, a crash, a control-flow diversion, and Code Injection.

Homework 1 Released

Fri
01/31
Memory Safety Defenses

Notes on Reasoning About Code

Optional: G&T § 9.4-9.5; Craft § 6.5-6.7

Homework 0 Due

Mon
02/03
Software Security

Notes on Secure Software Development

Optional: G&T § 9.4-9.5; Craft § 6.5-6.7

Optional: Eevee’s guide for Testing for People Who Hate Testing

Software Security (solutions)
Wed
02/05
Cryptography: Definitions

Notes.
[G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3]

Technical Analysis of the Pegasus Exploits on iOS

Engima Machine Notebook

Project 1 Released

Fri
02/07
Block Ciphers and Symmetric key encryption

Notes.
[G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3]

Optional: Stick figure guide to AES

Homework 1 Due

Mon
02/10
Symmetric key encryption

AES Demo

Cryptography I (solutions)
Wed
02/12
Public Key Exchange

Notes, section 1

[G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5]

Fri
02/14
Public Key Encryption

The Debian PGP disaster that almost was

DSA requirements for random k value

U2F ECDSA vulnerability

Notes, section 2

[G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2]

Sat
02/15

Project 1 Party (4-7pm, Soda Hall - Wozniak Lounge)

Sun
02/16

MT 1 Review (5-7pm, HP Auditorium)

Cryptography II/MT Review (solutions)
Mon
02/17
Holiday

Project 1 Due

Wed
02/19
Midterm 1 In-Class Review

Midterm 1 8:00-9:30pm, 150 Wheeler

Fri
02/21
Hashing

A GIF which displays its own MD5 hash

Another one, with a writeup

Mon
02/24
Integrity and Authentication

Notes.
[G&T § 1.3.2, 1.3.4, 8.2.3, 8.3, 8.4.1, 8.4.3; Craft § 7.4.2]

Cryptography III
Wed
02/26
Cryptography
Fri
02/28
Cryptography
Mon
03/02
Network Security: Background

Networking terminology quick-reference.
[G&T § 5.1-5.1.2, 5.3-5.3.1, 5.4-5.4.2, 6.1-6.1.2, 7.1-7.1.1; Craft § 5.1, 5.4.1]

Network Security I
Wed
03/04
Network Attacks: Lower Layers

[G&T § 5.1.3, 5.2.3, 5.3.3-5.3.4, 5.4.4; Craft § 5.3.1]

Fri
03/06
Network Attacks: DNS

G&T § 6.1.3 (pp. 278-284)
Reliable DNS Forgery in 2008: Kaminsky’s Discovery
An Illustrated Guide to the Kaminsky DNS Vulnerability

Mon
03/09
Network Attacks: TCP

G&T § 6.1.3 (pp. 278-284)

Network Security II
Wed
03/11
Network Security: TCP and TLS

G&T § 1.1.1, 7.1.2, 8.3

Fri
03/13
Denial of Service
Mon
03/16
Firewalls

Notes on Firewalls.
[G&T § 6.2, 6.3 intro, 6.3.3; Craft § 5.3.2]

Network Security III
Wed
03/18
DNSSEC

How DNSSEC Works

Fri
03/20
Intrusion Detection
Mon
03/23
Spring break No discussion!
Wed
03/25
Spring break
Fri
03/27
Spring break
Mon
03/30
Intro to web security

[G&T § 7.1.1, 7.1.3-7.1.4, 7.3.1-7.3.2, 7.3.4, 7.3.6; Craft § 12.1.1, 12.1.2, 12.1.3]
Web Security: Are You Part Of The Problem?

Spanish Flu

Squigler Demo

Web Security I
Wed
04/01
Same-origin policy

Same-origin policy

Cookies

Optional: “Cookies Lack Integrity”

Fri
04/03
SQL Injection

SQL Injection Attacks by Example

Mon
04/06
Midterm 2

8:30-10:00pm

Web Security II
Wed
04/08
XSS

XSS (Cross Site Scripting) Prevention Cheat Sheet

Fri
04/10
CSRF and Session Management

OWASP Cheatsheet Series (take a look at XSS, CSRF, SQL Injection, Clickjacking and Command Injection)

Secure Session Management With Cookies for Web Applications

[G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4]

Mon
04/13
Phishing and UI-Based Attacks Web Security III
Wed
04/15
Web Security
Fri
04/17
Web Security
Mon
04/20
Bitcoin TBA
Wed
04/22
Certificate Transparency
Fri
04/24
Malware

[G&T § 6.4][G&T § 4.2, 4.5].
Optional but cool: Outwitting the Witty Worm

Mon
04/27
Anonymity, Tor Miscellaneous Topics
Wed
04/29
TBD
Fri
05/01
TBD
Mon
05/04
RRR Week
Wed
05/06
RRR Week
Fri
05/08
RRR Week
Mon
05/11
Finals Week
Tue
05/12

Final (8-11am)

Wed
05/13
Finals Week
Fri
05/15
Finals Week