CS 161: Computer Security

Announcements:

The final exam is Friday, May 14, 11:30am-2:30pm PT. See the exam logistics page for details.

Instructor: Nicholas Weaver

Lecture: Tu/Th, 6:30pm-8:00pm PT

Date	Lecture	Readings	Discussion	HW
Tue 01/19	Introduction (recording)	Optional: 61C review Memory Safety notes, section 1 C, x86, and GDB cheatsheet Project 1 Q1 video walkthrough Optional: Review videos Optional: G&T § 1.1, Craft § 1-1.1, 1.3	No discussion	HW1
Thu 01/21	Security Principles (recording)	Security Principles notes Optional: Review videos Optional: G&T § 1.1.4, 3.4.6	No discussion
Mon 01/25	Project 1 released		61C Review, Security Principles (solutions) (recording)
Tue 01/26	Buffer Overflows (recording)	Memory Safety notes, section 2 Smashing The Stack For Fun And Profit Slides on a normal x86 function call, a crash, a control-flow diversion, and code injection. Optional: Review videos Optional: G&T § 3.4, Craft § 6.1-6.3
Thu 01/28	Buffer Overflow Defenses (recording)	Memory Safety notes, section 3 Pointer Authentication Real World Exploit Example Optional: Review videos Optional: G&T § 9.4-9.5; Craft § 6.5-6.7
Mon 02/01	Optional Lab 1 released		Memory Safety (solutions) (recording)	HW2
Tue 02/02	IND-CPA + One-Time Pads + Block Ciphers + Symmetric Key Encryption (recording)	Cryptography notes, sections 1-3 Enigma Machine Notebook Optional: Review videos Optional: G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3
Thu 02/04	Symmetric Key Encryption (cont.) + Hashing + Integrity (MACs) + Pseudorandom Generators (recording)	Cryptography notes, sections 4-6 AES Demo Optional: Review videos Optional: Stick figure guide to AES, G&T § 8.1.0-8.1.3, 8.1.6-8.1.7; Craft § 7.1, 7.3.2 - 7.3.3
Tue 02/09	Pseudorandom Generators (cont.) + Public Key Exchange (recording)	Cryptography notes, section 7 Optional: Review videos Optional: G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5	Symmetric-Key Cryptography (solutions) (recording) Exam Prep (solutions)
Thu 02/11	Public Key Encryption + Digital Signatures (recording)	Cryptography notes, sections 8-9 Optional: Review videos Optional: G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2
Tue 02/16	Certificates (recording)	Cryptography notes, section 10 Optional: Review videos Optional: G&T § 1.3.2, 1.3.4, 8.2.3, 8.3, 8.4.1, 8.4.3; Craft § 7.4.2	Asymmetric Cryptography (solutions) (recording)	HW3
Thu 02/18	Password Hashing + Blockchain (recording)	Cryptography notes, sections 11-12 Risks of Cryptocurrencies How to make money with Bitcoin Optional: Review videos
Fri 02/19	Project 1 due (11:59pm PT)
Mon 02/22	Project 2 released		Public Key Cryptography (solutions) (recording)
Tue 02/23	Signal + Tor (recording)	Optional: Review videos
Thu 02/25	Command Injection + SQL Injection (recording)	Web notes, section 5 Squigler demo Optional: Review videos
Tue 03/02	Intro to Web + Cookies (recording)	Web notes, sections 1-4, 7 Optional: Review videos	Midterm Review	HW4
Thu 03/04	Cross-Site Request Forgery (CSRF) + Cross-Site Scripting (XSS) (recording)	Web notes, sections 6, 8 OWASP page on CSRF OWASP page on XSS Optional: Review videos
Fri 03/05	Midterm (5:00pm-7:00pm PT)
Tue 03/09	XSS (continued) + UI Attacks (recording)	Web notes, section 6 XSS Prevention Cheat Sheet Content Security Policy	SQL Injection and Cookies (solutions) (recording)
Thu 03/11	Captchas + Networking Background (recording)	Networking notes, section 1 Optional: Review videos	SQL Injection and Cookies (solutions) (recording)
Tue 03/16	Low-Level Network Attacks (recording)	Networking notes, sections 2-4	CSRF and XSS (solutions) (recording)
Thu 03/18	Layer 3 (IP) + BGP + DNS (recording)	Networking notes, sections 5, 8-9 Optional: Review videos
Fri 03/19	Optional Lab 1 due (11:59pm PT)
Fri 03/19	Project 2 design doc draft due (11:59pm PT)
Tue 03/23	Spring Break (No Lecture)		Spring Break (No discussion)
Thu 03/25	Spring Break (No Lecture)		Spring Break (No discussion)
Tue 03/30	TCP + TLS (recording)	Networking notes, sections 6-7 Optional: Review videos	UI Based Attacks and Privacy (solutions) (recording)	HW5
Thu 04/01	TLS (continued) + Denial of Service (recording)	Networking notes, section 7 Optional: Review videos	UI Based Attacks and Privacy (solutions) (recording)
Mon 04/05	Optional Lab 2 released		TLS and TCP (solutions) (recording)
Tue 04/06	DNSSEC (recording)	Networking notes, section 10 Optional: Review videos
Thu 04/08	Intrusion Detection (recording)	Optional: Review videos
Mon 04/12	Project 3 released		DNS (solutions) (recording)	HW6
Tue 04/13	Abusing Intrusion Detection (recording)
Thu 04/15	Network Censorship + Malware (recording)
Fri 04/16	Project 2 due (11:59pm PT)
Tue 04/20	Malcode + Special Topics - Boeing 737-MAX (recording)		Intrusion Detection (solutions) (recording)
Thu 04/22	Special Topics - Quantum + Nukes + Side channels (recording)		Intrusion Detection (solutions) (recording)
Tue 04/27	Special Topics - Personal Security (recording)		Web Security and Special Topics (solutions)	HW7
Thu 04/29	Project 2 Walkthrough + Ask Nick Anything (recording)
Fri 04/30	Project 3 due (11:59pm PT)
Tue 05/04	RRR Week		Final Review
Thu 05/06	RRR Week
Fri 05/07	Optional Lab 2 due (11:59pm PT)
Fri 05/14	Final exam (11:30am-2:30pm PT)