CS 161
CS 161: Computer Security
Instructor: Nicholas Weaver
Lecture: M/W/F 2-3pm at Dwinelle 155
| Date | Lecture | Readings | Discussion |
|---|---|---|---|
| Wed 08/28 |
Introduction | Required: If You Are Being Stalked by an Ex, an App Can’t Protect You Optional: G&T § 1.1, Craft § 1-1.1, 1.3] |
No discussion! |
| Fri 08/30 |
Security Principles | Required: Notes on Principles for Building Secure Systems. Required: Notes on Design Patterns for Building Secure Systems. Optional: G&T § 1.1.4, 3.4.6 |
|
| Sun 09/01 |
x86, GDB, and Security Principles (solutions) | ||
| Mon 09/02 |
Labor Day | ||
| Wed 09/04 |
More Security Principles | ||
| Fri 09/06 |
Memory Safety | Notes on Memory Safety. Notes on Reasoning About Code and Secure Software Development. |
|
| Sun 09/08 |
Software Security (solutions) | ||
| Mon 09/09 |
Memory Safety Defenses | Slides from Matthias Vallentin on a Normal x86 function call, a crash, a control-flow diversion, and Code Injection. |
|
| Wed 09/11 |
IND-CPA, OTP and Block ciphers | Notes. |
|
| Fri 09/13 |
Symmetric key encryption | Notes. Optional: Stick figure guide to AES |
|
| Sun 09/15 |
Cryptography I (solutions) | ||
| Mon 09/16 |
Hashing | ||
| Wed 09/18 |
Public Key Exchange |
[G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5] |
|
| Fri 09/20 |
|||
| Fri 09/20 |
Public Key Encryption, Hashing | The Debian PGP disaster that almost was DSA requirements for random k value [G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2] |
|
| Mon 09/23 |
Midterm 1 (7-9pm) |
Cryptography II (solutions) | |
| Mon 09/23 |
No lecture. | ||
| Wed 09/25 |
Integrity and Authentication | Notes. |
|
| Fri 09/27 |
CryptoFails | ||
| Sat 09/28 |
|||
| Mon 09/30 |
Intro to web security, Same-origin policy | [G&T § 7.1.1, 7.1.3-7.1.4, 7.3.1-7.3.2, 7.3.4, 7.3.6; Craft § 12.1.1, 12.1.2, 12.1.3] |
Cryptography III (solutions) |
| Wed 10/02 |
The Web... | See above. |
|
| Fri 10/04 |
Hardware Attacks | ||
| Mon 10/07 |
Same-origin Policy and Cookies | Canceled due to outage | |
| Wed 10/09 |
Canceled (power outage) | ||
| Fri 10/11 |
Canceled (power outage) | ||
| Sat 10/12 |
|||
| Mon 10/14 |
Web Security I (solutions) | ||
| Mon 10/14 |
XSS and CSP | ||
| Wed 10/16 |
CSRF and Session Management | OWASP Cheatsheet Series (take a look at XSS, CSRF, SQL Injection, Clickjacking and Command Injection) [G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4] |
|
| Fri 10/18 |
End Web & Start Networking | ||
| Mon 10/21 |
Network Security: Background | Networking terminology quick-reference. |
Web Security II (solutions) |
| Wed 10/23 |
Network Attacks: Lower Layers | [G&T § 5.1.3, 5.2.3, 5.3.3-5.3.4, 5.4.4; Craft § 5.3.1] |
|
| Fri 10/25 |
Network Attacks: DNS & IP & TCP | G&T § 6.1.3 (pp. 278-284) |
|
| Mon 10/28 |
Canceled (power outage) | Web Security III/Network Security I (solutions) | |
| Tue 10/29 |
|||
| Wed 10/30 |
Network: TCP and TLS | G&T § 1.1.1, 7.1.2, 8.3 |
|
| Fri 11/01 |
|||
| Fri 11/01 |
Network Security: TLS | ||
| Mon 11/04 |
Denial of Service, Firewalls | [G&T § 5-5.4] |
Network Security II (solutions) |
| Wed 11/06 |
DNSSEC | ||
| Fri 11/08 |
Intrusion Detection | Notes on Firewalls. |
|
| Mon 11/11 |
No discussion (Midterm week) | ||
| Mon 11/11 |
Veterans Day | ||
| Wed 11/13 |
Network Monitoring | [G&T § 6.4] |
|
| Thu 11/14 |
Midterm 2 (7-9pm) |
||
| Fri 11/15 |
Abusing Network Monitoring | [G&T § 6.4] |
|
| Mon 11/18 |
TBA | Network Security III | |
| Wed 11/20 |
Malcode and Reflections on Trusting Trust | [G&T § 6.4][G&T § 4.2, 4.5], A Taxonomy of Computer Worms. Optional but cool: Outwitting the Witty Worm. Reflections on Trusting Trust. |
|
| Fri 11/22 |
Tor, 737-Max, and Nukes | ||
| Mon 11/25 |
TBA | No discussion! | |
| Wed 11/27 |
Thanksgiving | ||
| Fri 11/29 |
Thanksgiving | ||
| Mon 12/02 |
TBA | Miscellaneous Topics | |
| Wed 12/04 |
Certificate Transparency | ||
| Fri 12/06 |
Conclusions | ||
| Mon 12/09 |
RRR Week | ||
| Wed 12/11 |
RRR Week | ||
| Fri 12/13 |
RRR Week | ||
| Mon 12/16 |
Finals Week | ||
| Wed 12/18 |
Finals Week | ||
| Thu 12/19 |
Final (3-6pm) |
||
| Fri 12/20 |
Finals Week | ||
