CS 161
CS 161: Computer Security (Under Construction)
Instructors: Raluca Ada Popa and David Wagner
Lecture: M/W/F 1-2pm at Dwinelle 155
| Date | Lecture | Readings | Discussion |
|---|---|---|---|
| Mon 01/20 |
MLK Jr. Day | No discussion! | |
| Wed 01/22 |
Introduction | Required: If You Are Being Stalked by an Ex, an App Can’t Protect You Optional: G&T § 1.1, Craft § 1-1.1, 1.3] |
|
| Fri 01/24 |
Security Principles | Required: Notes on Principles for Building Secure Systems. Required: Notes on Design Patterns for Building Secure Systems. Optional: G&T § 1.1.4, 3.4.6 |
|
| Mon 01/27 |
More Security Principles | x86, GDB, and Security Principles | |
| Wed 01/29 |
Memory Safety | Notes on Memory Safety. Notes on Reasoning About Code and Secure Software Development. |
|
| Fri 01/31 |
Memory Safety Defenses | Slides from Matthias Vallentin on a Normal x86 function call, a crash, a control-flow diversion, and Code Injection. |
|
| Mon 02/03 |
IND-CPA, OTP and Block ciphers | Notes. |
Software Security |
| Wed 02/05 |
Symmetric key encryption | Notes. Optional: Stick figure guide to AES |
|
| Fri 02/07 |
Hashing | ||
| Mon 02/10 |
Public Key Exchange |
[G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5] |
Cryptography I |
| Wed 02/12 |
Public Key Encryption, Hashing | The Debian PGP disaster that almost was DSA requirements for random k value [G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2] |
|
| Fri 02/14 |
No lecture. | ||
| Mon 02/17 |
Integrity and Authentication | Notes. |
Cryptography II |
| Wed 02/19 |
CryptoFails | ||
| Fri 02/21 |
Intro to web security, Same-origin policy | [G&T § 7.1.1, 7.1.3-7.1.4, 7.3.1-7.3.2, 7.3.4, 7.3.6; Craft § 12.1.1, 12.1.2, 12.1.3] |
|
| Mon 02/24 |
The Web... | See above. |
Cryptography III |
| Wed 02/26 |
Hardware Attacks | ||
| Fri 02/28 |
Same-origin Policy and Cookies | ||
| Mon 03/02 |
TBA | TBA | |
| Wed 03/04 |
TBA | ||
| Fri 03/06 |
XSS and CSP | ||
| Mon 03/09 |
CSRF and Session Management | OWASP Cheatsheet Series (take a look at XSS, CSRF, SQL Injection, Clickjacking and Command Injection) [G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4] |
Web Security I |
| Wed 03/11 |
End Web & Start Networking | ||
| Fri 03/13 |
Network Security: Background | Networking terminology quick-reference. |
|
| Mon 03/16 |
Network Attacks: Lower Layers | [G&T § 5.1.3, 5.2.3, 5.3.3-5.3.4, 5.4.4; Craft § 5.3.1] |
Web Security II |
| Wed 03/18 |
Network Attacks: DNS & IP & TCP | G&T § 6.1.3 (pp. 278-284) |
|
| Fri 03/20 |
Canceled (power outage) | ||
| Mon 03/23 |
Network: TCP and TLS | G&T § 1.1.1, 7.1.2, 8.3 |
Web Security III/Network Security I |
| Wed 03/25 |
Network Security: TLS | ||
| Fri 03/27 |
Denial of Service, Firewalls | [G&T § 5-5.4] |
|
| Mon 03/30 |
DNSSEC | Network Security II | |
| Wed 04/01 |
Intrusion Detection | Notes on Firewalls. |
|
| Fri 04/03 |
Veterans Day | ||
| Mon 04/06 |
Network Monitoring | [G&T § 6.4] |
TBA |
| Wed 04/08 |
Network Spying | In Defense of Bulk Surveillance; It Works |
|
| Fri 04/10 |
Networking Censorship | ||
| Mon 04/13 |
Malcode and Reflections on Trusting Trust | Network Security III | |
| Wed 04/15 |
Nuclear Weapons | iOS Security Guide (System Security, Encryption, User Password Management) – no need to memorize this info, but it often inspires test questions. Focus on understanding design tradeoffs and reasoning. |
|
| Fri 04/17 |
Malcode | ||
| Mon 04/20 |
TBA | TBA | |
| Wed 04/22 |
TBA | ||
| Fri 04/24 |
Malcode | ||
| Mon 04/27 |
Personal Security | Miscellaneous Topics | |
| Wed 04/29 |
Conclusions | ||
| Fri 05/01 |
RRR Week | ||
| Mon 05/04 |
RRR Week | ||
| Wed 05/06 |
RRR Week | ||
| Fri 05/08 |
Finals Week | ||
| Mon 05/11 |
Finals Week | ||
| Wed 05/13 |
Finals Week | ||
| Fri 05/15 |
