CS 161: Computer Security
Instructor: Nicholas Weaver
Lecture: M/W/F 2-3pm at Dwinelle 155
Date | Lecture | Readings | Discussion |
---|---|---|---|
Wed 08/28 |
Introduction | Required: If You Are Being Stalked by an Ex, an App Can’t Protect You Optional: G&T § 1.1, Craft § 1-1.1, 1.3] |
No discussion! |
Fri 08/30 |
Security Principles | Required: Notes on Principles for Building Secure Systems. Required: Notes on Design Patterns for Building Secure Systems. Optional: G&T § 1.1.4, 3.4.6 |
|
Sun 09/01 |
x86, GDB, and Security Principles | ||
Mon 09/02 |
Labor Day | ||
Wed 09/04 |
More Security Principles | ||
Fri 09/06 |
Memory Safety | Notes on Memory Safety. Notes on Reasoning About Code and Secure Software Development. |
|
Sun 09/08 |
Software Security | ||
Mon 09/09 |
Memory Safety Defenses | Slides from Matthias Vallentin on a Normal x86 function call, a crash, a control-flow diversion, and Code Injection. |
|
Wed 09/11 |
IND-CPA, OTP and Block ciphers | Notes. |
|
Fri 09/13 |
Symmetric key encryption | Notes. Optional: Stick figure guide to AES |
|
Sun 09/15 |
Cryptography I | ||
Mon 09/16 |
Hashing | ||
Wed 09/18 |
Public Key Exchange |
[G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2; Craft § 7.5] |
|
Fri 09/20 |
|||
Fri 09/20 |
Public Key Encryption, Hashing | The Debian PGP disaster that almost was DSA requirements for random k value [G&T § 1.3-1.3.1, 1.3.3, 8.2, 8.5.2] |
|
Mon 09/23 |
Midterm 1 (7-9pm) |
Cryptography II | |
Mon 09/23 |
No lecture. | ||
Wed 09/25 |
Integrity and Authentication | Notes. |
|
Fri 09/27 |
CryptoFails | ||
Sat 09/28 |
|||
Mon 09/30 |
Intro to web security, Same-origin policy | [G&T § 7.1.1, 7.1.3-7.1.4, 7.3.1-7.3.2, 7.3.4, 7.3.6; Craft § 12.1.1, 12.1.2, 12.1.3] |
Cryptography III |
Wed 10/02 |
The Web... | See above. |
|
Fri 10/04 |
Hardware Attacks | ||
Mon 10/07 |
Same-origin Policy and Cookies | Canceled due to outage | |
Wed 10/09 |
Canceled (power outage) | ||
Fri 10/11 |
Canceled (power outage) | ||
Sat 10/12 |
|||
Mon 10/14 |
Web Security I | ||
Mon 10/14 |
XSS and CSP | ||
Wed 10/16 |
CSRF and Session Management | OWASP Cheatsheet Series (take a look at XSS, CSRF, SQL Injection, Clickjacking and Command Injection) [G&T § 7.1.4, 7.2.1, 7.2.7, Craft § 12.1.4] |
|
Fri 10/18 |
End Web & Start Networking | ||
Mon 10/21 |
Network Security: Background | Networking terminology quick-reference. |
Web Security II |
Wed 10/23 |
Network Attacks: Lower Layers | [G&T § 5.1.3, 5.2.3, 5.3.3-5.3.4, 5.4.4; Craft § 5.3.1] |
|
Fri 10/25 |
Network Attacks: DNS & IP & TCP | G&T § 6.1.3 (pp. 278-284) |
|
Mon 10/28 |
Canceled (power outage) | Web Security III/Network Security I | |
Tue 10/29 |
|||
Wed 10/30 |
Network: TCP and TLS | G&T § 1.1.1, 7.1.2, 8.3 |
|
Fri 11/01 |
|||
Fri 11/01 |
Network Security: TLS | ||
Mon 11/04 |
Denial of Service, Firewalls | [G&T § 5-5.4] |
Network Security II |
Wed 11/06 |
DNSSEC | ||
Fri 11/08 |
Intrusion Detection | Notes on Firewalls. |
|
Mon 11/11 |
No discussion (Midterm week) | ||
Mon 11/11 |
Veterans Day | ||
Wed 11/13 |
Network Monitoring | [G&T § 6.4] |
|
Thu 11/14 |
Midterm 2 (7-9pm) |
||
Fri 11/15 |
Network Spying | In Defense of Bulk Surveillance; It Works |
|
Sat 11/16 |
|||
Mon 11/18 |
Networking Censorship | Network Security III | |
Wed 11/20 |
Malcode and Reflections on Trusting Trust | ||
Fri 11/22 |
Nuclear Weapons | iOS Security Guide (System Security, Encryption, User Password Management) – no need to memorize this info, but it often inspires test questions. Focus on understanding design tradeoffs and reasoning. |
|
Mon 11/25 |
Malcode | No discussion! | |
Wed 11/27 |
Thanksgiving | ||
Fri 11/29 |
Thanksgiving | ||
Mon 12/02 |
Malcode | Miscellaneous Topics | |
Wed 12/04 |
|||
Wed 12/04 |
Personal Security | ||
Fri 12/06 |
Conclusions | ||
Mon 12/09 |
RRR Week | ||
Wed 12/11 |
RRR Week | ||
Fri 12/13 |
RRR Week | ||
Mon 12/16 |
Finals Week | ||
Wed 12/18 |
Finals Week | ||
Thu 12/19 |
Final (3-6pm) |
||
Fri 12/20 |
Finals Week |