Lectures
Lecture Schedule (may be updated as needed)
| Week | Date | Topic | Notes | Assignments |
|---|---|---|---|---|
| 1 | 1/21 | Introduction. | slides | |
| 1 | 1/23 | Authentication: passwords. | slides | |
| 2 | 1/28 | Authentication: MFA, single sign-on, one-time passwords. | ||
| 2 | 1/30 | Authentication: biometrics. | slides | |
| 3 | 2/4 | Web security model. | slides | |
| 3 | 2/6 | Web security: cross-origin communication. | ||
| 4 | 2/11 | Web security: authentication and session management. | Homework 1 due | |
| 4 | 2/13 | Web security: confused deputy -- cross-site and server-side request forgery, clickjacking. | ||
| 5 | 2/20 | Computer fraud and abuse. | ||
| 6 | 2/25 | Web security: SQL injection and cross-site scripting. | ||
| 6 | 2/27 | Intro to symmetric cryptography: stream ciphers, block ciphers and modes, authenticated encryption. | ||
| 7 | 3/4 | Intro to symmetric cryptography: padding-oracle attacks. | ||
| 7 | 3/6 | Attacks on TCP/IP. Denial of service. | ||
| 8 | 3/11 | Security of BGP. | Homework 2 due | |
| 8 | 3/13 | Security of DNS. | ||
| 9 | 3/18 | Introduction to public-key cryptography. | Midterm due | |
| 9 | 3/20 | SSL/TLS and HTTPS. | ||
| 10 | 3/25 | PKI and certificates. | ||
| 10 | 3/27 | Memory corruption attacks. | ||
| 11 | 4/8 | Memory protection techniques. | ||
| 11 | 4/10 | Return-oriented programming. | Homework 3 due | |
| 12 | 4/15 | Introduction to differential privacy. | ||
| 12 | 4/17 | Security and privacy of machine learning. | ||
| 13 | 4/22 | Control-flow integrity. | ||
| 13 | 4/24 | Program analysis and finding vulnerabilities. | ||
| 14 | 4/29 | Isolation and confinement. | ||
| 14 | 5/1 | Onion routing: Tor, hidden services and "Dark Web". | ||
| 15 | 5/6 | Side channels: acoustics, vibrations, reflections. | Homework 4 due | |
| 5/11 | Final due |
