(Note this is a rough schedule and things are subject to change.)

  • Aug 27, 2018 Security Principles: Introduction, Ethics, and Course Overview (Instructor: Bryan & Vyas)
    This lecture will give a high-level overview of the course, including topics covered, learning goals, and course mechanics. We will also discuss ethical challenges associated with computer security.
    Reading:
  • Aug 29, 2018 Security Principles: Threat Models and Trusted Computing Bases (Instructor: Bryan)
    This lecture will present techniques to reason systematically about an attacker's capabilities and a system's security dependencies.
    Reading:
  • Aug 31, 2018 : No Recitation
  • Sep 3, 2018 : No Class
    University holiday: Labor day. Enjoy the day off!
  • Sep 5, 2018 Security Principles: Designing Secure Systems (Instructor: Vyas)
    This lecture will focus on principles of secure system design, and the three “AU”’s: authentication, authorization, and audit.
    Reading:
  • Sep 7, 2018 : No Recitation
  • Sep 10, 2018 Software Security: Execution Semantics and Buffer Overflows (Instructor: Vyas)
    This lecture will review the material up through Chapter 3 of CS:APP from 15-213. We will cover the parts of the compilation tool chain and operations at the assembly level, including control flow, the memory model, and stack frames. We will also present control-flow-hijacking attacks that gain control of the instruction pointer, with a focus on buffer overflows.
    Reading:
  • Sep 12, 2018 Software Security: Control-Flow Attacks and Defenses (Instructor: Vyas)
    In this lecture we will present additional control-flow-hijacking attacks that gain control of the instruction pointer, e.g., format-string exploits, and integer overflows. We will then introduce control flow hijack defenses found in practice today, including canaries, DEP, and randomization (ASLR). We will also discuss methods for bypassing these defenses.
    Reading:
    Optional Reading:
  • Sep 14, 2018 Software Security: Recitation: More Execution Semantics & Thinking Up Exploits - Part 1 (Instructor: Parno)
  • Sep 17, 2018 Software Security: Return Oriented Programming and Control-Flow Integrity (Instructor: Vyas)
    This lecture will review Return Oriented Programming attacks and Control-Flow Integrity defenses. Control Flow Integrity (CFI) is a security property that specifies real executions should follow the static CFG. We will explore CFI, focusing on what "the" CFG is.
    Reading:
    Optional Reading:
  • Sep 19, 2018 Software Security: Achieving Memory Safety (Instructor: Bryan)
    This lecture will cover techniques to analyze code for memory vulnerabilities, retrofit memory safety on legacy code, and go beyond memory safety to verify strong properties about software.
    Reading:
    Optional Reading:
  • Sep 21, 2018 Software Security: Recitation: Thinking Up Exploits - Part 2 (Instructor: Parno)
  • Sep 24, 2018 Systems Security: Isolation (Instructor: Parno)
    This lecture will cover various system mechanisms for achieving isolation: Sandboxing, Software Fault Isolation (SFI), program partitioning, and airgaps.
    Reading:
    Optional Reading:
  • Sep 26, 2018 Systems Security: Modern OS Security and Authorization Logic (Instructor: Bryan)
    This lecture will focus on modern OS security, covering topics such as access control and capabilities, as well as a logical framework for reasoning about authorization.
    Reading:
  • Sep 28, 2018 Software Security: Recitation: Provably Correct Software (Instructor: Bryan)
  • Oct 1, 2018 Systems Security: Trusted Computing (Instructor: Bryan)
    This lecture will cover techniques for bootstrapping trust in systems.
    Reading:
  • Oct 3, 2018 Review: Software & Systems Security (Instructor: Vyas)
    This class will be a review period. We will provide approximately a 30 minute review, and then will open up the class for questions. Please think ahead of class what would be good questions; we are happy to answer anything. If there are no questions, it will be a short class.
  • Oct 5, 2018 Review: Recitation: HW1 Solutions Walkthrough and Q&A (Instructor: TAs)
  • Oct 8, 2018 Exam: Software & Systems Security
    We will have the first exam of the course. It will cover all information covered to date. This will be a closed book, closed notes, closed neighbor exam.
  • Oct 10, 2018 Crypto: Introduction to Cryptography (Instructor: Bryan)
    In this lecture we will provide a high-level introduction to cryptography, including an overview of primitives and security models. We will touch on the rich power offered by modern cryptographic tools. Finally, we will discuss (in)secure sources of randomness, cover the principles of pseudorandom functions, permutations, and introduce the notion of adversarial games to prove security properties of cryptographic constructions. Note that the reading below covers topics from the entire Crypto unit, so feel free to do the relevant portions of the reading as we go along.
    Reading:
    Optional Reading:
  • Oct 12, 2018 Crypto: Recitation: Proof by Reduction (Instructor: Bryan)
    We will review game-based definitions of security and practice determining whether a scheme is secure, either by demonstrating an adversary with non-trivial advantage or by proving that no such adversaries exist.
  • Oct 15, 2018 Crypto: Secrecy and Symmetric Key Ciphers (Instructor: Bryan)
    We will cover the principle of secrecy (sometimes called privacy), stream ciphers, block ciphers, and block cipher modes.
  • Oct 17, 2018 Crypto: Integrity, Hashes, and MACS (Instructor: Bryan)
    This lecture will look at the property of integrity, and the crypto primitives hashes and macs. We will also cover basics of authenticated encryption, which is a commonly used operation.
  • Oct 19, 2018 : No Recitation
    Mid-semester Break -- No recitation
  • Oct 22, 2018 Crypto: Public Key Cryptography (Instructor: Bryan)
    In this lecture we will cover the fundamentals of public key cryptography, focusing on RSA and Diffie-Hellman as examples.
    Reading:
  • Oct 24, 2018 Network Security: Introduction to Network Security (Instructor: Vyas)
    This lecture will give a broad overview of network security, including general principles, denial-of-service attacks, and intrusion detection (and prevention) systems. The latter will cover some basic detection theory, focusing on the base rate fallacy.
    Reading:
    Optional Reading:
  • Oct 26, 2018 : No Recitation
    President's Inauguration -- No recitation
  • Oct 29, 2018 Review: Crypto (Instructor: Bryan)
    This will be a review session for all lectures on cryptography. Please think ahead of time what questions you may have.
  • Oct 31, 2018 Exam: Crypto
    We will have the second exam of the course. It will cover all information covered to date. This will be a closed book, closed note, closed neighbor exam.
  • Nov 2, 2018 : No recitation
  • Nov 5, 2018 Network Security: Protocol Design and Analysis (Instructor: Bryan)
    This lecture will cover design principles for secure protocols, common failures and defenses, and tools for analyzing protocol security. TLS will be used as a detailed case study.
    Reading:
    Optional Reading:
  • Nov 7, 2018 Web Security: Attacks (Instructor: Vyas)
    This lecture will cover web security, including vulnerabilities such as injection attacks, XSS, and CSRF.
    Optional Reading:
  • Nov 9, 2018 Web Security: Recitation: Web Hacking (Instructor: Vyas)
  • Nov 12, 2018 Web Security: Defenses (Instructor: Vyas)
    This lecture will cover web security with a focus on principles, such as authentication vs. authorization, and best practices for establishing security on the web.
    Optional Reading:
  • Nov 14, 2018 Human Factors: Making Security Usable (Instructor: Bryan)
    The most secure system in the world can be subverted if users can't employ it correctly (or if they themselves are subverted!). This lecture will cover usable design, with case studies drawn from security warnings, authentication, and phishing. We will also cover attacks and defenses based on social engineering.
    Reading:
    Optional Reading:
  • Nov 16, 2018 Web Security: Recitation: Extra Office Hour for HW 3 (Instructor: TAs)
  • Nov 19, 2018 Human Factors: Law and Public Policy (Instructor: Vyas)
    This lecture will cover legal frameworks and policies that govern security and privacy in practice.
    Reading:
  • Nov 21, 2018 : Thanksgiving
    Thanksgiving! Enjoy the break!
  • Nov 23, 2018 : Recitation: Thanksgiving
    Thanksgiving! Enjoy the break!
  • Nov 26, 2018 Human Factors: Privacy (Instructor: Bryan)
    This lecture will cover various mathematical definitions of privacy as well as practical tools used to provide privacy today.
    Reading:
    Optional Reading:
  • Nov 28, 2018 Human Factors: Economics (Instructor: Bryan)
    Many attackers are economically rational. Can we leverage this observation when designing our defenses? Many users are economically rational. What impact does that have on how we design our defenses?
    Reading:
    Optional Reading:
  • Nov 30, 2018 Research: Recitation: State-of-the-Art Security Research (Instructor: Bryan and Vyas)
  • Dec 3, 2018 Review: Network, Web, and Human Factors (Instructor: Vyas)
    We will have about a 30 minute review of all material in the third part of this class. The rest of the time will be devoted to questions and answers, so make sure you bring good questions.
  • Dec 5, 2018 Exam: Network, Web, and Human Factors
    This will be our third and final exam. Like previous exams it will be closed book, closed note, closed neighbor. The exam will focus on the last third of the course, but any material over the entire semester is game.