Schedule

(Note this is a rough schedule and things are subject to change.)

Aug 25, 2025 Security Principles: 1. Introduction, Ethics, and Course Overview (Instructor: Paccagnella) | [Guide]
This lecture will give a high-level overview of the course, including topics covered, learning goals, and course mechanics. We will also discuss ethical challenges associated with computer security.
Optional Reading:
- On Trusting Trust
Aug 27, 2025 Security Principles: 2. Threat Models, Trusted Computing Bases, and Design Principles (Instructor: S) | [Guide]
This lecture will present techniques to reason systematically about an attacker's capabilities and a system's security dependencies. We will also introduce some fundamental principles of secure system design that will be recurring themes throughout the course.
Reading:
- Computer Security and the Internet, Ch. 1 (up to and including 1.8)
Optional Reading:
- Threat Modeling, Chapter 1
- Protection of Information (Section I.A, pages 4-6, starting at "3) Design Principles")
Aug 29, 2025 Software Security: 3. Execution Semantics (Instructor: Paccagnella) | [Guide]
Attackers often exploit the conventions of normal program execution. To understand such exploits, we first must understand the normal conventions. This recitation will review the material up through Chapter 3 of CS:APP from 15-213. Consider reviewing the course notes linked below as well. We will cover the parts of the compilation tool chain and operations at the assembly level, including control flow, the memory model, and stack frames.
Optional Reading:
- Chapter 3 of Computer Systems A Programmers Perspective Volume 2
- 15-213 Course Schedule (review the "Machine Prog" lectures )
Sep 1, 2025 : No Class
University holiday: Labor day. Enjoy the day off!
Sep 3, 2025 Software Security: 4. Control-Flow Attacks (Instructor: Paccagnella) | [Guide] | [Notes]
In this lecture, we explore control-flow-hijacking attacks that gain control of the instruction pointer. We will review buffer overflows that you should have seen in previous classes, as well as introducing new attacks, such as format-string exploits.
Optional Reading:
- Smashing the Stack for Fun and Profit
- Smashing the Stack in 2011
- Exploiting Format String Vulnerabilities
Sep 5, 2025 Software Security: Recitation: Thinking Up Exploits - Part 1 (Instructor: Paccagnella & S)
We will practice the skills needed to analyze an unknown binary, identify vulnerabilities, and exploit them.
Sep 8, 2025 Software Security: 5. Deployed Mitigations and Return Oriented Programming Attacks (Instructor: Paccagnella) | [Guide] | [Notes]
We will introduce control-flow hijack defenses found in practice today, including canaries, DEP, and randomization (ASLR). We will also discuss methods for bypassing these defenses. Finally, we review Return Oriented Programming attacks.
Reading:
- Sections 1 and 3.1-3.2.4 of The Geometry of Innocent Flesh on the Bone Return-into-libc without Calls (on the x86)
Optional Reading:
- Return-Oriented Programming Systems, Languages, and Applications
- Q Exploit Hardening Made Easy
- ropasaurusrex a primer on return-oriented
- Design of ASLR in PAX
- ASLR Smack and Laugh Reference
- Effectiveness of ASLR
Sep 10, 2025 Software Security: 6. Defenses: CFI and Type Safety (Instructor: Paccagnella) | [Guide]
This lecture will cover techniques to retrofit memory safety on legacy C code, with a focus on Control Flow Integrity (CFI). CFI is a security property that specifies real executions should follow the static CFG. We will explore CFI, focusing on what "the" CFG is. We will also introduce programming language techniques based on type safety that can eliminate entire classes of bugs.
Reading:
- Sections 1-3 of Control Flow Integrity Principles, Implementations, and Applications
Optional Reading:
- CCured: Type-Safe Retrofitting of Legacy Software (Sections 4-6 are optional)
Sep 12, 2025 Software Security: Recitation: Thinking Up Exploits - Part 2 (Instructor: Paccagnella & S)
We will continue to practice the skills needed to analyze an unknown binary, identify vulnerabilities, and exploit them.
Sep 15, 2025 Software Security: 7. Type Systems and Verification (Instructor: S) | [Guide]
We will cover programming language techniques that provably eliminate entire classes of vulnerabilities and even prove strong properties about software.
Reading:
- Program Proofs (Ch 2 -- we will focus on weakest preconditions, so you can ignore the definition and computation of strong postconditions, Ch 13)
Sep 17, 2025 Software Security: 8. Verification and Dafny (Instructor: S) | [Guide]
We will continue to cover principles of verifying software, and we will introduce Dafny, a program verification language (https://github.com/dafny-lang/dafny).
Optional Reading:
- Getting Started with Dafny - A Guide (Skip 6,10,11)
Sep 19, 2025 Software Security: Recitation: Provably Correct Software (Instructor: Paccagnella & S)
We will practice using the Dafny program verification language (https://github.com/dafny-lang/dafny).
Sep 22, 2025 Software Security: 9. Code Analysis and Isolation Techniques (Instructor: S) | [Guide]
This lecture will cover techniques to analyze code for memory vulnerabilities. To mitigate vulnerabilities we cannot or do not find, we will cover various system mechanisms for achieving isolation: sandboxing, Software Fault Isolation (SFI), program partitioning, and airgaps.
Reading:
- Computer Security and the Internet, Ch. 5 (section 5.1)
Optional Reading:
- A Few Billion Lines Of Code Later: Using Static Analysis To Find Bugs In The Real World
- Software Fault Isolation
- Native Client
Sep 24, 2025 Crypto: 10. Introduction, History of cryptography (Instructor: S) | [Guide] | [Notes]
In this lecture we will give an introduction of the history of cryptography, and how cryptography evolved from an ad-hoc ``build-it-break-it'' approach to a provable security paradigm
Reading:
- Katz and Lindell, Introduction to Modern Cryptography, Sec 1.1-1.3
Optional Reading:
- A Graduate Course in Applied Cryptography (Sec. 2.0, 2.1, 3.0-3.3, 3.5, 3.10)
- Communication Theory of Secrecy Systems
- Coursera Course on Cryptography
- Handbook of Applied Cryptography Chapter 1
Sep 26, 2025 Review: Software & Systems Security (Instructor: Paccagnella & S)
This slot will be a review period. We will provide approximately a 30 minute review, and then will open up the floor for questions. Please think ahead of time what would be good questions; we are happy to answer anything. If there are no questions, it will be a short meeting.
Sep 29, 2025 Exam: Security Principles and Software Security
We will have the first exam of the course. It will cover all information covered to date up to but not including cryptography. This will be a closed book, closed notes, closed neighbor exam.
Oct 1, 2025 Crypto: 11. Pseudorandomness and symmetric-key encryption (Instructor: S) | [Guide] | [Notes]
We will cover a perfectly secure encryption scheme called one-time pad. To avoid the inefficiency of the one-time pad, we will introduct pseudorandomness, and how to rely on pseudorandomness to construct symmetric-key encryption schemes with short keys.
Reading:
- Katz and Lindell, Sec 2.1-2.3, 3.3-3.5
Optional Reading:
- A Graduate Course in Applied Cryptography (Sec. 4.0-4.1.2, 4.4-4.4.4)
- Recommendations for Randomnmess in the Operating System, or How to Keep Evil Children Out Of Your Pool And Other Random Facts
Oct 3, 2025 Crypto: Recitation: Proofs by Reduction (Instructor: Paccagnella & S)
We will discuss strategies for deciding if something is secure/insecure and look in detail at how to write proofs of security. Students will work in teams on practice problems.
Oct 6, 2025 Crypto: 12. Multi-message security and block cipher mode of operation (Instructor: S) | [Guide] | [Notes]
We will cover how to securely encrypt multiple messages. We will introduce block cipher mode of operation, and discuss examples of insecure and secure modes of operation.
Reading:
- Katz and Lindell, Sec 3.5-3.6
Optional Reading:
- A Graduate Course in Applied Cryptography (Sec. 5.0-5.4.4, 9.2.1, 9.2.2, 4.2.3)
- Padding oracles and the decline of CBC-mode cipher suites
Oct 8, 2025 Crypto: 13. Integrity, message authentication code, hashes, and applications. (Instructor: S)
So far, we have focused on ensuring secrecy. In this lecture, we will discuss how to ensure integrity. We will introduce message authentication codes (MACs) and hashes. We will also cover applications of these primitives such as verifiable outsourcing and Merkle hash trees.
Reading:
- Katz and Lindell, Sec 4.1-4.3.1, 5.1, 5.6
Optional Reading:
- A Graduate Course in Applied Cryptography (Ch. 6.1 (except 6.1.1),6.3, Intro to Ch.9 and 9.1(skipping 9.1.1.), 9.4.3)
- Message Authentication using Hash Functions: The HMAC Construction
- The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)
Oct 10, 2025 : No Class
Class canceled
Oct 13, 2025 : No Class
Fall break!
Oct 15, 2025 : No Class
Fall break!
Oct 17, 2025 : No Recitation
Fall break!
Oct 20, 2025 Crypto: 14. Key exchange and public-key cryptography (Instructor: S)
This lecture will introduce key exchange protocols and public-key cryptography, including public-key encryption and digital signatures
Reading:
- Katz and Lindell, Sec 10.3-10.4, 12.1-12.4
Optional Reading:
- A Graduate Course in Applied Cryptography (Appx. A; Sec. 10.0-10.3.1 except 10.2.2, 13.0-13.3.1)
- Hal Finney's notes on Bleichenbacher's forgery attack
- BERserk vulnerability
- Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
- The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli
- Remote Timing Attacks are Practical
Oct 22, 2025 Crypto: 15. Blockchains and Cryptocurrencies (Instructor: S) | [Guide]
We will cover the basics of blockchains (what they are, what they are and are not good for), cryptocurrencies and, time permitting, smart contracts
Reading:
- Bitcoin and Cryptocurrency Technologies (Pages 3-21)
Optional Reading:
- Bitcoin and Cryptocurrency Technologies (Chapters 1-2)
Oct 24, 2025 Crypto: Recitation: Cryptocurrencies (Instructor: Paccagnella & S)
We will spend some virtual cash and write some smart contracts
Oct 27, 2025 Crypto: 16. The magic of cryptography (Instructor: S)
So far, we've covered traditional cryptography, which focuses on securing communication. Today, we will see a glimpse of the magic of modern cryptography, which focuses on securing computation. We will cover multi-party computation where multiple parties can compute some function over the union of their private data, without disclosing their respectively secrets.
Reading:
- Pass and Shelat, "A course in cryptography", Section 6.2
Oct 29, 2025 Systems Security: 17. Trusted Computing (Instructor: S) | [Guide]
This lecture will cover techniques for bootstrapping trust in systems.
Reading:
- Sections 2,3,and 4.2.2 of Bootstrapping Trust in Commodity Computers
Oct 31, 2025 Human Factors: 18. Privacy (Instructor: S) | [Guide]
This lecture will cover general concepts and various mathematical definitions of privacy as well as how to achive them.
Reading:
- Pages 1-7 of A Firm Foundation for Private Data Analysis
Optional Reading:
- Engineering Privacy
Nov 3, 2025 Exam: Crypto
We will have the second exam of the course. It will cover all information covered to date, but it will focus on Crypto. This will be a closed book, closed note, closed neighbor exam.
Nov 5, 2025 Systems Security: 19. AI and Security (Instructor: Paccagnella)
This lecture will talk about some of the applications of AI in security. We will also cover attacks against AI (and in particular machine learning) in security.
Reading:
- Sections 1 and 3 of Security and Privacy in Machine Learning
Nov 7, 2025 System Security: Recitation: AI Hacking (Instructor: Paccagnella & S)
In this recitation you will experiment hands-on with attacks against ML classifiers.
Nov 10, 2025 Web Security: 20. Attacks (Instructor: Paccagnella) | [Guide]
This lecture will cover web security, including vulnerabilities such as injection attacks, XSS, and CSRF.
Reading:
- Computer Security and the Internet, Ch. 9 (Portions on HTTP proxies, as well as 9.8 onwards, are optional)
Optional Reading:
- Mozilla tutorials on web technology
- Cross Site Scripting Explained
- Robust Defenses for Cross-Site Request Forgery
Nov 12, 2025 Web Security: 21. Defenses (Instructor: Paccagnella) | [Guide]
This lecture will cover web security with a focus on principles, such as authentication vs. authorization, and best practices for establishing security on the web.
Optional Reading:
- Native Client: A Sandbox for Portable, Untrusted x86 Native Code
- Beware of Finer-Grained Origins
Nov 14, 2025 Web Security: Recitation: Web Hacking (Instructor: Paccagnella & S)
Nov 17, 2025 Systems Security: 22. Authorization and Access Control (Instructor: Paccagnella) | [Guide]
This lecture will introduce the three "AU"’s; authentication, authorization, and audit. We will cover topics including classic and modern approaches to access control.
Reading:
- Computer Security and the Internet, Ch. 5 (sections 5.2,5.7)
- A Graduate Course in Applied Cryptography (Ch. 13.8)
Optional Reading:
- Protection of Information (Sections I.B and II)
- Computer Security in the Real World
Nov 19, 2025 Network Security: 23. Introduction to Network Security (Instructor: Paccagnella) | [Guide]
This lecture will give a broad overview of network security, including general principles, denial-of-service attacks, and intrusion detection (and prevention) systems. The latter will cover some basic detection theory, focusing on the base rate fallacy.
Reading:
- Computer Security and the Internet, Ch. 10 (section 10.1) (10.6 is optional but possibly useful)
- Computer Security and the Internet, Ch. 11 (sections 11.1-11.2, 11.4)
Optional Reading:
- The Base Rate Fallacy and its implications for the difficulty of intrusion detection
- Security Problems in the TCP/IP Suite
- A Look Back Security Problems in the TCP/IP Suite
Nov 21, 2025 Systems Security: 24. Hardware Security (Instructor: Paccagnella)
This lecture will give a broad overview of hardware security, with a special focus on the topic of microarchitectural attacks.
Optional Reading:
- Intel's "Incidental Channels" Taxonomy
- Intel’s "Hardware Features and Behavior Related to Speculative Execution" Guidance
Nov 24, 2025 Human Factors: 25. Making Security Usable (Instructor: Paccagnella) | [Guide]
The most secure system in the world can be subverted if users can't employ it correctly (or if they themselves are subverted!). This lecture will cover usable design, with case studies drawn from security warnings, authentication, and phishing. We will also cover attacks and defenses based on social engineering.
Reading:
- Pages 1-14 of "Why Johnny Can’t Encrypt A Usability Evaluation of PGP 5.0"
Optional Reading:
- A Framework for Reasoning About the Human in the Loop
- Crying Wolf: An Empirical Study of SSL Warning Effectiveness
- The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
Nov 26, 2025 : No Class
Thanksgiving! Enjoy the break!
Nov 28, 2025 : No Recitation
Thanksgiving! Enjoy the break!
Dec 1, 2025 Human Factors: 26. Law and Public Policy (Instructor: Paccagnella) | [Guide]
This lecture will cover legal frameworks and policies that govern security and privacy in practice.
Reading:
- Executive Summary and Section 1 of Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications
Dec 3, 2025 Review: Systems (OS, Web, Network), and Human Factors (Instructor: Paccagnella)
We will have about a 30 minute review of all material in the third part of this class. The rest of the time will be devoted to questions and answers, so make sure you bring good questions.
Dec 5, 2025 Exam: Network, Web, and Human Factors
This will be our third and final exam. Like previous exams it will be closed book, closed notes, closed neighbor. The exam will focus on the last third of the course, but any material over the entire semester is game.