Updated April 15

Schedule

Date Topic Reading and assignments Notes
Jan 14 Course logistics and introduction Read Kaufman 1.5
Start reading Smashing the stack for fun and profit
[ppt]
[pdf]
Jan 16 Passwords, security questions, challenge-response Read Kaufman 9.1-2, 10, 11.1-2, and 12.2 [ppt]
[pdf]
Jan 21 Cryptographic hash functions Read Kaufman 5.1-2 and 5.6-7 [ppt]
[pdf]
Jan 23 Biometrics   [ppt]
[pdf]
Jan 30 Phishing   [ppt]
[pdf]
Feb 4 Web security model Read Rootkits for JavaScript environments and Beware of finer-grained origins [ppt]
[pdf]
Feb 6 Web authentication and session management Read Kaufman 25 and Dos and don'ts of client authentication [ppt]
[pdf]
Feb 11 Cross-site request forgery, SQL injection, cross-site scripting
Homework 1 due
Read Robust defenses for cross-site request forgery, Advanced SQL injection, Cross site scripting explained, and Postcards from the post-XSS world
[ppt]
[pdf]
Feb 13 Logic flaws in Web applications    
Feb 18 Clickjacking Read Next generation clickjacking and Clickjacking: attacks and defenses [ppt]
[pdf]
Feb 20 Online tracking Read Third-party web tracking and Cookieless monster [ppt]
[pdf]
Feb 25 Symmetric encryption Read Kaufman 2.1-4 and 4.2 [ppt]
[pdf]
Feb 27 Kerberos Project 1 due
Read Kaufman 13 and 14, and Designing an authentication system
[ppt]
[pdf]
Mar 6 Midterm    
Mar 18 Memory corruption attacks Read Smashing the stack, Once upon a free(), and Exploiting format string vulnerabilities [ppt]
[pdf]
Mar 20 Defenses against memory attacks    
Mar 25 Viruses and rootkits Project 2 (part 1) due [ppt]
[pdf]
Apr 1 Spam   [ppt]
[pdf]
Apr 3 Attacks on TCP/IP, DNS, BGP
Denial of service
Project 2 (part 2) due
Read SYN cookies, IP spoofing demystified, It's the end of the cache as we know it
[ppt]
[pdf]
Apr 8 Worms and botnets   [ppt]
[pdf]
Apr 10 Stuxnet Read Stuxnet dossier [ppt]
[pdf]
Apr 15 Firewalls and intrusion detection Read Kaufman 23 [ppt]
[pdf]
Apr 17 Stream ciphers
Attacks on 802.11b/WEP, CSS, MIFARE
Homework 2 due
 
Apr 22 Public-key cryptography Read Kaufman 6.1-6  
Apr 24 SSL Read Kaufman 19  
Apr 29 PKI and certificates Read Kaufman 15.1-7  
May 1 Side-channel attacks: acoustics and reflections Homework 3 due  
May 12 (Mon, 2pm, RLM 5.104) Final