CS 161 Syllabus

(Fall 2012)

Date Topic Notes
Mon Aug 27
Course intro (slides)
Wed Aug 29
Security intro (slides)
Mon Sep 3
No class (holiday)
Part 1: Secure Coding
Wed Sep 5
Memory safety and vulnerabilities: attacks and defenses (I) (slides)

Optional Reading:
Memory Safety Notes
Smashing the stack for fun and profit
Frame pointer overwrite
Basic integer overflows

Optional Videos:
Control Hijacking 1
Control Hijacking 2
Lab 1 out
Mon Sep 10
Memory safety and vulnerabilities: attacks and defenses (II) (slides)

Optional Reading:
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
Bypassing Browser Memory Protections

Optional Videos:
Control Hijacking 3
Control Hijacking 4
Control Hijacking 5
Wed Sep 12
Fuzzing (slides)

Optional Reading:
The Legitimate Vulnerability Market. Inside the Secretive World of 0-day Exploit Sales
How hackers look for bug
Real world fuzzing
Effective Bug Discovery
Mon Sep 17
Symbolic execution and static analysis (slides) (section slides)

Optional Reading:
Automated Whitebox Fuzz Testing

Optional Videos:
Dynamic Symbolic Execution
Static Analysis 1
Static Analysis 2
Static Analysis 3
Lab 1 due & Lab 2 out
Wed Sep 19
Program verification (slides) (section slides)

Optional Reading:
Notes on Reasoning about Code
Part 2: Secure Architecture Concepts and Principles
Mon Sep 24
Secure architecture principles I (slides) (videos 1, 2, 3, 4)

Optional Reading:
Operating System Security
A note on the confinement problem

Optional Videos:
Confinement Problem
Wed Sep 26
Secure architecture principles II (slides) (videos 1, 2, 3, 4, 5)

Optional Reading:
Privtrans: Automatic Privilege Separation
Mon Oct 8
Secure architecture principles III (slides)

Optional Reading:
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools
Efficient Software-Based Fault Isolation

Optional Videos:
System Call Interposition
Virtual Machine Isolation
VM Isolation Failures
Software Fault Isolation
Part 3: Cryptography
Mon Oct 1
Cryptography I (Guest Lecture by Mario Frank) (slides)

Optional Videos:
Block Ciphers
Block Cipher Modes
Message Integrity
Lab 2 due & Lab 3 out
Wed Oct 3
Cryptography II (slides)

Optional Reading:
Notes on Asymmetric Cryptography
Part 4: Network Security and Malware
Wed Oct 10
Malware overview, Viruses, Worms and Botnets (slides)

Optional Reading:
Fighting viruses, defending the net
Lab 3 due
Mon Oct 15
Midterm review I (slides) (Study guide)
Wed Oct 17
Midterm I
Mon Oct 22
Network protocol security (Slides) Lab 4 out
Wed Oct 24
Denial-of-service attacks and defenses (Slides)
Mon Oct 29
Worms and Botnets (slides)

Optional Reading:
Reflections on Trusting Trust
Part 5: Web Security
Wed Oct 31
Web security overview and concepts (slides) Lab 4 due
Mon Nov 5
Web application security I (slides)

Optional Videos:
Web Intro
The HTTP Protocol
Secure UI
Command Injection
Lab 5 out
Wed Nov 7
Web application security II (slides)

Optional Reading:
SQL Injection Attacks by Example
XSS Attack Examples
XSS Cheat Sheet
SQL Injection Cheat Sheet

Optional Videos:
SQL Injection
Cross Site Scripting
Mon Nov 12
No class (holiday)
Wed Nov 14
Web application security III (slides)

Optional Videos:
More on Cookies
Cookie Protocol Problems
Session Management
Session Hijacking
Generating Session Tokens
Part 6: Mobile Security
Mon Nov 19
Mobile security, platform and overview (slides) Lab 5 due & Lab 6 out
Wed Nov 21
No Class (Thanksgiving Break)
Mon Nov 26
Midterm review II (practice queststions), (Study guide)
Wed Nov 28
Midterm II
Mon Dec 3
Reading week (no class)
Wed Dec 5
Reading week (no class) Lab 6 due

The above material is subject to change.