CS 161 Syllabus

(Spring 2012)

Date Topic Notes
Wed Jan 18
Course overview and logistics (Slides )
Mon Jan 23
Security intro & class projects (Slides)
Optional Reading:
Reflections on Trusting Trust, by Ken Thompson
The Legitimate Vulnerability Market. Inside the Secretive World of 0-day Exploit Sales, by Charlie Miller
Part 1: Secure Coding
Wed Jan 25
Control hijacking attacks and defense (I)
Optional Reading:
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, by Crispin Cowan, et al.
Basic Integer Overflows, by blexim
Bypassing Browser Memory Protections, by A. Sotirov 
Lab groups due; Lab 1 out
Mon Jan 30
Control hijacking attacks and defense (II)
Wed Feb 1
Fuzzing and dynamic symbolic execution Project & group preference due
Fri Feb 3
- Lab 1 due
Mon Feb 6
Static analysis and program verification Lab 2 out
Part 2: Secure Architecture Concepts and Principles
Wed Feb 8
Isolation and reference monitor
Mon Feb 13
Secure architecture (capabilities and information flow)
Wed Feb 15
Trusted computing and hardware capabilities
Fri Feb 17
- Lab 2 due
Mon Feb 20
No class (holiday)
Wed Feb 22
Security principles and case studies
Fri Feb 24
- Project design doc due
Part 3: Mobile Security
Mon Feb 27
Mobile platform security
Wed Feb 29
Device security management and mobile application security & privacy Lab 3 out
Part 4: Cryptography
Mon Mar 5
Cryptography concepts
Wed Mar 7
Practical cryptography
Fri Mar 9
- Lab 3 due
Part 5: Web Security
Mon Mar 12
Web security overview and concepts Lab 4 out
Wed Mar 14
Session management and user authentication
Fri Mar 16
- Lab 4 due
Mon Mar 19
Web application security Lab 5 out
Wed Mar 21
HTTPS, goals and pitfalls Project implementation milestone 1 due
Week of Mar 26
Spring break
Mon Apr 2
Midterm Review
Wed Apr 4
Part 6: Network Security and Malware
Mon Apr 9
Network protocols and vulnerabilities
Wed Apr 11
Network defenses and security testing
Fri Apr 13
Mon Apr 16
Malware overview and viruses
Tue Apr 17
  Lab 5 Due
Wed Apr 18
Worms, botnets, attacks & defenses Lab 6 out
Fri Apr 20
- Project implementation milestone 2 due
Mon Apr 23
Denial of service attacks
Wed Apr 25
Summary and security principles
Fri Apr 27
- Lab 6 due
Fri May 10
- Final project report due
Fri May 11
- Final project presentations

The above material is subject to change.