The following gives a day-by-day breakdown of topics covered, readings assigned, and assignment handouts/due dates. Each topic includes several required readings that students should read before the topic is discussed in class – always look ahead a few days to see what readings you should be doing. Some topics also have supplemental (non-required) readings that students can look into if they want to delve more deeply into that topic.
The schedule in this class is flexible, and past dates will be updated to reflect what was actually covered. Future dates are always tentative and subject to change.
Topics: Class overview and syllabus review; introduction to security: threats, vulnerabilities, and controls [Slides]
Handout: Syllabus
Reading: Textbook sections 1.1 and 1.4
Topics: Overview of computer security – basic goals and terminology – day 1 [Slides]
Optional reading on usability in security: Alma Whitten and J. D. Tygar. Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, 1999, pp. 169–183.
Optional reading on threat modeling: OWASP Threat Modeling Cheat Sheet
Topics: Overview of computer security – basic goals and terminology – day 2
Reading: Textbook, sections 1.2, 9.1–9.2 and The Chinese Wall Security Policy
Topics: Security (access control) models – day 1 [Slides]
Topics: Security (access control) models – day 2
Graduate/Honors students: Research Reading Summary 1 due
Reading: Textbook section 1.3 and Section 1 of Randomness, Entropy, Keys, and Powers of Two Estimation
Topics: Cryptography: Basic cryptographic threat model, key sizes, brute force attacks, and estimation techniques [Slides]
Due: Assignment 1
Reading: Sections 2–3 of Randomness, Entropy, Keys, and Powers of Two Estimation
Topics: Randomization, probability theory review, entropy, and effect on brute force search (slides continued from last time)
Reading: Textbook, sections 8.1–8.2
Topics: Fundamental cryptographic services - encryption (symmetric and public key) and hash functions [Slides]
Graduate/Honors students: Research Reading Summary 2 due
Reading: Textbook, sections 8.3–8.4
Topics: Cryptography for integrity - MACs, digital signatures, certificates (slides continued)
Topics: Some specific cryptographic techniques [Slides]
Due: Assignment 2
Reading: Formal Models for Cryptography
Topics: Cryptography: Theory and Practice (models, breakdowns in practice, and programming) [Slides]
Reading: Textbook, sections 2.1–2.5
Topics: Physical security [Slides]
Graduate/Honors students: Research Reading Summary 3 due
Reading: Textbook Sections 3.1–3.3
Topics: Operating System Security – Basics and Linux demos - day 1 [Slides]
Topics: Operating System Security – Basics and Linux demos - day 2
Due: Assignment 3
Topics: Midterm Information/Review; Advanced OS Security (sandboxes, chroot, and containers) [Slides]
Midterm Exam
Reading: Textbook, Section 3.4
Topics: Software security and vulnerabilities, Part 1 [Slides]
Topics: Software security and vulnerabilities, Part 1 – continued
Graduate/Honors Students Topic: Overview and discussion of final project
Topics: Software security and vulnerabilities, Part 2 – Day 1 [Slides]
Required reading:
Supplemental reading: Good information for students who want to dig deeper.
Graduate/Honors Students: Project topic selection due
Topics: Software security and vulnerabilities, Part 2 – continued
Reading: Textbook, Chapter 4
Topics: Malware [Slides]
Due: Assignment 4
Reading: Textbook, Chapter 7 and OWASP Top 10
Topics: Web Security – day 1 [Slides]
Topics: Web Security – day 2
Reading: Textbook, Chapter 5
Topics: Network Security I – day 1 [Slides]
Topics: Network Security I – day 2
Graduate/Honors Students: Progress report due
Reading: Textbook, Sections 6.1–6.4
Topics: Network Security II – day 1 [Slides]
Topics: Network Security II – day 2
Due: Assignment 5
Topics: Student-choice topic
Topics: Class wrap-up and review
All students: Final Exam
Graduate/Honors Students: Final report due