CSE 127: Computer Security
Syllabus
Unless explicitly marked as Optional, all readings are considered required.
Date |
Topic |
Sept 26 |
Introduction
|
Oct 1 |
Threat Modeling and Risk
Read by today: Thompson, Reflections on Trusting Trust
|
Oct 3 |
Control Flow Vulnerabilities: Buffer Overflows
Read by today: Aleph One, Smashing the Stack for Fun and Profit.
Optional: Richard Bonichon's Basic exploitation techniques slides
|
Oct 8 |
Control Flow
Vulnerabilities: Format strings, Integers and Heap
Read by today: van der Veen et al, Memory Errors: The Past, the Present, and the Future
Optional: sploitfun, Understanding glibc malloc.
Also, Cong Wang's explanation for how the unlink macro works and can be abused in (we are working with old glibc per his terminology)
|
Oct 10 |
Catch up
|
Oct 15 |
Control Flow Vulnerabilities: Defenses and evolution
Read by today: Erlingsson et al, Low-level Software Security by Example
Optional: Szekeres et al, Eternal War in Memory
|
Oct 17 |
Control Flow Vulnerabilities: ROP and CFI
Optional: Shacham, The Geometry of Innocent Flesh on the Bone and Abadi et al, Control Flow Integrity.
|
Oct 22 |
System security I: Isolation and Privilege
Jaeger, Security in Ordinary Operating Systems
|
Oct 24 |
System security II: Side channels (also slides excerpted from Schwarz and Lipp)
Anderson, Security Engineering, Chap 19, Side Channels
|
Oct 29 |
Crypto I
Security Engineering, Chapter 5
|
Oct 31 |
Midterm
|
Nov 5 |
Class cancelled
|
Nov 7 |
Crypto II: Key distribution
|
Nov 12 |
Web Security I
Deian Stefan's lecture notes on CSRF, XSS and SQLi, SQL injection
|
Nov 14 |
Web Security II
|
Nov 19 |
Network Security I
|
Nov 21 |
Network Security II
|
Nov 26 |
User Authentication
|
Nov 28 |
No Class. Thanksgiving holiday
|
Dec 3 |
Malware I
|
|
Dec 5 |
Botnets/Cybercime |
Dec
12 |
Final Exam (Thursday, Dec 12th, 3pm-5:59pm, PCYNH 106 (same room)) |