| Apr 03 |
Introduction |
|
| Apr 05 |
Threat Models and Risk Assessment |
Ch. 1 in The Craft of System Security
“Reflections on Trusting Trust” by Ken Thompson
|
| Apr 10 |
Low Level Software Security I: Buffer Overflows and Stack Smashing |
Ch. 6 in The Craft of System Security
“Smashing The Stack For Fun And Profit” by Aleph One
|
| Apr 12 |
Low Level Software Security II: Format Strings, Shellcode, and Stack Protection |
“Memory Errors: The Past, the Present, and the Future” by Victor van der Veen, Nitish dutt-Sharma, Lorenzo Cavallaro, and Herbert Bos
|
| Apr 17 |
Low Level Software Security III: Integers, ROP, and CFI |
|
| Apr 19 |
Low Level Software Security IV: Heap Corruption |
“Understanding glibc malloc” by sploitfun
|
| Apr 24 |
Crypto I: Primitives |
Ch. 7 in The Craft of System Security
|
| Apr 26 |
Crypto II: PKI, Protocols, Side Channels |
|
| May 01 |
User Authentication |
|
| May 03 |
Midterm Exam |
|
| May 08 |
System Security I |
Ch. 3.4 in The Craft of System Security
Ch. 4 in The Craft of System Security
|
| May 10 |
System Security II |
|
| May 15 |
Web Security I |
Ch. 12 in The Craft of System Security
|
| May 17 |
No lecture. No office hours. |
|
| May 22 |
Web Security II |
|
|
| May 24 |
Cryptocurrency |
|
|
| May 29 |
Network Security I |
|
|
| May 31 |
Network Security II |
Ch. 5 in The Craft of System Security
|
| Jun 05 |
Hardware Security (TU Graz Meltdown/Spectre deck) |
|
| Jun 07 |
Secure Development Lifecyle |
|
| Jun 09 |
Final Exam: WLH 2005, 3:00pm–5:59pm |
|