Syllabus

Date
Topics
Jan 7 Overview and introduction
Optional reading: Chapter 0x200 of Hacking
Jan 9 Security foundations
Reading: Thompson's Reflections on Trusting Trust, Ch 1, and Ch 4.1-4.2
Jan 14 Security foundations (in-class discussion) Kirill's slides
Jan 16 Stack buffer-overflows
Reading: Aleph One's Smashing the Stack for Fun and Profit
Optional reading: 0x300-0x320 from Hacking. 0x200-0x270 if you don't have a strong C background.
Jan 21 MLK - no class
Jan 23 ASLR and W^X
Reading: Eternal War in Memory by Szekeres et al., ASLR, and NOEXEC
Jan 28 Return-oriented programming
Reading: On the Effectiveness of Address-Space Randomization by Shacham et al., The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) by Shacham, and Hacking BLind by Bittau et al.
Jan 30 Control flow integrity
Reading: Control-Flow Integrity by Abadi et al., Control-Flow Bending: On the Effectiveness of Control-Flow Integrity by Carlini et al. and Control-Flow Integrity: Precision, Security, and Performance by Burow et al.
Feb 4 Memory safety
Reading: SoftBound: Highly Compatible and CompleteSpatial Memory Safety for C by Nagarakatte et al., Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers by Dang et al., and Bringing Memory Safety to WebAssembly by Disselkoen et al.
Feb 6 Least privilege and privilege separation
Reading: Operating Systems Security by Jaeger
Feb 11 Isolation and short review
Reading: Efficient Software-Based Fault Isolation by Wahbe et al.
Feb 12 Midterm review
Feb 13 Midterm exam (in-class)
Feb 18 President's day - no class
Feb 20 Page tables, VMs, and side channels
Reading: Remote Timing Attacks are Practical by Brumley and Boneh
Feb 25
Feb 27
Mar 4
Mar 6
Mar 11
Mar 13 Advanced topics in security
Mar 20 Final exam 7-9:59PM