Course Schedule
A (tentative) schedule for the semester:
| Week | Date | Topic | Readings | Assignments |
|---|---|---|---|---|
| 1 | 08/26 | Logistics, Security Mindset and Software Security Basics (Permission, Set-UID, and Environment Variables) | Chapter 1 & 2 of SEED book |
hw 1: Readiness Exercise (Due: 09/03) |
| 2 | 09/02 | Software Security: Control Flow Hijacking; Write Shellcode | Chapter 4 of SEED | Chapter 10 of CSPP |
hw 2: Set-UID and Environment Variables (Due: 09/13) |
| 3 | 09/09 | Software Security: Code Reuse Attacks and ROP | Chapter 5 of SEED |
hw 3: Buffer Overflow (Code Injection) Attack [optional] (Due: 11/30) |
| 4 | 09/16 | Software Security: Control-Flow Integrity, Stack Canaries, and ASLR |
hw 4: Code Reuse Attack (ret2libc) (Due: 09/27) |
|
| 5 | 09/23 | Software Security: Vulnerability Discovery (Fuzzing and Symbolic Execution) |
Final Project Proposal (Due: 10/08) |
|
| 6 | 09/30 | Software Security: Format String Vulnerabilities, Reverse Shell | Chapter 6 & 9 of SEED |
hw 5: Format-String Vulnerability (Due: 10/17) |
| 7 | 10/07 | Software Security: Heap Exploits, Integer Overflows; Midterm Review. |
Final Project Checkpoint (Due: 11/08) |
|
| 8 | 10/14 | Midterm Exam (Oct 15); Race Conditions, Malware; Crypto: Crypto Basics, Hash Function. | ||
| 9 | 10/21 | Crypto: Symmetric-Key Encryption, Diffie-Hellman Key Exchange. | ||
| 10 | 10/28 | Crypto: Public-Key Encryption; Systems Security: password | ||
| 11 | 11/04 | Systems Security: Authentication and access control | ||
| 12 | 11/11 | Systems Security: Side-channels, OS security; Network Security: IDS, firewalls | ||
| 13 | 11/18 | Network Security: IPSec, TCP/UDP layer security, TLS, Digital Certificate (X.509) | ||
| 14 | 11/25 | Special Topics | ||
| 15 | 12/02 | Final Project Presentation |