Schedule
Jan. 23 (Week 1)
Introduction & Buffer Overflows
Reading material: Google Infrastructure Security (2017)
Jan. 30 (Week 2)
Low Level Vulnerabilities: Buffer overflows Integer overflows, Format string vulnerabilities
Reading material: Attacks and Defenses for Vulnerability of the decade, SoftBound, CETS
Feb. 6 (Week 3)
Return to libC attacks and Return oriented programming
Feb. 13 (Week 4)
Feb. 20 (Week 5)
Feb. 27 (Week 6)
Software fault isolation & Intel SGX
Reading Material: Native Client (2009), Innovative instructions (2013) up to section 3.2, Haven (2014) up to but not including section 6, and optionally SGX details (2016)
March 6 (Week 7)
User Authentication & OS security & Privilege separation
Reading Material: Mandatory password changes (2016), U2F (2017), Capsicum (2010) and OKWS (2004) but skip section 7
March 13 (Week 8)
Client device security (iOS & Android)
Reading Material: iOS Security (2018) page 1-25 and Understanding Android Security (2009)
Mar. 20 (Week 9)
Spring break
March 27 (Week 10)
Symbolic execution & input generation for error
Reading Material: EXE: Automatically generating inputs of death (2006)
April 3 (Week 11)
Web security
Reading Material: The Tangled Web (2012) Chapter 9-11 and Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web (2017)
April 10 (Week 12)
Network security
Reading Material: Security Problems in TCP/IP (2004) and Analysis of SSL 3.0 (1996)
April 17 (Week 13)
Cryptography
Reading Materials: On the Security of RC4 in TLS (2013) and Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices (2012)
April 24 (Week 14)
Certificates & side-channel attacks
Reading Material: SSL and HTTPS (2013) and Spectre (2018)
May 1 (Week 15)
Cryptocurrency & Secure messaging
Reading Material: Bitcoin challenges (2015) and Secure messaging (2015) (or extended version)