Plan

Introduction

1

10 May

11 May

Software

2

16 May

25 May

Host

4

29 May

29 Jun

Net

3

6 Jul

26 Jul

Web

2

27 Jul

5 Aug

1

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/0/"> Goals </a> </div> <div class="card-body"> <p class="card-text"> What do we want when we ask for “security”? </p> </div>

<div class="card-footer text-muted"> <span class="date">5 May 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/1/"> Adversaries, abstraction and trust </a> </div> <div class="card-body"> <p class="card-text"> What makes computer security special </p> </div>

<div class="card-footer text-muted"> <span class="date">6 May 2025</span> </div>

</div>

2

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/2/"> Software </a> </div> <div class="card-body"> <p class="card-text"> How does software really run on a modern computer? </p> </div>

<div class="card-footer text-muted"> <span class="date">8 May 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/3/"> Stack smashing </a> </div> <div class="card-body"> <p class="card-text"> Smashing the stack with buffer overflows </p> </div>

<div class="card-footer text-muted"> <span class="date">12 May 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/4/"> Control-flow hijacking </a> </div> <div class="card-body"> <p class="card-text"> The cat-and-mouse game between memory exploits and defences </p> </div>

<div class="card-footer text-muted"> <span class="date">13 May 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-secondary"> <a href="http://localhost:7420/lab/0/"> <i class="fas fa-laptop-code"></i> Software (easy mode) </a> </div> <div class="card-body"> <p class="card-text"> A reminder and exploration of low-level software basics: building and debugging (in "easy mode", i.e., with debugging symbols). </p> </div>

<div class="card-footer text-muted"> <span class="date">9 May 2025</span> </div>

</div>

3

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/5/"> Code-reuse attacks </a> </div> <div class="card-body"> <p class="card-text"> Writing software without invalid memory accesses </p> </div>

<div class="card-footer text-muted"> <span class="date">19 May 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/6/"> Memory safety </a> </div> <div class="card-body"> <p class="card-text"> Writing software without invalid memory accesses </p> </div>

<div class="card-footer text-muted"> <span class="date">20 May 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/7/"> Finding memory unsafety </a> </div> <div class="card-body"> <p class="card-text"> How can we locate and eliminate memory safety violations? </p> </div>

<div class="card-footer text-muted"> <span class="date">22 May 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-secondary"> <a href="http://localhost:7420/lab/1/"> <i class="fas fa-laptop-code"></i> Software (harder) </a> </div> <div class="card-body"> <p class="card-text"> More exploration of low-level software basics: debugging in hard mode and (a very little bit of) tampering. </p> </div>

<div class="card-footer text-muted"> <span class="date">23 May 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-info"> <a href="http://localhost:7420/assignment/1/"> <i class="fas fa-laptop-code"></i> Software security </a> </div> <div class="card-body"> <p class="card-text"> In this assignment, you’ll examine some of the software security features that we discussed in the first module of the course.

</p> </div>

<div class="card-footer text-muted"> <span class="date">27 May 2025</span> </div>

</div>

4

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/8/"> Host security </a> </div> <div class="card-body"> <p class="card-text"> An introduction to host security: processes, users and authorization </p> </div>

<div class="card-footer text-muted"> <span class="date">26 May 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/9/"> DAC and MAC </a> </div> <div class="card-body"> <p class="card-text"> Mandatory Access Control: history and contemporary uses </p> </div>

<div class="card-footer text-muted"> <span class="date">27 May 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-secondary"> <a href="http://localhost:7420/lab/2/"> <i class="fas fa-bug"></i> Software exploitation </a> </div> <div class="card-body"> <p class="card-text"> Practical exploitation of a vulnerable binary using integer arithmetic and return-oriented programming. </p> </div>

<div class="card-footer text-muted"> <span class="date">30 May 2025</span> </div>

</div>

5

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/10/"> Cryptography </a> </div> <div class="card-body"> <p class="card-text"> A high-level introduction to some important cryptographic basics </p> </div>

<div class="card-footer text-muted"> <span class="date">2 Jun 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/11/"> Symmetric-key ciphers </a> </div> <div class="card-body"> <p class="card-text"> More modern cryptographic primitives with symmetric keys </p> </div>

<div class="card-footer text-muted"> <span class="date">3 Jun 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/12/"> Modes, MACs and hashes </a> </div> <div class="card-body"> <p class="card-text"> Block cipher modes, message authentication codes and cryptographic hash functions </p> </div>

<div class="card-footer text-muted"> <span class="date">5 Jun 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-secondary"> <a href="http://localhost:7420/lab/2/"> <i class="fas fa-bug"></i> Software exploitation </a> </div> <div class="card-body"> <p class="card-text"> Practical exploitation of a vulnerable binary using integer arithmetic and return-oriented programming. </p> </div>

<div class="card-footer text-muted"> <span class="date">30 May 2025</span> </div>

</div>

6

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/13/"> Passwords </a> </div> <div class="card-body"> <p class="card-text"> Hashing passwords. What makes a good password? </p> </div>

<div class="card-footer text-muted"> <span class="date">9 Jun 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/14/"> Secondary authentication </a> </div> <div class="card-body"> <p class="card-text"> Supplementing passwords with additional factors </p> </div>

<div class="card-footer text-muted"> <span class="date">12 Jun 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/15/"> Public-key cryptography </a> </div> <div class="card-body"> <p class="card-text"> Cryptography using asymmetric keys </p> </div>

<div class="card-footer text-muted"> <span class="date">24 Jun 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-secondary"> <a href="http://localhost:7420/lab/3/"> <i class="fas fa-user-secret"></i> Password cracking </a> </div> <div class="card-body"> <p class="card-text"> An opportunity to play with root privilege and try out practical password cracking tools. </p> </div>

<div class="card-footer text-muted"> <span class="date">13 Jun 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-info"> <a href="http://localhost:7420/assignment/2/"> <i class="fas fa-random"></i> DAC, entropy and encryption </a> </div> <div class="card-body"> <p class="card-text"> In this assignment, you’ll play with ciphers and passwords.

</p> </div>

<div class="card-footer text-muted"> <span class="date">16 Jun 2025</span> </div>

</div>

7

Break

Midterm

8

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/16/"> Code signing </a> </div> <div class="card-body"> <p class="card-text"> Code signing and verification on various platforms </p> </div>

<div class="card-footer text-muted"> <span class="date">30 Jun 2025</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-light"> <a href="">

</a> </div> <div class="card-body"> <p class="card-text">

</p> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/18/"> Network security </a> </div> <div class="card-body"> <p class="card-text"> Models, assumptions and fundamentals of networking </p> </div>

<div class="card-footer text-muted"> <span class="date">5 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-secondary"> <a href="http://localhost:7420/lab/4/"> <i class="fas fa-user-secret"></i> Ransomware </a> </div> <div class="card-body"> <p class="card-text"> An opportunity to play with practical cryptography and see how easy it is to encrypt all of a user’s files. </p> </div>

<div class="card-footer text-muted"> <span class="date">7 Jun 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-light"> <a href="">

</a> </div> <div class="card-body"> <p class="card-text">

</p> </div>

</div>

9

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/19/"> Security protocols </a> </div> <div class="card-body"> <p class="card-text"> Models, assumptions and fundamentals of networking </p> </div>

<div class="card-footer text-muted"> <span class="date">8 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/20/"> Private messaging </a> </div> <div class="card-body"> <p class="card-text"> Secure vs private messaging and its implications </p> </div>

<div class="card-footer text-muted"> <span class="date">9 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/21/"> Middleboxes </a> </div> <div class="card-body"> <p class="card-text"> The things between you and what you want to access </p> </div>

<div class="card-footer text-muted"> <span class="date">11 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-secondary"> <a href="http://localhost:7420/lab/5/"> <i class="fas fa-network-wired"></i> Network security </a> </div> <div class="card-body"> <p class="card-text"> Playing with a couple of common tools used by network defenders and attackers. </p> </div>

<div class="card-footer text-muted"> <span class="date">3 Jul 2024</span> </div>

</div>

10

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/22/"> DNS security </a> </div> <div class="card-body"> <p class="card-text"> DNS, cache poisoning and DNSSEC </p> </div>

<div class="card-footer text-muted"> <span class="date">15 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/23/"> Wi-Fi security </a> </div> <div class="card-body"> <p class="card-text"> Networking without wires… though not without threats! </p> </div>

<div class="card-footer text-muted"> <span class="date">16 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/24/"> Virtual private networks </a> </div> <div class="card-body"> <p class="card-text"> More efforts to private a network “like in the office” </p> </div>

<div class="card-footer text-muted"> <span class="date">18 Jul 2024</span> </div>

</div>

11

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/25/"> Web security </a> </div> <div class="card-body"> <p class="card-text"> Some key Web context: introduction, history and model </p> </div>

<div class="card-footer text-muted"> <span class="date">22 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/26/"> Cross-site scripting </a> </div> <div class="card-body"> <p class="card-text"> Getting around the same-origin policy, legitimately or illegitimately </p> </div>

<div class="card-footer text-muted"> <span class="date">23 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/27/"> SQL injection </a> </div> <div class="card-body"> <p class="card-text"> Another example of input validation and how hard it can be </p> </div>

<div class="card-footer text-muted"> <span class="date">25 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-secondary"> <a href="http://localhost:7420/lab/6/"> <i class="fas fa-globe"></i> Web application fuzzing (optional) </a> </div> <div class="card-body"> <p class="card-text"> Fuzzing a Web application’s endpoints using ffuf. </p> </div>

<div class="card-footer text-muted"> <span class="date">24 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-light"> <a href="">

</a> </div> <div class="card-body"> <p class="card-text">

</p> </div>

</div>

12

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/28/"> Web authentication </a> </div> <div class="card-body"> <p class="card-text"> Authentication “as she is played” on the Web </p> </div>

<div class="card-footer text-muted"> <span class="date">29 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-primary"> <a href="http://localhost:7420/lecture/29/"> Private browsing </a> </div> <div class="card-body"> <p class="card-text"> Motivations and mechanisms for private browsing </p> </div>

<div class="card-footer text-muted"> <span class="date">30 Jul 2024</span> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-light"> <a href="">

</a> </div> <div class="card-body"> <p class="card-text">

</p> </div>

</div>

<div class="summarized card halign-left">

<div class="card-header bg-secondary"> <a href="http://localhost:7420/lab/7/"> TBD </a> </div> <div class="card-body"> <p class="card-text"> TBD </p> </div>

</div>

13

<div class="summarized card halign-left">

<div class="card-header bg-light"> <a href="">

</a> </div> <div class="card-body"> <p class="card-text">

</p> </div>

</div>