Course Calendar

Below is the calendar for this course. This is the preliminary schedule, which will be altered as the quarter progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Date	Topic	Assignments Due	Readings for Discussion (do readings before class)
01/09/24	Introduction (Slides)		Course syllabus link
01/11/24	Passwords (Slides)	P1: Password Strengthening (Due 1/26/24)	Tools and Jewels: Chapter 3.1-3.3 link
01/16/24	History of Attacks (Slides)		The Internet Worm Program: An Analysis, Eugene Spafford, Purdue Technical Report, CSD-TR-823, 1988 (Sections 1-3).link
01/18/24	Software Vulnerabilities (Slides)		Vulnerability Definitions link
01/23/24	Memory Errors (Slides)	Homework 1 (Due 2/12/24)	Paul van Oorschot. Tools and Jewels. Section 6.2. link
01/25/24	Memory Errors (Part 2) (Slides)		Common Vulnerabilities and Exposures link Common Weakness Enumeration link
01/30/24	Buffer Overflow Attacks (Slides)		Paul van Oorschot. Tools and Jewels. Section 6.3. link Aleph One. Smashing the Stack for Fun and Profit. Volume 7, Issue 49. link
02/01/24	Return-oriented Attacks (Slides)	P2: Debugger Exploitation (Due 2/22/24)	Paul van Oorschot. Tools and Jewels. Section 6.5. link Red Team Notes. Return-to-Libc / ret2libc. link
02/06/24	Return-oriented Attacks (Part 2) (Slides)		Paul van Oorschot. Tools and Jewels. Section 6.5. link Red Team Notes. Return-to-Libc / ret2libc. link
02/08/24	Heap Attacks (Slides)		Paul van Oorschot. Tools and Jewels. Section 6.4. link
02/13/24	Midterm Review (Slides)
02/15/24	Midterm
02/20/24	Fixing Software (Slides)		Beginners Guide to Fuzzing: Tutorial link American Fuzzy Lop link Secure Programming HOWTO (Chapters 5 and 6) link
02/22/24	Malware (Slides)		Paul van Oorschot. Tools and Jewels. Sections 7.1-7.5 link
02/27/24	Web and Browser Security (Slides)	P3: Heap Exploitation (Due 3/15/24)	Paul van Oorschot. Tools and Jewels. Sections 9.1, 9.3-9.4, 9.5-9.6 link
02/29/24	Network Security (Slides)		Paul van Oorschot. Tools and Jewels. Sections 10.1-10.2 link
03/05/24	File System Security (Slides)	Homework 2 (Due 3/11/24)	The Confused Deputy (or why capabilities might have been invented). Norm Hardy. Operating Systems Review, pp. 36-38, Oct. 1988. link
03/07/24	Access Controls (Slides)		Paul van Oorschot. Tools and Jewels. Section 5.2-5.3.link
03/12/24	Mandatory Access Controls (Slides)		Paul van Oorschot. Tools and Jewels. Section 5.7.link
03/14/24	Final Review (Slides)
03/22/24	Final Exam - Friday, 3/22/24, 3-6pm - Chung 143