CS165 Spring 2024

Apr 1, Mon

Introduction: Course Overview

Apr 3, Wed

Passwords

Project 1 out

Paul van Oorschot. Tools and Jewels: Chapter 3.1-3.3 Link Additional reading: Link

Apr 5, Fri

Vulnerabilities

Vulnerability definition Link

Apr 8, Mon

Low-level program execution

Bryant and O'Hallaron. CSAPP: Chapter 3.2-3.4.3 Link

Apr 10, Wed

Low-level program execution 2

Bryant and O'Hallaron. CSAPP: Chapter 3.4.4, 3.6 Link

Apr 12, Fri

Buffer overflows

Project 1 due
Project 2 out

Aleph One. Smashing the stack for fun and profit. Link

Apr 15, Mon

Control flow hijack

Apr 17, Wed

Control flow hijack defenses

Homework 1 out

Apr 19, Fri

Return-Oriented Programming

Paul van Oorschot. Tools and Jewels. Section 6.5. Link
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). Link

Apr 22, Mon

Control flow integrity

Martin Abadi et al. Control-Flow Integrity Principles, Implementations, and Applications. Link

Apr 24, Wed

Heap attacks

Paul van Oorschot. Tools and Jewels. Section 6.4. Link

Apr 26, Fri

Attack surface and access control

Homework 1 due

Paul van Oorschot. Tools and Jewels. Section 1.7. Link

Apr 28, Mon

Access control models

Paul van Oorschot. Tools and Jewels. Section 5.2 and 5.3. Link

May 1, Wed

Mid-term review

Project 2 due the day before (Apr 30)

May 3, Fri

Midterm

May 6, Mon

Vulnerability discovery: fuzzing

Beginners Guide to Fuzzing: Tutorial Link
Beginners Guide to Fuzzing: Tutorial Link
American Fuzzy Lop Link

May 8, Wed

Post-midterm review

May 10, Fri

Vulnerability discovery: static analysis

May 13, Mon

Vulnerability discovery: static analysis 2

LLVM getting started Link

May 15, Wed

Malware

Paul van Oorschot. Tools and Jewels. Sections 7.1-7.5 Link

May 17, Fri

Case study: Android permission check analysis

Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. Link

May 20, Mon

File System Security

Finding Name Resolution Vulnerabilities in Programs. Link

May 22, Wed

Web Security

Paul van Oorschot. Tools and Jewels. Sections 9.1, 9.3-9.4, 9.5-9.6 Link

May 24, Fri

Network Security

Paul van Oorschot. Tools and Jewels. Section 11. Link

May 27, Mon

Holiday. No class.

May 29, Wed

Network Security 2

Paul van Oorschot. Tools and Jewels. Sections 10.1-10.2 Link

May 31, Fri

Network Security 3

Jun 3, Mon

Guest lecture by UCR CISO

Jun 5, Wed

Final Review

Jun 7, Fri

Final Review 2

Date	Class	Calendar	Reading
Apr 1, Mon	Introduction: Course Overview
Apr 3, Wed	Passwords	Project 1 out	Paul van Oorschot. Tools and Jewels: Chapter 3.1-3.3 Link Additional reading: Link
Apr 5, Fri	Vulnerabilities		Vulnerability definition Link
Apr 8, Mon	Low-level program execution		Bryant and O'Hallaron. CSAPP: Chapter 3.2-3.4.3 Link
Apr 10, Wed	Low-level program execution 2		Bryant and O'Hallaron. CSAPP: Chapter 3.4.4, 3.6 Link
Apr 12, Fri	Buffer overflows	Project 1 due Project 2 out	Aleph One. Smashing the stack for fun and profit. Link
Apr 15, Mon	Control flow hijack
Apr 17, Wed	Control flow hijack defenses	Homework 1 out
Apr 19, Fri	Return-Oriented Programming		Paul van Oorschot. Tools and Jewels. Section 6.5. Link The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). Link
Apr 22, Mon	Control flow integrity		Martin Abadi et al. Control-Flow Integrity Principles, Implementations, and Applications. Link
Apr 24, Wed	Heap attacks		Paul van Oorschot. Tools and Jewels. Section 6.4. Link
Apr 26, Fri	Attack surface and access control	Homework 1 due	Paul van Oorschot. Tools and Jewels. Section 1.7. Link
Apr 28, Mon	Access control models		Paul van Oorschot. Tools and Jewels. Section 5.2 and 5.3. Link
May 1, Wed	Mid-term review	Project 2 due the day before (Apr 30)
May 3, Fri	Midterm
May 6, Mon	Vulnerability discovery: fuzzing		Beginners Guide to Fuzzing: Tutorial Link Beginners Guide to Fuzzing: Tutorial Link American Fuzzy Lop Link
May 8, Wed	Post-midterm review
May 10, Fri	Vulnerability discovery: static analysis
May 13, Mon	Vulnerability discovery: static analysis 2		LLVM getting started Link
May 15, Wed	Malware		Paul van Oorschot. Tools and Jewels. Sections 7.1-7.5 Link
May 17, Fri	Case study: Android permission check analysis		Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. Link
May 20, Mon	File System Security		Finding Name Resolution Vulnerabilities in Programs. Link
May 22, Wed	Web Security		Paul van Oorschot. Tools and Jewels. Sections 9.1, 9.3-9.4, 9.5-9.6 Link
May 24, Fri	Network Security		Paul van Oorschot. Tools and Jewels. Section 11. Link
May 27, Mon	Holiday. No class.
May 29, Wed	Network Security 2		Paul van Oorschot. Tools and Jewels. Sections 10.1-10.2 Link
May 31, Fri	Network Security 3
Jun 3, Mon	Guest lecture by UCR CISO
Jun 5, Wed	Final Review
Jun 7, Fri	Final Review 2

CS165 Computer Security