| LEC # | TOPICS | KEY DATES |
|---|---|---|
| 1 | Introduction, Threat Models | Lab 1 out |
| 2 | Control Hijacking Attacks | |
| 3 | Buffer Overflow Exploits and Defenses | Lab 1 (parts 1 and 2) due two days after Lec 3 |
| 4 | Privilege Separation | |
| 5 | Guest Lecture: Paul Youn from iSEC Partners |
Lab 2 out Lab 1 due two days after Lec 5 |
| 6 | Capabilities | |
| 7 | Sandboxing Native Code | Lab 2 (part 1) due two days after Lec 7 |
| 8 | Web Security Model | |
| 9 | Securing Web Applications | Lab 2 (parts 2 and 3) due two days after Lec 9 |
| 10 | Symbolic Execution |
Lab 3 out Lab 2 due two days after Lec 10 |
| 11 | Ur / Web |
Lab 7 (Final Project) out Lab 3 (part 1) due two days after Lec 11 |
| 12 | Network Security | |
| 13 | Network Protocols |
Lab 4 out Lab 3 due two days after Lec 13 |
| 14 | SSL and HTTPS | Lab 5 out |
| Quiz 1 |
Covers lectures 1–14 and labs 1–3 Open Book and Notes |
Lab 4 due two days after Quiz 1 Final Project Proposal Due two days after Quiz 1 |
| 15 | Medical Software | |
| 16 | Side-Channel Attacks | Lab 6 out |
| 17 | User Authentication | Lab 5 due two days after Lec 17 |
| 18 | Private Browsing | |
| 19 | Anonymous Communication |
Lab 6 due two days after Lec 19 Final Project Status Update due two days after Lec 19 |
| 20 | Mobile Phone Security | |
| 21 | Data Tracking | |
| Quiz 2 |
Covers lectures 15–21 and labs 4–6 Open Book and Notes | |
| 22 | Guest Lecture: Mark Silis and David LaPorte from MIT IS&T | |
| 23 | Security Economics | |
| 24 | Project Presentations | Final Project Writeup and Code due two days after Lec 24 |
