The lecture has covered a
Comprehensive overview of system security
With an in-depth focus on multiple topics:
Isolation Techniques,
privilege separation,
Dealing with buggy code,
Networked and distributed systemsAnd
Human-centered security and privacy.
Links to Future Days Notes etc. are copies of last year’s content, giving you an idea of what the future will bring. We will update the notes as the course progresses. The year of publication is shown in parentheses for classroom reading.
first day of classes
LEC 1: Introduction to Threat Models (Video)
Preparation: Alternatively read modern Android exploits
Assigned: Lab 1: Buffer Overflow
LEC 2: OS and VM isolation (video)
Preparation: Read about OS and VM isolation (Question)
LEC 3: Software Fault Isolation (Video)
Preparation: Read about WebAssembly (Question)
LEC 4: Reliable Hardware (Video)
Preparation: BitLocker (2006), read section 1-2 (Question)
Payable: Lab 1 Part 1
Payable: Lab 1 Part 2
presidents Day
Monday’s program
LEC 5: CPU side-channel (video)
Preparation: Read Transient Execution Attacks and Defenses (2019) (Question)
Assigned: Lab 2: Privilege Separation
Payable: Lab 1 all parts
LEC 6: Privilege Separation (Video)
Preparation: Read OpenSSH (2003) (Question)
LEC 7: Data Center Infrastructure (Video)
Preparation: Read Google Infrastructure Security (2023) and BeyondProd (2023) (Question)
Payable: Lab 2 Part 1
LEC 8: Mobile Phone Security (Video)
Preparation: Read about iOS security (Question)
LEC 9: Web Security Model (Video)
Preparation: Read about web security (2022) (Question)
Payable: Lab 2 Part 2+3
add date
LEC 10: Buffer overflow protection (video)
Preparation: Baggy Border Check (2009) + Read Errata (Question)
Assigned: Lab 3: Symbolic Execution
LEC 11: Symbolic Execution (Video)
Preparation: Read EXE: Automatically Generating Death Inputs (2006) (Question)
Payable: lab 2 all parts
LEC 12: Verification (Video)
Preparation: Read HACL* (2017) (Question)
Quiz 1: Includes Lectures 1-12 and Labs 1-2
Reference: Past Quiz, Solutions
Material: open laptop
Time and place: 45-230 at 2:30-4
Assigned: Lab 4: Browser Security
spring vacation
spring vacation
spring vacation
spring vacation
spring vacation
Rec 1 (Anna): Getting Started with Lab 3
Time and place: 24-115 at 4-5 pm
LEC 13 (Guest): Supply Chain Security (Russ Cox) (Video)
Preparation: Trusting Trust (1984) and Russ’s Blog Post (2023), and alternatively read xz Attack (2024)
LEC 14: Network Security (Video)
Preparation: Read about network security (Question)
Payable: Lab 3 Part 1
LEC 15: Secure Channel (Video)
Preparation: Read TLS 1.3 blog post (2018) (Question)
LEC 16: Certificate (Video)
Preparation: Read Let’s Encrypt (2019) (Question)
Payable: lab 3 all parts
Assigned: Lab 5: ACME + WebAuth
patriot day
Rec 2 (Bill): Getting Started with Lab 4 (Video)
Time and place: 45-230 at 2:30-4
LEC 17: User Authentication (Video)
Preparation: Read U2F (2016) and optionally read U2F to passkeys (2023) (Question)
Payable: Lab 4 Part 1
LEC 18: Message Security (Video)
Preparation: Analysis of Signals (2019), read sections 1-3 (Question)
drop date
LEC 19: Main Transparency (Video)
Preparation: Read Conix (2015) (Question)
Payable: lab 4 all parts
Rec 3 (Music): Getting Started with Lab 5, Notes (Video)
Time and place: 10-11 am in 24-121
LEC 20: Anonymous communication (video)
Preparation: Tor (2004) and read blog posts 1, 2, and 3 (2012) (Question)
LEC 21 (Guest): Cyber Security Policy (Daniel Weitzner) (Video)
Preparation: Read The Key Under the Doormat (2015) and Cyber Risk (2024)
Payable: Lab 5 Part 1
LEC 22: Security Economics (Video)
Preparation: Read Click Trajectory (2011) (Question)
LEC 23: Differential Privacy (Video)
Preparation: PinQ Read (2009) (Question)
Payable: lab 5 all parts
LEC 24 (Guest): Information Security in Real Life (Max Burkhardt) (Video)
last day of classes
Rec 4: final exam review
Time and place: 2:30-4 pm in 32-123
Final Exam: Emphasis on Lectures 13-24 and Laboratory 3-5
Reference: Past Quiz, Solutions
Material: open laptop
Time and place: Johnson Ice Rink, 1:30-4:30 pm
<a href