CS 4440: Introduction to Computer Security

This schedule is subject to change. Please check back frequently.

Following lecture, we recommend reviewing the provided Supplemental Content (book sections , articles , podcasts , and videos ) to further your understanding of the lecture material. To access these, toggle the ▶ button located beneath each lecture description.

Part 0: Course Intro

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Aug. 20 Course Intro & The Security Mindset Threats, vulnerabilities, attacks, and defenses. Supplemental Content: Schneier: The Security Mindset Wiki: VM Setup & Troubleshooting	Aug. 22 Course Setup and Python Review VM setup, Python fundamentals, debugging code. Supplemental Content: Wiki: Terminal Cheat Sheet Wiki: Python 3 Cheat Sheet Finish registering your PollEverywhere account	Due 8/26 via Grade scope

Part 1: Communications Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Aug. 27 Message Integrity Kerckhoffs's principles, PRFs, hashes, MACs. Supplemental Content: Green: PRFs and PRPs Rosulek §11: Hash Functions Crypto Project released	Aug. 29 Message Confidentiality Caesar and Vigenère ciphers, cryptanalysis. Supplemental Content: Smart §3: Historical Ciphers	Due 9/02 via Grade scope
Sep. 03 Improved Cipher Designs PRGs, serial and transposition ciphers, cipher metrics. Supplemental Content: Rosulek §5: Pseudo-random Generators	Sep. 05 Block Ciphers Block ciphers, DES, AES, secure channels. Supplemental Content: Green: How (Not) to Use Symmetric Encryption	Due 9/09 via Grade scope
Sep. 10 Public Key Crypto Key exchange, RSA, attacks, key management. Supplemental Content: Smart §11.3: RSA Smart §14.2: Digital Signature Schemes	Sep. 12 Security in Practice: Cryptocurrency Decentralized digital currency. Supplemental Content: Mickens: Blockchains Are a Bad Idea	Due 9/16 via Grade scope

Part 2: Application and Host Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Sep. 17 All About Applications Process execution, virtual memory, and the stack. Supplemental Content: Wiki: C Cheat Sheet Wiki: x86 Cheat Sheet AppSec Project released	Sep. 19 Attacking Applications Redirecting execution, shellcode, exploit writing. Supplemental Content: Wiki: GDB Cheat Sheet Payer §5.4: Privilege Escalation Crypto Project due by 11:59pm via Canvas	Due 9/23 via Grade scope
Sep. 24 Defending Applications ASLR, DEP, and workarounds; secure coding practices. Supplemental Content: Payer §6.4: Mitigations	Sep. 26 Automated Bug Finding (guest lecture) Fuzzing, symbolic execution, taint tracking. Supplemental Content: Payer §6.3: Testing	Due 9/30 via Grade scope
Oct. 01 Access Control and Isolation Permissions, sandboxing, containers, virtual machines. Supplemental Content: Payer §2.4: Isolation	Oct. 03 Security in Practice: Malware Viruses, worms, spyware, botnets, and defenses. Supplemental Content: Darknet Diaries: Stuxnet	Due 10/14 via Grade scope
Oct. 08 No Class (Fall break)	Oct. 10 No Class (Fall break)	No Quiz

Part 3: Web and Network Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Oct. 15 The Web Platform HTTP and HTML, cookies, JavaScript, and SQL. Supplemental Content: Wiki: JavaScript Cheat Sheet WebSec Project released	Oct. 17 Web Attacks and Defenses SQL injection, CSRF and XSS attacks, and defenses. Supplemental Content: Payer §7.1: Web Security AppSec Project due by 11:59pm via Canvas	Due 10/21 via Grade scope
Oct. 22 Client-side Web Security and HTTPS Sandboxing, Same Origin Policy, SSL/TLS, certificates. Supplemental Content: Dordal §29.5: SSH and TLS	Oct. 24 Networking 101 The physical, link, network, transport, and app layers. Supplemental Content: Peterson & Davie §1.3: Architecture	Due 10/28 via Grade scope
Oct. 29 Attacking Network Applications HTML injection, E-mail spoofing, DNS hijacking, packets. Supplemental Content: Tolboom §4.4: Application Layer Protocols	Oct. 31 Denial of Service Attacks Botnets and DDoS; SYN, ICMP, and ARP attacks. Supplemental Content: Dordal §17: TCP Transport Basics	Due 11/04 via Grade scope
Nov. 05 Secure Authentication Multi-factor authentication, passwords, rainbow tables. Supplemental Content: Schneier: Choosing Secure Passwords UIC: Free Password Strength Tester NetSec Project released	Nov. 07 Security in Practice: Tor Privacy, anonymity, and censorship resistance. Supplemental Content: Crenshaw: Dropping Docs on Darknets WebSec Project due by 11:59pm via Canvas	Due 11/11 via Grade scope

Part 4: New Frontiers in Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Nov. 12 Software Reverse Engineering Binary disassembly, decompilation, and rewriting. Supplemental Content: Lin: Binary Analysis in the Era of IoT	Nov. 14 Adversarial Machine Learning (guest lecture) Evasion and data poisoning attacks, ML ethics. Supplemental Content: Carlini: Making Adversarial ML Practical	Due 11/18 via Grade scope
Nov. 19 Side Channels and Hardware Side channel attacks, hardware supply chain attacks. Supplemental Content: Kocher: Exploiting Speculative Execution	Nov. 21 Election Cybersecurity Computerized voting systems, attacks and defenses. Supplemental Content: EFF: Securing the Vote Practice Exam released	Due 12/02 via Grade scope
Nov. 26 No Class (Thanksgiving Break)	Nov. 28 No Class (Thanksgiving Break)	No Quiz

Part 5: Course Wrap-Up

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Dec. 03 What's Next? Life After CS 4440 Bug bounties, CTF, cybersecurity careers. Supplemental Content: CISA's Map of U.S. Cybersecurity Careers Mickens: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?	Dec. 05 Final Exam Review Session Practice exam solutions discussed in-class. NetSec Project due by 11:59pm via Canvas	No Quiz