CS 4440: Introduction to Computer Security

This schedule is subject to change. Please check back frequently.

Following lecture, we recommend reviewing the provided Supplemental Content (book sections , articles , podcasts , and videos ) to further your understanding of the lecture material. To access these, toggle the ▶ button located beneath each lecture description.

Part 0: Course Intro

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Aug. 20 Course Intro & The Security Mindset (slides) Threats, vulnerabilities, attacks, and defenses. Supplemental Content: Schneier: The Security Mindset Wiki: VM Setup & Troubleshooting	Aug. 22 Course Setup and Python Review (slides) VM setup, Python fundamentals, debugging code. Supplemental Content: Wiki: Terminal Cheat Sheet Wiki: Python 3 Cheat Sheet Finish registering your PollEverywhere account	Due 8/26 via Canvas

Part 1: Communications Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Aug. 27 Message Integrity (slides) Kerckhoffs's principles, PRFs, hashes, MACs. Supplemental Content: Green: PRFs and PRPs Rosulek §11: Hash Functions Crypto Project released	Aug. 29 (hybrid lecture 🏈) Message Confidentiality (slides) Caesar and Vigenère ciphers, cryptanalysis. Supplemental Content: Smart §3: Historical Ciphers	Due 9/02 via Canvas
Sep. 03 Improved Cipher Designs (slides) PRGs, serial and transposition ciphers, cipher metrics. Supplemental Content: Rosulek §5: Pseudo-random Generators	Sep. 05 Block Ciphers (slides) Block ciphers, DES, AES, secure channels. Supplemental Content: Green: How (Not) to Use Symmetric Encryption	Due 9/09 via Canvas
Sep. 10 Public Key Crypto (slides) Key exchange, RSA, attacks, key management. Supplemental Content: Smart §11.3: RSA Smart §14.2: Digital Signature Schemes	Sep. 12 Security in Practice: Cryptocurrency (slides) Decentralized digital currency. Supplemental Content: Mickens: Blockchains Are a Bad Idea	Due 9/16 via Canvas

Part 2: Application and Host Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Sep. 17 All About Applications (slides) Process execution, virtual memory, and the stack. Supplemental Content: Wiki: C Cheat Sheet Wiki: x86 Cheat Sheet AppSec Project released	Sep. 19 Attacking Applications (slides) Redirecting execution, shellcode, exploit writing. Supplemental Content: Wiki: GDB Cheat Sheet Payer §5.4: Privilege Escalation Crypto Project due by 11:59pm via Canvas	Due 9/23 via Canvas
Sep. 24 Defending Applications (slides) ASLR, DEP, and workarounds; secure coding practices. Supplemental Content: Payer §6.4: Mitigations	Sep. 26 (guest lecture 😎) Automated Bug Finding (slides) Fuzzing, symbolic execution, taint tracking. Supplemental Content: Payer §6.3: Testing	Due 9/30 via Canvas
Oct. 01 Access Control and Isolation (slides) Permissions, sandboxing, containers, virtual machines. Supplemental Content: Payer §2.4: Isolation	Oct. 03 Security in Practice: Malware (slides) Viruses, worms, spyware, botnets, and defenses. Supplemental Content: Darknet Diaries: Stuxnet	Due 10/14 via Canvas
Oct. 08 No Class (Fall break)	Oct. 10 No Class (Fall break)	No Quiz

Part 3: Web and Network Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Oct. 15 The Web Platform (slides) HTTP and HTML, cookies, JavaScript, and SQL. Supplemental Content: Wiki: SQL Cheat Sheet Wiki: HTML Cheat Sheet Wiki: JavaScript Cheat Sheet WebSec Project released	Oct. 17 Web Attacks and Defenses (slides) SQL injection, CSRF and XSS attacks, and defenses. Supplemental Content: Payer §7.1: Web Security AppSec Project due by 11:59pm via Canvas	Due 10/21 via Canvas
Oct. 22 Client-side Web Security and HTTPS (slides) Sandboxing, Same Origin Policy, SSL/TLS, certificates. Supplemental Content: Dordal §29.5: SSH and TLS	Oct. 24 Networking 101 (slides) The physical, link, network, transport, and app layers. Supplemental Content: Peterson & Davie §1.3: Architecture	Due 10/28 via Canvas
Oct. 29 Attacking Network Applications (slides) HTML injection, E-mail spoofing, DNS hijacking, packets. Supplemental Content: Tolboom §4.4: Application Layer Protocols	Oct. 31 Denial of Service Attacks (slides) Botnets and DDoS; SYN, ICMP, and ARP attacks. Supplemental Content: Dordal §17: TCP Transport Basics	Due 11/04 via Canvas
Nov. 05 Secure Authentication (slides) Multi-factor authentication, passwords, rainbow tables. Supplemental Content: Schneier: Choosing Secure Passwords UIC: Free Password Strength Tester NetSec Project released	Nov. 07 Security in Practice: Tor (slides) Privacy, anonymity, and censorship resistance. Supplemental Content: Crenshaw: Dropping Docs on Darknets WebSec Project due by 11:59pm via Canvas	Due 11/11 via Canvas

Part 4: New Frontiers in Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Nov. 12 Software Reverse Engineering (slides) Binary disassembly, decompilation, and RE challenges. Supplemental Content: Lin: Binary Analysis in the Era of IoT	Nov. 14 (guest lecture 😎) Attacking Large Language Models (slides) LLMs, jailbreaking, and backdoor attacks. Supplemental Content: Weng: Adversarial Attacks on LLMs	Due 11/18 via Canvas
Nov. 19 Side Channels and Hardware (slides) Side channel attacks, hardware supply chain attacks. Supplemental Content: Kocher: Exploiting Speculative Execution	Nov. 21 Election Cybersecurity Computerized voting systems, attacks and defenses. Supplemental Content: EFF: Securing the Vote Practice Exam released	Due 12/02 via Canvas
Nov. 26 No Class (Thanksgiving Break)	Nov. 28 No Class (Thanksgiving Break)	No Quiz

Part 5: Course Wrap-Up

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Dec. 03 What's Next? Life After CS 4440 Bug bounties, CTF, cybersecurity careers. Supplemental Content: CISA's Map of U.S. Cybersecurity Careers Mickens: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?	Dec. 05 Final Exam Review Session Practice exam solutions discussed in-class. NetSec Project due by 11:59pm via Canvas	No Quiz