原文
The lectures cover a broad overview of systems security together with a deeper focus on several topics: isolation techniques, privilege separation, dealing with buggy code, networked and distributed systems, and human-focused security and privacy.
Links to notes etc. on future days are copies of materials from last year, to give you an idea of what the future will bring. We will update the notes as the course progresses. The year of publication for class readings are shown in parentheses.
First day of classes
LEC 1: Introduction, threat models (video)
Preparation: Optionally read Modern Android exploit
Assigned: Lab 1: Buffer overflows
LEC 2: OS and VM isolation (video)
Preparation: Read about OS and VM isolation (Question)
LEC 3: Software fault isolation (video)
Preparation: Read about WebAssembly (Question)
LEC 4: Trusted hardware (video)
Preparation: Read BitLocker (2006), sections 1-2 (Question)
DUE: Lab 1 part 1
DUE: Lab 1 part 2
Presidents day
Monday schedule
LEC 5: CPU side-channels (video)
Preparation: Read Transient Execution Attacks and Defenses (2019) (Question)
Assigned: Lab 2: Privilege separation
DUE: Lab 1 all parts
LEC 6: Privilege separation (video)
Preparation: Read OpenSSH (2003) (Question)
LEC 7: Data center infrastructure (video)
Preparation: Read Google Infrastructure Security (2023) and BeyondProd (2023) (Question)
DUE: Lab 2 part 1
LEC 8: Mobile phone security (video)
Preparation: Read about iOS Security (Question)
LEC 9: Web security model (video)
Preparation: Read about web security (2022) (Question)
DUE: Lab 2 parts 2+3
ADD DATE
LEC 10: Buffer overflow defenses (video)
Preparation: Read Baggy bounds checking (2009) + errata (Question)
Assigned: Lab 3: Symbolic execution
LEC 11: Symbolic execution (video)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)
DUE: Lab 2 all parts
LEC 12: Verification (video)
Preparation: Read HACL* (2017) (Question)
Quiz 1: Covers lectures 1-12 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: 2:30-4p in 45-230
Assigned: Lab 4: Browser security
Spring vacation
Spring vacation
Spring vacation
Spring vacation
Spring vacation
REC 1 (anna): Getting started with lab 3
Time and Location: 4-5pm in 24-115
LEC 13 (guest): Supply chain security (Russ Cox) (video)
Preparation: Read Trusting Trust (1984) and Russ's blog post (2023), and optionally xz attack (2024)
LEC 14: Network security (video)
Preparation: Read about network security (Question)
DUE: Lab 3 part 1
LEC 15: Secure channels (video)
Preparation: Read TLS 1.3 blog post (2018) (Question)
LEC 16: Certificates (video)
Preparation: Read Let's Encrypt (2019) (Question)
DUE: Lab 3 all parts
Assigned: Lab 5: ACME + WebAuthn
Patriots day
REC 2 (bill): Getting started with lab 4 (video)
Time and Location: 2:30-4pm in 45-230
LEC 17: User authentication (video)
Preparation: Read U2F (2016) and optionally from U2F to passkeys (2023) (Question)
DUE: Lab 4 part 1
LEC 18: Messaging security (video)
Preparation: Read Analysis of Signal (2019), sections 1-3 (Question)
DROP DATE
LEC 19: Key transparency (video)
Preparation: Read CONIKS (2015) (Question)
DUE: Lab 4 all parts
REC 3 (sanjit): Getting started with lab 5, notes (video)
Time and Location: 10-11am in 24-121
LEC 20: Anonymous communication (video)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012) (Question)
LEC 21 (guest): Cybersecurity policy (Daniel Weitzner) (video)
Preparation: Read Keys under doormats (2015) and Cyber risk (2024)
DUE: Lab 5 part 1
LEC 22: Security economics (video)
Preparation: Read Click trajectories (2011) (Question)
LEC 23: Differential privacy (video)
Preparation: Read PINQ (2009) (Question)
DUE: Lab 5 all parts
LEC 24 (guest): Information security in real life (Max Burkhardt) (video)
Last day of classes
REC 4: Final exam review
Time and Location: 2:30-4pm in 32-123
Final exam: Emphasis on lectures 13-24 and labs 3-5
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: Johnson Ice Rink, 1:30-4:30pm