CS 161: Computer Security

Announcements:

  • Final grades are posted. Thanks for a great semester!

Instructor: Nicholas Weaver

Lecture: Tu/Th, 12:30pm-2:00pm PT

Show/hide optional readings

Skip to current week

Date Lecture Readings Discussion HW
Thu
08/27		 Introduction (recording)

Optional: CS61C review

 No discussion! HW1
Mon
08/31

Project 1 released

 x86, GDB, and Security Principles
(solutions)
(recording)
Tue
09/01		 Security Principles (recording)

Notes (Principles)

Notes (Design Patterns)
Thu
09/03		 Buffer Overflows (recording)

Notes, sections 1-6

Smashing The Stack For Fun And Profit

Slides on a normal x86 function call, a crash, a control-flow diversion, and code injection
Tue
09/08		 Buffer Overflow Defenses (recording)

Notes

Pointer Authentication

Real World Exploit Example

 Software Security
(solutions)
(recording)
Thu
09/10		 Cryptography - IND-CPA + One-Time Pads (recording)

Notes, sections 1-4

Enigma Machine Notebook
Tue
09/15		 Block Ciphers + Symmetric Key Encryption (recording)

Notes, sections 5-6

AES Demo

 Cryptography I
(solutions)
(recording)		HW2
Thu
09/17		 Integrity (MACs) + Pseudorandom Generators (recording)

Notes, sections 1-2
Tue
09/22		 Public Key Exchange (recording)

Notes, section 1

 Cryptography II
(solutions)
(recording)
Thu
09/24		 Public Key Encryption (recording)

Notes, section 2
Fri
09/25

Project 1 due (11:59pm PT)
Mon
09/28

Optional Lab 1 released

 Cryptography III
(solutions)
(recording)		HW3
Tue
09/29		 Voting + Blockchain (recording)

Risks of Cryptocurrencies

How to make money with Bitcoin
Thu
10/01		 Password Hashing + Signal + Tor (recording)

Notes (Passwords)

Notes (Key Management)
Mon
10/05

Project 2 soft release

 Midterm Review
Tue
10/06		 Command Injection + SQL Injection (recording)

Web notes, section 5

Squigler demo
Thu
10/08		 Intro to Web + Cookies (recording)

Web notes, section 1-3, 7
Fri
10/09

Midterm (5:00pm-7:00pm PT)
Tue
10/13		 CSRF + Stored XSS (recording)

Notes, section 6, 8

OWASP page on CSRF

OWASP page on XSS

 Web Security I
(solutions)
(recording)		HW4
Thu
10/15		 Reflected XSS + UI Attacks (recording)

Web notes, section 6

XSS Prevention Cheat Sheet

Content Security Policy
Tue
10/20		 Captchas + Networking Background (recording)

Networking notes, section 1

 Web Security II
(solutions)
(recording)
Thu
10/22		 Low-Level Network Attacks (recording)

Networking notes, sections 2-4
Tue
10/27		 DNS (recording)

Networking notes, sections 8-9

 Web Security III
(solutions)
(recording)		HW5
Wed
10/28

Project 2 design doc due (11:59pm PT)
Thu
10/29		 IP + TCP + TLS (recording)

Networking notes, sections 5-7
Tue
11/03		 (Optional) Boeing 737-MAX + Quantum (recording) Election Week (optional)
Thu
11/05		 (Optional) Nukes + Tor + Sidechannels (recording)
Fri
11/06

Optional Lab 1 due (11:59pm PT)
Tue
11/10		 TLS (continued) + Denial of Service (recording)

Networking notes, section 7

 Network Security I
(solutions)
(recording)		HW6
Thu
11/12		 DNSSEC (recording)

Networking notes, section 10
Mon
11/16

Optional Lab 2 released

 Network Security II
(solutions)
(recording)
Mon
11/16

Project 3 released
Tue
11/17		 Intrusion Detection (recording)
Wed
11/18

Project 2 due (11:59pm PT)
Thu
11/19		 Abusing Intrusion Detection (recording)
Tue
11/24		 Network Censorship + Malware (recording)

Firewalls notes

 No discussion (Thanksgiving) HW7
Thu
11/26		 Thanksgiving (No Lecture)
Tue
12/01		 Malcode (recording) Network Security III
(solutions)
(recording)
Thu
12/03		 Personal Security + Ask Nick Anything (recording)

(Optional) Cat video
Fri
12/04

Project 3 due (11:59pm PT)
Tue
12/08		 (Optional) Project 2 Solution Discussion (Live only) Final Review
Thu
12/10		 (Optional) Using Buffer Overflows to Speedrun Super Mario Bros. 3
Fri
12/11

Optional Lab 2 due (11:59pm PT)
Thu
12/17

Final exam (11:30am-2:30pm PT)