Development of Secure Software Systems

Course schedule overview

The scheduling and selection of lecture topics is subject to minor adjustment as the semester progresses, but the assignment and exam dates are not expected to change.

Date	Lecture topic	Assignments due
Tuesday 9/ 5	Introduction and logistics
Thursday 9/ 7	Intro to memory safety
Tuesday 9/12	More memory safety
Thursday 9/14	Threat modeling 1
Tuesday 9/19	Memory safety attacks
Thursday 9/21	Memory safety attacks 2
Tuesday 9/26	More threat modeling, with example
Thursday 9/28	ROP
Friday 9/29		Problem Set 1 due
Tuesday 10/ 3	Auditing, fuzzing, and more mitigations
Thursday 10/ 5	Access control and the Unix filesystem
Tuesday 10/10	Midterm 1
Thursday 10/12	Ethical and legal concerns in security
Tuesday 10/17	More permissions, shell injection
Thursday 10/19	OS-level attacks
Friday 10/20		~~Project 0.5 due~~
Tuesday 10/24	OS protection and isolation
Thursday 10/26	~~Threat modeling of AI risks~~
Friday 10/27		Project 0.5 due
Tuesday 10/31	Web security, server side
Thursday 11/ 2	Web security, client side
Friday 11/ 3		~~Problem Set 2 due~~
Tuesday 11/ 7	Cryptography: general principles
Thursday 11/ 9	Cryptography: symmetric-key encryption
Friday 11/10		Project 1 submission 1 due
Tuesday 11/14	Cryptography: hashing, MACs, and secure channels
Thursday 11/16	Midterm 2
Tuesday 11/21	Cryptography: public-key primitives
Thursday 11/23	No class, Thanksgiving
Tuesday 11/28	A security perspective on networks
Thursday 11/30	Encrypted protocols
Friday 12/ 1		Project 1 submission 2 due
Tuesday 12/ 5	User authentication
Thursday 12/ 7	User identities
Tuesday 12/12	Usable security principles and case studies (last lecture)

Detailed reading and lecture schedule

Tuesday, September 5th (8-up slides): High level overview, course assignments and grading logistics. No readings.
Thursday, September 7th (8-up slides): Introduction to memory safety vulnerabilities. No readings.
Tuesday, September 12th (8-up slides, updated with stack answers, announcements, new URL): More memory safety vulnerabilities. No readings. overflow-eg.c
Thursday, September 14th (8-up slides): Code auditing and threat modeling. No readings.
Tuesday, September 19th (8-up slides): STRIDE, attacks against memory safety vulnerabilities. Reading: notes on drawing data-flow diagrams.
Thursday, September 21st (8-up slides): More memory-safety attacks, and W xor X. No readings.
Tuesday, September 26th (8-up slides, updated with announcements and some answers): More on threat modeling, with an in-class exercise. No readings.
Thursday, September 28th (8-up slides): ROP with an exercise (instructions PDF, editable SVG), fuzz testing. No readings.
Tuesday, October 3rd (8-up slides): Code auditing, testing and fuzzing. More low-level defenses: ASLR, return address protection. Reading: chapter 4 of The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald, and Justin Schuh (Addison-Wesley 2006, this version courtesy of O'Reilly Learning). Available as a class-use-only PDF download on the Files section of the Canvas page: the 1 column version is recommended for online reading, and the 2 column version for printing. You can skip the final sections "Code Auditor's Toolbox" (which is out of date) and "Case Study: OpenSSH". In other words, through page 51 in the 1-column PDF or page 26 in the 2-column PDF.
Thursday, October 5th (8-up slides): Operating systems access control. The Unix filesystem and its permissions. No readings.
Tuesday, October 10th: Midterm exam 1 in class. The spring 2022, fall 2022, and spring 2023 midterms are available for comparison, as well as the spring 2022 solutions and fall 2022 solutions.
Thursday, October 12th (8-up slides): Ethical and Legal perspectives. Readings: “System Administration as a Criminal Activity or, the Strange Case of Randal Schwartz” (Internet Archive, local copy); and class action complaint against Sony BMG (you don't need to read the EULA appendixes).
Tuesday, October 17th (8-up slides): More on Unix permissions, and shell injection attacks. No readings.
Thursday, October 19th (8-up slides): Shell injection attacks, race conditions, and preventing them. Reading: David A. Wheeler, Secure Programming HOWTO. Chapters 3, Summary of Linux and Unix Security Features, and 7, Design Your Program for Security, skipping section 7.16. (Quiz due 10/26)
Tuesday, October 24th (8-up slides, updated with announcements): Safer OS programming, OS protection and isolation mechanisms. Optional bonus reading: Daniel J. Bernstein, Some thoughts on security after ten years of qmail 1.0, CSAW 2007.
Thursday, October 26th: Lecture cancelled due to instructor illness. Optional bonus reading: OpenAI, GPT-4 System Card.
Tuesday, October 31st (8-up slides, updated with announcements): Web security 1: introduction and server-side. Lecture online (Zoom link on Canvas) due to instructor illness. Reading: OWASP Top 10:2021: The Ten Most Critical Web Application Security Risks. Follow one level of links to the pages about the 10 categories A01 through A10.
Thursday, November 2nd (8-up slides): Web security 2: XSS, privacy, and other risks. No readings.
Tuesday, November 7th (8-up slides): Other web security risks, introduction to cryptography. No readings.
Thursday, November 9th (8-up slides, with announcements): Cryptography 2: stream ciphers, block ciphers. Reading: "Cryptography", chapter 5 of Ross Anderson, Security Engineering, third edition. Available via the campus libraries through Wiley Online, here. The same chapter from the previous edition is available free for anyone from the author's web site and has most of the same content.
Tuesday, November 14th (8-up slides, updated with midterm reminder): Cryptography 3: more on block ciphers, hash functions and MACs.
Thursday, November 16th: Midterm exam 2 in class. The spring 2022, fall 2022, and spring 2023 midterms are available for comparison, as well as the spring 2022 and spring 2023 solutions. See a Piazza post for fall 2022 solutions discussion.
Tuesday, November 21st (8-up slides, updated with announcements): Cryptography 4: public key primitives. No readings.
Tuesday, November 28th (8-up slides): Networks, classic network attacks, and protocols. No readings.
Thursday, November 30th (8-up slides): PKI and practical encrypted network protocols. No readings.
Tuesday, December 5th (8-up slides, updated with announcements): User authentication and error tradeoffs. No readings.
Thursday, December 7th (8-up slides): More authentication, usability principles. No readings.
Tuesday, December 12th (8-up slides): Usability principles and examples, final lecture. No readings.