CS 4440: Introduction to Computer Security

This schedule is subject to change. Please check back frequently.

Following lecture, we recommend reviewing the provided Supplemental Content (book sections , articles , podcasts , and videos ) to further your understanding of the lecture material. To access these, toggle the ▶ button located beneath each lecture description.

Part 0: Course Intro

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Aug. 19 Course Intro & The Security Mindset Threats, vulnerabilities, attacks, and defenses. Supplemental Content: Schneier: The Security Mindset Wiki: VM Setup & Troubleshooting	Aug. 21 Course Setup and Python Review VM setup, Python fundamentals, debugging code. Supplemental Content: Wiki: Terminal Cheat Sheet Wiki: Python 3 Cheat Sheet Finish registering your PollEverywhere account	Due 8/25 via Canvas

Part 1: Communications Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Aug. 26 Message Integrity Kerckhoffs's principles, PRFs, hashes, MACs. Supplemental Content: Green: PRFs and PRPs Rosulek §11: Hash Functions Crypto Project released	Aug. 28 Message Confidentiality Caesar and Vigenère ciphers, cryptanalysis. Supplemental Content: Smart §3: Historical Ciphers	Due 9/01 via Canvas
Sep. 02 Improved Cipher Designs PRGs, serial and transposition ciphers, cipher metrics. Supplemental Content: Rosulek §5: Pseudo-random Generators	Sep. 04 Block Ciphers Block ciphers, DES, AES, secure channels. Supplemental Content: Green: How (Not) to Use Symmetric Encryption	Due 9/08 via Canvas
Sep. 09 Public Key Crypto Key exchange, RSA, attacks, key management. Supplemental Content: Smart §11.3: RSA Smart §14.2: Digital Signature Schemes	Sep. 11 Security in Practice: Cryptocurrency Decentralized digital currency. Supplemental Content: Mickens: Blockchains Are a Bad Idea	Due 9/15 via Canvas

Part 2: Application and Host Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Sep. 16 All About Applications Process execution, virtual memory, and the stack. Supplemental Content: Wiki: C Cheat Sheet Wiki: x86 Cheat Sheet AppSec Project released	Sep. 18 Attacking Applications Redirecting execution, shellcode, exploit writing. Supplemental Content: Wiki: GDB Cheat Sheet Payer §5.4: Privilege Escalation Crypto Project due by 11:59pm via Canvas	Due 9/22 via Canvas
Sep. 23 Defending Applications ASLR, DEP, and workarounds; secure coding practices. Supplemental Content: Payer §6.4: Mitigations	Sep. 25 Automated Bug Finding Fuzzing, symbolic execution, taint tracking. Supplemental Content: Payer §6.3: Testing	Due 9/29 via Canvas
Sep. 30 Access Control and Isolation Permissions, sandboxing, containers, virtual machines. Supplemental Content: Payer §2.4: Isolation	Oct. 02 Security in Practice: Malware Viruses, worms, spyware, botnets, and defenses. Supplemental Content: Darknet Diaries: Stuxnet	Due 10/13 via Canvas
Oct. 07 No Class (Fall break)	Oct. 09 No Class (Fall break)	No Quiz

Part 3: Web and Network Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Oct. 14 The Web Platform HTTP and HTML, cookies, JavaScript, and SQL. Supplemental Content: Wiki: SQL Cheat Sheet Wiki: HTML Cheat Sheet Wiki: JavaScript Cheat Sheet WebSec Project released	Oct. 16 Web Attacks and Defenses SQL injection, CSRF and XSS attacks, and defenses. Supplemental Content: Payer §7.1: Web Security AppSec Project due by 11:59pm via Canvas	Due 10/20 via Canvas
Oct. 21 Client-side Web Security and HTTPS Sandboxing, Same Origin Policy, SSL/TLS, certificates. Supplemental Content: Dordal §29.5: SSH and TLS	Oct. 23 Networking 101 The physical, link, network, transport, and app layers. Supplemental Content: Peterson & Davie §1.3: Architecture	Due 10/27 via Canvas
Oct. 28 Attacking Network Applications HTML injection, E-mail spoofing, DNS hijacking, packets. Supplemental Content: Tolboom §4.4: Application Layer Protocols	Oct. 30 Denial of Service Attacks Botnets and DDoS; SYN, ICMP, and ARP attacks. Supplemental Content: Dordal §17: TCP Transport Basics	Due 11/03 via Canvas
Nov. 04 Secure Authentication Multi-factor authentication, passwords, rainbow tables. Supplemental Content: Schneier: Choosing Secure Passwords UIC: Free Password Strength Tester NetSec Project released	Nov. 06 Security in Practice: Tor Privacy, anonymity, and censorship resistance. Supplemental Content: Crenshaw: Dropping Docs on Darknets WebSec Project due by 11:59pm via Canvas	Due 11/10 via Canvas

Part 4: New Frontiers in Security

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Nov. 11 Election Cybersecurity Computerized voting systems, attacks and defenses. Supplemental Content: EFF: Securing the Vote	Nov. 13 Side Channels and Hardware Side channel attacks, hardware supply chain attacks. Supplemental Content: Kocher: Exploiting Speculative Execution	Due 11/17 via Canvas
Nov. 18 (guest lecture 😎) Software Reverse Engineering Binary disassembly, decompilation, and RE challenges. Supplemental Content: Lin: Binary Analysis in the Era of IoT	Nov. 20 (guest lecture 😎) Attacking Large Language Models LLMs, jailbreaking, and backdoor attacks. Supplemental Content: Weng: Adversarial Attacks on LLMs Practice Exam released	Due 12/01 via Canvas
Nov. 25 No Class (Thanksgiving Break)	Nov. 27 No Class (Thanksgiving Break)	No Quiz

Part 5: Course Wrap-Up

Tuesday Meeting	Thursday Meeting	Weekly Quiz
Dec. 02 What's Next? Life After CS 4440 Bug bounties, CTF, cybersecurity careers. Supplemental Content: CISA's Map of U.S. Cybersecurity Careers Mickens: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?	Dec. 04 Final Exam Review Session Practice exam solutions discussed in-class. NetSec Project due by 11:59pm via Canvas	No Quiz