CS 4440: Introduction to Computer Security


This schedule is subject to change. Please check back frequently.

Following lecture, we recommend reviewing the provided Supplemental Content (book sections , articles , podcasts , and videos ) to further your understanding of the lecture material. To access these, toggle the ▶ button located beneath each lecture description.



Part 0: Course Intro

Tuesday Meeting Thursday Meeting Weekly Quiz
Aug. 20
Course Intro & The Security Mindset (slides)
Threats, vulnerabilities, attacks, and defenses.
 Supplemental Content:
Aug. 22
Course Setup and Python Review (slides)
VM setup, Python fundamentals, debugging code.
 Supplemental Content:
  Finish registering your PollEverywhere account
Due 8/26 via Canvas

Part 1: Communications Security

Tuesday Meeting Thursday Meeting Weekly Quiz
Aug. 27
Message Integrity (slides)
Kerckhoffs's principles, PRFs, hashes, MACs.
 Supplemental Content:
  Crypto Project released
Aug. 29 (hybrid lecture 🏈)
Message Confidentiality (slides)
Caesar and Vigenère ciphers, cryptanalysis.
 Supplemental Content:
Due 9/02 via Canvas
Sep. 03
Improved Cipher Designs (slides)
PRGs, serial and transposition ciphers, cipher metrics.
 Supplemental Content:
Sep. 05
Block Ciphers (slides)
Block ciphers, DES, AES, secure channels.
 Supplemental Content:
Due 9/09 via Canvas
Sep. 10
Public Key Crypto (slides)
Key exchange, RSA, attacks, key management.
 Supplemental Content:
Sep. 12
Security in Practice: Cryptocurrency (slides)
Decentralized digital currency.
 Supplemental Content:
Due 9/16 via Canvas

Part 2: Application and Host Security

Tuesday Meeting Thursday Meeting Weekly Quiz
Sep. 17
All About Applications (slides)
Process execution, virtual memory, and the stack.
 Supplemental Content:
  AppSec Project released
Sep. 19
Attacking Applications (slides)
Redirecting execution, shellcode, exploit writing.
 Supplemental Content:
  Crypto Project due by 11:59pm via Canvas
Due 9/23 via Canvas
Sep. 24
Defending Applications (slides)
ASLR, DEP, and workarounds; secure coding practices.
 Supplemental Content:
Sep. 26 (guest lecture 😎)
Automated Bug Finding (slides)
Fuzzing, symbolic execution, taint tracking.
 Supplemental Content:
Due 9/30 via Canvas
Oct. 01
Access Control and Isolation (slides)
Permissions, sandboxing, containers, virtual machines.
 Supplemental Content:
Oct. 03
Security in Practice: Malware (slides)
Viruses, worms, spyware, botnets, and defenses.
 Supplemental Content:
Due 10/14 via Canvas
Oct. 08
No Class (Fall break)
Oct. 10
No Class (Fall break)
No Quiz

Part 3: Web and Network Security

Tuesday Meeting Thursday Meeting Weekly Quiz
Oct. 15
The Web Platform (slides)
HTTP and HTML, cookies, JavaScript, and SQL.
 Supplemental Content:
  WebSec Project released
Oct. 17
Web Attacks and Defenses (slides)
SQL injection, CSRF and XSS attacks, and defenses.
 Supplemental Content:
  AppSec Project due by 11:59pm via Canvas
Due 10/21 via Canvas
Oct. 22
Client-side Web Security and HTTPS (slides)
Sandboxing, Same Origin Policy, SSL/TLS, certificates.
 Supplemental Content:
Oct. 24
Networking 101 (slides)
The physical, link, network, transport, and app layers.
 Supplemental Content:
Due 10/28 via Canvas
Oct. 29
Attacking Network Applications (slides)
HTML injection, E-mail spoofing, DNS hijacking, packets.
 Supplemental Content:
Oct. 31
Denial of Service Attacks (slides)
Botnets and DDoS; SYN, ICMP, and ARP attacks.
 Supplemental Content:
Due 11/04 via Canvas
Nov. 05
Secure Authentication (slides)
Multi-factor authentication, passwords, rainbow tables.
 Supplemental Content:
  NetSec Project released
Nov. 07
Security in Practice: Tor (slides)
Privacy, anonymity, and censorship resistance.
 Supplemental Content:
  WebSec Project due by 11:59pm via Canvas
Due 11/11 via Canvas

Part 4: New Frontiers in Security

Tuesday Meeting Thursday Meeting Weekly Quiz
Nov. 12
Software Reverse Engineering (slides)
Binary disassembly, decompilation, and RE challenges.
 Supplemental Content:
Nov. 14 (guest lecture 😎)
Attacking Large Language Models (slides)
LLMs, jailbreaking, and backdoor attacks.
 Supplemental Content:
Due 11/18 via Canvas
Nov. 19
Side Channels and Hardware (slides)
Side channel attacks, hardware supply chain attacks.
 Supplemental Content:
Nov. 21
Election Cybersecurity (slides)
Computerized voting systems, attacks and defenses.
 Supplemental Content:
  Practice Exam released
Due 12/02 via Canvas
Nov. 26
No Class (Thanksgiving Break)
Nov. 28
No Class (Thanksgiving Break)
No Quiz

Part 5: Course Wrap-Up

Tuesday Meeting Thursday Meeting Weekly Quiz
Dec. 03
What's Next? Life After CS 4440 (slides)
Bug bounties, CTF, cybersecurity careers.
 Supplemental Content:
Dec. 05
Final Exam Review Session (slides)
Practice exam solutions discussed in-class.
  NetSec Project due by 11:59pm via Canvas
No Quiz

Final Exam:  Tuesday, December 10 at 1–3 PM in WEB L105