CS 361s: Network Security and Privacy

Navigation:

Class info

Room: BUR 220
Time:
  • Mon / Weds
    11:00 - 12:15

Instructor

Oliver Jensen

Email: ojensen at cs.utexas.edu
Office: BUR 220
Office Hours:
  • Mon / Weds
    12:15 - 13:00

TA

Dillon Caryl

Email: dcaryl at hotmail.com
Office: GDC 4.408E
Office Hours:
  • Tues
    11:00 - 12:00

New to Javascript?

If you lack familiarity with JavaScript, I strongly recommend not taking this class. Javascript is a necessary pre-requisite so proceed in this class at your own risk. That said, other students have found the following resources helpful:

Schedule

(tentative)
Date Topic Reading and assignmentsassign. Notes
Jan 18 Course logistics and introduction Kaufman 1.5
Start reading Smashing the stack for fun and profit 		[GDOC]
Jan 23 Passwords, security questions, challenge-response Read Kaufman 9.1-2, 10, 11.1-2, and 12.2 [GDOC]
Jan 25 Cryptographic hash functions Read Kaufman 5.1-2 and 5.6-7 [GDOC]
Jan 30 Biometrics (none) [GDOC]
Feb 01 Phishing (none) [GDOC]
Feb 06 Web security model
Homework 1 assigned
Read Rootkits for JavaScript environments and Beware of finer-grained origins 		[GDOC]
Feb 08 Web authentication and session management Read Kaufman chapter 25 and Dos and don'ts of client authentication [GDOC]
Feb 13 Cross-site request forgery, SQL injection, cross-site scripting Read Robust defenses for cross-site request forgery, Advanced SQL Injection, Cross site scripting explained, and Postcards from the post-XSS world [GDOC]
Feb 15 Clickjacking
(Lecture by Dillon)		 Read Next generation clickjacking and Clickjacking: attacks and defenses [PDF] [ODP]
Feb 20 Logic flaws in Web applications (none)
Feb 22 Online tracking Read Third-party web tracking and Cookieless Monster. [GDOC]
Feb 27 Symmetric encryption
Project 1 assigned
See also: VM Setup Guide
Read Kaufman 2.1-4 and 4.2 		[PDF] [ODP]
Mar 01 Kerberos Read Kaufman 13 and 14, and Designing an authentication system. [PDF] [ODP]
Mar 06 Midterm
(download)
Mar 08 Side-channel attacks: acoustics and reflections (none) [PDF] [ODP]
Mar 13 Spring Break (none)
Mar 15 Spring Break (none)
Mar 20 No class (none)
Mar 22 Memory corruption attacks Read Smashing the stack, Once upon a free() and Exploiting format string vulnerabilities [PDF] [ODP]
Mar 27 Defenses against memory attacks
Project 2 assigned
Actually read those papers from last time. Seriously.
Mar 29 Viruses and rootkits (none) [GDOC]
Apr 03 Spam
Project 2 part 1 due
(none) 		[GDOC]
Apr 05 Attacks on TCP/IP, DNS, BGP
and Denial of Service		 Read SYN cookies, IP spoofing demystified, It's the end of the cache as we know it [PDF] [ODP]
Apr 10 Worms and botnets
Project 2 part 2 due
(none) 		[GDOC]
Apr 12 Stuxnet
Homework 2 assigned
Read Stuxnet dossier 		[PDF] [ODP]
Apr 17 Firewalls and intrusion detection Read Kaufman 23 [PDF] [ODP]
Apr 19 Stream ciphers
Attacks on 802.11b/WEP, CSS, MIFARE		 (none) [PDF] [ODP]
Apr 24 Public-key cryptography
Homework 3 assigned
Read Kaufman 6.1-6 		[PDF] [ODP]
Apr 26 SSL and certificates Read Kaufman 15.1-7 and 19 [PDF] [ODP]
May 01 Wrap up SSL
Homework 3 due (no late days)
(none)
May 03 In-class Final (download)