CS166/CS162

Lectures

Date	Topic	Lecturer
Jan 24	Introduction to Security, Cryptography I Resources	Roberto, Zach^2
Textbook chapters: 1.1, 1.3.1, 1.3.3, 8.1.1, 8.1.2, 8.1.3, 8.1.6
Jan 29	Cryptography II Resources	Roberto
Textbook chapters: 1.3.4, 8.1.4, 8.1.7, 8.3
Jan 31	Cryptography III Resources	Roberto, Zach K
Textbook chapters: 1.3.2, 1.3.5, 8.2.1, 8.2.2, 8.4 (except 8.4.2), 7.1.2
Feb 5	Physical Security Resources	Roberto
Textbook chapters: 1.2, 2.1, 2.2, 2.6, 9.1
Feb 7	Web Security I: Web Technology Resources	Roberto, Linda
Textbook chapters: 7.1, 7.2.3
Feb 12	Web Security II: Session Management and CSRF Resources	Roberto, Olivia
Textbook chapters: 7.1.4, 7.2.1, 7.2.7. OWASP Cross-Site Request Forgery Prevention Cheat Sheet
Feb 14	Web Security III: SQLI and XSS Resources	Roberto
Textbook chapters: 7.2.6, 7.3.3. OWASP SQL Injection Prevention Cheat Sheet. OWASP XSS Prevention Cheat Sheet
Feb 19	Long Weekend (No Class)

Feb 21	Web Security IV: Web Attacks	Roberto

Feb 26	Passwords Resources	Zach^2
Textbook Chapters: 1.4.2
Feb 28	Multi-Factor Authentication Resources	Roberto
Textbook Chapters: 2.3.3 Nethanel Gelernter, Senia Kalma, Bar Magnezi, Hen Porcilan: The Password Reset MitM Attack. IEEE Symp. on Security and Privacy, 2017.
Mar 5	OS Security Resources	Roberto, Kimberly
Textbook Chapter 3 Kevin Du, Race Condition Vulnerability, Lecture Notes Drew Dean, Alan J. Hu: Fixing Races for Fun and Profit: How to Use access (2). USENIX Security, 2004 Dan Tsafrir, Tomer Hertz, David Wagner, Dilma Da Silva: Portably Solving File TOCTTOU Races with Hardness Amplification. USENIX File and Storage Technologies, 2008
Mar 7	Malware Resources	Roberto
Textbook Chapter 4 Symantec, Internet Security Threat Report, March 2018
Mar 12	Storage Encryption Resources	Roberto
Textbook: Section 9.7 A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, E. W. Felten: Lest We Remember: Cold Boot Attacks on Encryption Keys. USENIX Security 2008 B. Schneier. “Evil Maid” Attacks on Encrypted Hard Drives. Schneier on Security, 2009
Mar 14	SSL/TLS Resources	Roberto
Textbook: Sections 7.1.2, 8.2.4 SSL patent RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 (2008) Logjam attack
Mar 19	Networks I: Intro to Networks Resources	Roberto
Textbook: Sections 5.1, 5.2.1, 5.2.2, 5.3.1, 5.3.2
Mar 21	Networks II: ARP, IP, TCP, UDP Resources	Roberto
Textbook: Sections 5.2.3, 5.3.3, 5.3.4, 5.4.1, 5.4.2, 5.5.3
Mar 26	Spring Recess (No Class)

Mar 28	Spring Recess (No Class)

Apr 2	Networks III: DNS Resources	Roberto
Textbook: 6.1
Apr 4	Social Engineering Resources	Ernesto Zaldivar
The following site provides an overview of social engineering techniques: The Social Engineering Framework The news article and judicial opinion below address legal issues related to security breaches: U.S. Top Court Rejects Shoe Retailer Zappos Appeal in Data Breach Case, New York Times, March 25, 2019 Opinion by Judge Friedland on the Zappos customer data security breach litigation, US Court of Appeals for the Ninth Circuit, 2018 The following report overviews cybersecurity insurance: US Cyber Market Update, Aon, 2018
Apr 9	Gaming Security	Don Stanford

Apr 11	Cloud Security	Roberto

Apr 16	Blockchains and Cryptocurrencies	Roberto

Apr 18	Security of Machine Learning Resources	Roberto, Kimberly, Zach K
Here are some of the papers cited in the lecture: Overview of Adversarial Machine Learning Differential Privacy Primer
Apr 23	Anonymization Networks	Megumi Ando, Olivia

Apr 25	Computer Security for Victims of Intimate Partner Violence Resources	Thomas Ristenpart
Home page of Thomas Ristenpart Publications by the Intimate Partners Violence Tech Research Group

CS166 / CS162

Computer Systems Security

Lectures

Date

Topic

Lecturer