CS456/556 Schedule

Calendar feed: https://www.flyn.org/courses/cs456/schedule.ics
Date
Subject
Due
Read before class
Assigned
Tuesday, Sep 8 Introduction Aquinas computer, unix, git, and man
Thursday, Sep 10 The C Programming Language; C Security Engineering Ch. 1 Aquinas hello in C, printf in C, and arrays in C
Tuesday, Sep 15 Bugs and vulnerabilities; definitions risk Aquinas git, hello in C, printf in C, and arrays in C Security Engineering § 27.5.7 Aquinas network in C (or Go or Python) and overflow in C (or Go or Python)
Thursday, Sep 17 Vulnerabilities; vuln
Tuesday, Sep 22 Security principles; secprin Aquinas network in C (or Go or Python) and overflow in C (or Go or Python) Seven Pernicious Kingdoms and § 1.A of The Protection of Information in Computer Systens Aquinas secprin
Thursday, Sep 24 Security principles applied; secprin-applied
Tuesday, Sep 29 Building, harnessing, and fuzzing; fuzzing Aquinas secprin How to Read a Paper and The Art, Science, and Engineering of Fuzzing: A Survey Aquinas fuzz in C (or Go or Java or Python)
Thursday, Oct 1 System calls and kernel mediation; syscall
Tuesday, Oct 6 Review Aquinas fuzz in C (or Go or Java or Python)
Thursday, Oct 8 Exam 1
Tuesday, Oct 13 Memory errors; memory-errors Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation Aquinas valgrind in C
Thursday, Oct 15 Valgrind; valgrind
Tuesday, Oct 20 Exploitation; exploit Aquinas valgrind in C Smashing the Stack for Fun and Profit Aquinas smash in C, syscall in AMD64, shellcode in C, e.c.: nop in C, and e.c.: rop in C (You can elect to solve all but syscall in any supported language.)
Thursday, Oct 22 Code injection; injection
Tuesday, Oct 27 Access controls; unix-access-controls Aquinas smash in C, syscall in AMD64, and shellcode in C Some thoughts on security after ten years of qmail 1.0 Aquinas selinux
Thursday, Oct 29 SELinux; selinux
Tuesday, Nov 3 Cryptographic primitives; crypto Aquinas selinux Aquinas tweetnacl in C
Thursday, Nov 5 Cryptographic systems; crypto2
Tuesday, Nov 10 API abuse: TLS; api-abuse Aquinas tweetnacl in C The Most Dangerous Code in the World
Thursday, Nov 12
Tuesday, Nov 17 Review
Thursday, Nov 19 Exam 2
Tuesday, Nov 24 No class meeting
Thursday, Nov 26 Thanksgiving
Tuesday, Dec 1 LangSec and parsers Exploit Programming TBP: Parsers
Thursday, Dec 3
Tuesday, Dec 8 Concurrency bugs TBP: Parsers TBP: Concurrency
Thursday, Dec 10
Tuesday, Dec 15 Review TBP: Concurrency
Monday, Dec 21 Final exam: 2:30–4:30 a.m.