CS165 Spring 2025

Mar 31, Mon

Introduction: Course Overview

Apr 2, Wed

Passwords

Project 1 out

Paul van Oorschot. Tools and Jewels: Chapter 3.1-3.3 Link Additional reading: Link

Apr 4, Fri

Vulnerabilities

Vulnerability definition Link

Apr 7, Mon

Low-level program execution

Bryant and O'Hallaron. CSAPP: Chapter 3.2-3.4.3 Link

Apr 9, Wed

Low-level program execution 2

Bryant and O'Hallaron. CSAPP: Chapter 3.4.4, 3.6 Link

Apr 11, Fri

Buffer overflows

Project 1 due
Project 2 out

Aleph One. Smashing the stack for fun and profit. Link

Apr 14, Mon

Control flow hijack

Apr 16, Wed

Control flow hijack defenses

Homework 1 out

Apr 18, Fri

Return-Oriented Programming

Paul van Oorschot. Tools and Jewels. Section 6.5. Link
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). Link

Apr 21, Mon

Control flow integrity

Martin Abadi et al. Control-Flow Integrity Principles, Implementations, and Applications. Link

Apr 23, Wed

Heap attacks

Paul van Oorschot. Tools and Jewels. Section 6.4. Link

Apr 25, Fri

Attack surface and access control

Homework 1 due

Paul van Oorschot. Tools and Jewels. Section 1.7. Link

Apr 28, Mon

Access control models

Paul van Oorschot. Tools and Jewels. Section 5.2 and 5.3. Link

Apr 30, Wed

Mid-term review

Project 2 due the day before (Apr 29)

May 2, Fri

Midterm

May 5, Mon

Vulnerability discovery: fuzzing

Beginners Guide to Fuzzing: Tutorial Link
Beginners Guide to Fuzzing: Tutorial Link
American Fuzzy Lop Link

May 7, Wed

Post-midterm review

May 9, Fri

Vulnerability discovery: static analysis

May 12, Mon

Vulnerability discovery: static analysis 2

LLVM getting started Link

May 14, Wed

Cancelled due to travel

May 16, Fri

Malware

Paul van Oorschot. Tools and Jewels. Sections 7.1-7.5 Link

May 19, Mon

Case study: Android permission check analysis

Project 3 due
Project 4 out

Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. Link

May 21, Wed

File System Security

Homework 2 out

Finding Name Resolution Vulnerabilities in Programs. Link

May 23, Fri

Web Security

Paul van Oorschot. Tools and Jewels. Sections 9.1, 9.3-9.4, 9.5-9.6 Link

May 26, Mon

Holiday. No class.

May 28, Wed

Network Security

Paul van Oorschot. Tools and Jewels. Section 11. Link

May 30, Fri

Network Security 2

Paul van Oorschot. Tools and Jewels. Sections 10.1-10.2 Link

Jun 2, Mon

Network Security 3

Homework 2 due

Jun 4, Wed

Final Review

Jun 6, Fri

Final Review 2

Project 4 due

Date	Class	Calendar	Reading
Mar 31, Mon	Introduction: Course Overview
Apr 2, Wed	Passwords	Project 1 out	Paul van Oorschot. Tools and Jewels: Chapter 3.1-3.3 Link Additional reading: Link
Apr 4, Fri	Vulnerabilities		Vulnerability definition Link
Apr 7, Mon	Low-level program execution		Bryant and O'Hallaron. CSAPP: Chapter 3.2-3.4.3 Link
Apr 9, Wed	Low-level program execution 2		Bryant and O'Hallaron. CSAPP: Chapter 3.4.4, 3.6 Link
Apr 11, Fri	Buffer overflows	Project 1 due Project 2 out	Aleph One. Smashing the stack for fun and profit. Link
Apr 14, Mon	Control flow hijack
Apr 16, Wed	Control flow hijack defenses	Homework 1 out
Apr 18, Fri	Return-Oriented Programming		Paul van Oorschot. Tools and Jewels. Section 6.5. Link The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). Link
Apr 21, Mon	Control flow integrity		Martin Abadi et al. Control-Flow Integrity Principles, Implementations, and Applications. Link
Apr 23, Wed	Heap attacks		Paul van Oorschot. Tools and Jewels. Section 6.4. Link
Apr 25, Fri	Attack surface and access control	Homework 1 due	Paul van Oorschot. Tools and Jewels. Section 1.7. Link
Apr 28, Mon	Access control models		Paul van Oorschot. Tools and Jewels. Section 5.2 and 5.3. Link
Apr 30, Wed	Mid-term review	Project 2 due the day before (Apr 29)
May 2, Fri	Midterm
May 5, Mon	Vulnerability discovery: fuzzing		Beginners Guide to Fuzzing: Tutorial Link Beginners Guide to Fuzzing: Tutorial Link American Fuzzy Lop Link
May 7, Wed	Post-midterm review
May 9, Fri	Vulnerability discovery: static analysis
May 12, Mon	Vulnerability discovery: static analysis 2		LLVM getting started Link
May 14, Wed	Cancelled due to travel
May 16, Fri	Malware		Paul van Oorschot. Tools and Jewels. Sections 7.1-7.5 Link
May 19, Mon	Case study: Android permission check analysis	Project 3 due Project 4 out	Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. Link
May 21, Wed	File System Security	Homework 2 out	Finding Name Resolution Vulnerabilities in Programs. Link
May 23, Fri	Web Security		Paul van Oorschot. Tools and Jewels. Sections 9.1, 9.3-9.4, 9.5-9.6 Link
May 26, Mon	Holiday. No class.
May 28, Wed	Network Security		Paul van Oorschot. Tools and Jewels. Section 11. Link
May 30, Fri	Network Security 2		Paul van Oorschot. Tools and Jewels. Sections 10.1-10.2 Link
Jun 2, Mon	Network Security 3	Homework 2 due
Jun 4, Wed	Final Review
Jun 6, Fri	Final Review 2	Project 4 due

CS165 Computer Security