6.858 / Spring 2022

Links to notes etc. on future days are copies of materials from 2020 to give you an idea of what the future will bring. We will update the notes as the course progresses. The year of publication for class readings are shown in parentheses.

Monday Tuesday Wednesday Thursday Friday

jan 31
First day of classes feb 1
LEC 1 (nz): Introduction, threat models (2022 video, Youtube)
Assigned: Lab 1: Buffer overflows feb 2 feb 3
LEC 2 (nz): Security architecture (2022 video, Youtube)
Preparation: Read Google Infrastructure Security (2017) and optionally other details (2018) (Question) feb 4

feb 7 feb 8
LEC 3 (nz): User authentication (2022 video, Youtube)
Preparation: Read Your password doesn't matter (2019) and U2F (2016) (Question) feb 9 feb 10
LEC 4 (nz): Buffer overflow defenses (2022 video, Youtube)
Preparation: Read Baggy bounds checking (2009) + errata (Question) feb 11
DUE: Lab 1 part 1
DUE: Lab 1 part 2

feb 14 feb 15
LEC 5 (nz): Privilege separation (2022 video, Youtube)
Preparation: Read OKWS (2004) but skip section 7 (Question)
Assigned: Lab 2: Privilege separation feb 16 feb 17
REC 1: Linux Containers (2020 video)
Preparation: Read Chroot (1979), LXC, and iptables
Note: No in-person lecture; watch the video feb 18
DUE: Lab 1 all parts

feb 21
Presidents day feb 22
Monday schedule feb 23 feb 24
LEC 6 (nz): OS and VM isolation (2022 video, Youtube)
Preparation: Read Firecracker (2020) (Question) feb 25
DUE: Lab 2 part 1

feb 28 mar 1
LEC 7 (nz): Software fault isolation (2022 video, Youtube)
Preparation: Read WebAssembly (2017) (Question) mar 2 mar 3
LEC 8 (nz): Sandboxing libraries (2022 video, Youtube)
Preparation: Read RLbox (2020) (Question) mar 4
DUE: Lab 2 parts 2+3
ADD DATE

mar 7 mar 8
LEC 9 (nz): Client device security (2022 video, Youtube)
Preparation: Read iOS Security (2019), pages 1-28 (Question)
Assigned: Lab 3: Symbolic execution
Assigned: Lab 5: Final project mar 9 mar 10
LEC 10 (nz): Android security (2022 video, Youtube)
Preparation: Read Android Platform Security Model (2019) (Question) mar 11
DUE: Lab 2 all parts

mar 14 mar 15
LEC 11 (nz): Symbolic execution (2022 video, Youtube)
Preparation: Read EXE: Automatically generating inputs of death (2006) (Question) mar 16 mar 17
Quiz 1: Covers lectures 1-11 and labs 1-2
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: 2:30-4p in 26-100 mar 18
DUE: Final project proposal (if you are not doing the default project)

mar 21
Spring vacation mar 22
Spring vacation mar 23
Spring vacation mar 24
Spring vacation mar 25
Spring vacation

mar 28 mar 29
LEC 12 (nz): Web security model (2022 video, Youtube)
Preparation: Read about web security (2022) (Question) mar 30 mar 31
REC 2: Web security
Preparation: Read OWASP top 10 (2021) and Web security guidelines (2018)
Note: No in-person lecture; read through slides. apr 1
DUE: Lab 3 part 1

apr 4 apr 5
LEC 13 (nz): Network security (2022 video, Youtube)
Preparation: Read Security Problems in TCP/IP (2004) (Question)
Assigned: Lab 4: Browser security apr 6 apr 7
LEC 14 (nz): Secure channels (2022 video, Youtube)
Preparation: Read Analysis of SSL 3.0 (1996) (Question) apr 8
DUE: Lab 3 all parts

apr 11 apr 12
LEC 15 (nz): Certificates (2022 video, Youtube)
Preparation: Read SSL and HTTPS (2013) (Question) apr 13 apr 14
LEC 16 (guest): Information security in real life (Max Burkhardt) (2022 video, Youtube) apr 15
DUE: Lab 4 part 1

apr 18
Patriots day apr 19
LEC 17 (nz): Messaging security (2022 video, Youtube)
Preparation: Read Secure messaging (2015) (or extended version) (Question)
DROP DATE apr 20 apr 21
LEC 18 (guest): IoT Security: Microsoft Azure Sphere (Galen Hunt) (2022 video, Youtube)
Preparation: Read What is Azure Sphere? (2022) and optional paper (2020) apr 22
DUE: Lab 4 all parts

apr 25 apr 26
LEC 19 (guest): Anonymous communication (Nick Mathewson) (2022 video, Youtube)
Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012); optionally watch the 2014 video (Question) apr 27 apr 28
LEC 20 (nz): CPU timing attacks (2022 video, Youtube)
Preparation: Read On Spectre and Meltdown (2019) (Question) apr 29

may 2
Please complete the subject evaluation may 3
LEC 21 (guest): Hardware security (bunnie) (2022 video, Youtube)
Preparation: Read betrusted (2022) may 4 may 5
LEC 22 (guest): Zoom security (Max Krohn) (2022 video, Youtube)
Preparation: Read E2E Encryption for Zoom (2021), sections 1-3, and optionally section 4 (Question) may 6
DUE: Lab 5, or final project writeup and code

may 9 may 10
LEC 23 (students): Project presentations and reports (2022 video, Youtube)
DUE: Final project presentation
Last day of classes may 11 may 12 may 13

may 16 may 17
Final exam: Emphasis on lectures 12-22 and labs 3-4
Reference: Past quizzes, solutions
Materials: Open laptop
Time and Location: Johnson Ice Rink, 1:30-3:30pm may 18 may 19 may 20

Monday	Tuesday	Wednesday	Thursday	Friday
jan 31 First day of classes	feb 1 LEC 1 (nz): Introduction, threat models (2022 video, Youtube) Assigned: Lab 1: Buffer overflows	feb 2	feb 3 LEC 2 (nz): Security architecture (2022 video, Youtube) Preparation: Read Google Infrastructure Security (2017) and optionally other details (2018) (Question)	feb 4
feb 7	feb 8 LEC 3 (nz): User authentication (2022 video, Youtube) Preparation: Read Your password doesn't matter (2019) and U2F (2016) (Question)	feb 9	feb 10 LEC 4 (nz): Buffer overflow defenses (2022 video, Youtube) Preparation: Read Baggy bounds checking (2009) + errata (Question)	feb 11 DUE: Lab 1 part 1 DUE: Lab 1 part 2
feb 14	feb 15 LEC 5 (nz): Privilege separation (2022 video, Youtube) Preparation: Read OKWS (2004) but skip section 7 (Question) Assigned: Lab 2: Privilege separation	feb 16	feb 17 REC 1: Linux Containers (2020 video) Preparation: Read Chroot (1979), LXC, and iptables Note: No in-person lecture; watch the video	feb 18 DUE: Lab 1 all parts
feb 21 Presidents day	feb 22 Monday schedule	feb 23	feb 24 LEC 6 (nz): OS and VM isolation (2022 video, Youtube) Preparation: Read Firecracker (2020) (Question)	feb 25 DUE: Lab 2 part 1
feb 28	mar 1 LEC 7 (nz): Software fault isolation (2022 video, Youtube) Preparation: Read WebAssembly (2017) (Question)	mar 2	mar 3 LEC 8 (nz): Sandboxing libraries (2022 video, Youtube) Preparation: Read RLbox (2020) (Question)	mar 4 DUE: Lab 2 parts 2+3 ADD DATE
mar 7	mar 8 LEC 9 (nz): Client device security (2022 video, Youtube) Preparation: Read iOS Security (2019), pages 1-28 (Question) Assigned: Lab 3: Symbolic execution Assigned: Lab 5: Final project	mar 9	mar 10 LEC 10 (nz): Android security (2022 video, Youtube) Preparation: Read Android Platform Security Model (2019) (Question)	mar 11 DUE: Lab 2 all parts
mar 14	mar 15 LEC 11 (nz): Symbolic execution (2022 video, Youtube) Preparation: Read EXE: Automatically generating inputs of death (2006) (Question)	mar 16	mar 17 Quiz 1: Covers lectures 1-11 and labs 1-2 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: 2:30-4p in 26-100	mar 18 DUE: Final project proposal (if you are not doing the default project)
mar 21 Spring vacation	mar 22 Spring vacation	mar 23 Spring vacation	mar 24 Spring vacation	mar 25 Spring vacation
mar 28	mar 29 LEC 12 (nz): Web security model (2022 video, Youtube) Preparation: Read about web security (2022) (Question)	mar 30	mar 31 REC 2: Web security Preparation: Read OWASP top 10 (2021) and Web security guidelines (2018) Note: No in-person lecture; read through slides.	apr 1 DUE: Lab 3 part 1
apr 4	apr 5 LEC 13 (nz): Network security (2022 video, Youtube) Preparation: Read Security Problems in TCP/IP (2004) (Question) Assigned: Lab 4: Browser security	apr 6	apr 7 LEC 14 (nz): Secure channels (2022 video, Youtube) Preparation: Read Analysis of SSL 3.0 (1996) (Question)	apr 8 DUE: Lab 3 all parts
apr 11	apr 12 LEC 15 (nz): Certificates (2022 video, Youtube) Preparation: Read SSL and HTTPS (2013) (Question)	apr 13	apr 14 LEC 16 (guest): Information security in real life (Max Burkhardt) (2022 video, Youtube)	apr 15 DUE: Lab 4 part 1
apr 18 Patriots day	apr 19 LEC 17 (nz): Messaging security (2022 video, Youtube) Preparation: Read Secure messaging (2015) (or extended version) (Question) DROP DATE	apr 20	apr 21 LEC 18 (guest): IoT Security: Microsoft Azure Sphere (Galen Hunt) (2022 video, Youtube) Preparation: Read What is Azure Sphere? (2022) and optional paper (2020)	apr 22 DUE: Lab 4 all parts
apr 25	apr 26 LEC 19 (guest): Anonymous communication (Nick Mathewson) (2022 video, Youtube) Preparation: Read Tor (2004) and blog posts 1, 2, and 3 (2012); optionally watch the 2014 video (Question)	apr 27	apr 28 LEC 20 (nz): CPU timing attacks (2022 video, Youtube) Preparation: Read On Spectre and Meltdown (2019) (Question)	apr 29
may 2 Please complete the subject evaluation	may 3 LEC 21 (guest): Hardware security (bunnie) (2022 video, Youtube) Preparation: Read betrusted (2022)	may 4	may 5 LEC 22 (guest): Zoom security (Max Krohn) (2022 video, Youtube) Preparation: Read E2E Encryption for Zoom (2021), sections 1-3, and optionally section 4 (Question)	may 6 DUE: Lab 5, or final project writeup and code
may 9	may 10 LEC 23 (students): Project presentations and reports (2022 video, Youtube) DUE: Final project presentation Last day of classes	may 11	may 12	may 13
may 16	may 17 Final exam: Emphasis on lectures 12-22 and labs 3-4 Reference: Past quizzes, solutions Materials: Open laptop Time and Location: Johnson Ice Rink, 1:30-3:30pm	may 18	may 19	may 20