CS 4440: Introduction to Computer Security

This schedule is subject to change. Please check back frequently.

Following lecture, we recommend reviewing the provided Supplemental Content (book sections , articles , podcasts , and videos ) to further your understanding of the lecture material. To access these, toggle the ▶ button located beneath each lecture description.

Part 0: Course Intro

Course Intro schedule with Tuesday and Thursday meetings
Tuesday Meeting	Thursday Meeting	Weekly Quiz
Aug. 19 Course Intro & The Security Mindset (slides) Threats, vulnerabilities, attacks, and defenses. Supplemental Content: Schneier: The Security Mindset Wiki: VM Setup & Troubleshooting	Aug. 21 Course Setup and Python Review (slides) VM setup, Python fundamentals, debugging code. Supplemental Content: Wiki: Terminal Cheat Sheet Wiki: Python 3 Cheat Sheet Finish registering your PollEverywhere account	Due 8/25 via Canvas

Part 1: Communications Security

Communications Security schedule with Tuesday and Thursday meetings
Tuesday Meeting	Thursday Meeting	Weekly Quiz
Aug. 26 Message Integrity (slides) Kerckhoffs's principles, PRFs, hashes, MACs. Supplemental Content: Green: PRFs and PRPs Rosulek §11: Hash Functions Crypto Project released	Aug. 28 Message Confidentiality (slides) Caesar and Vigenère ciphers, cryptanalysis. Supplemental Content: Smart §3: Historical Ciphers	Due 9/01 via Canvas
Sep. 02 Improved Cipher Designs (slides) PRGs, serial and transposition ciphers, cipher metrics. Supplemental Content: Rosulek §5: Pseudo-random Generators	Sep. 04 Block Ciphers (slides) Block ciphers, DES, AES, secure channels. Supplemental Content: Green: How (Not) to Use Symmetric Encryption	Due 9/08 via Canvas
Sep. 09 Public Key Crypto (slides) Key exchange, RSA, attacks, key management. Supplemental Content: Smart §11.3: RSA Smart §14.2: Digital Signature Schemes	Sep. 11 Security in Practice: Cryptocurrency (slides) Decentralized digital currency. Supplemental Content: Mickens: Blockchains Are a Bad Idea	Due 9/15 via Canvas

Part 2: Application and Host Security

Application and Host Security schedule with Tuesday and Thursday meetings
Tuesday Meeting	Thursday Meeting	Weekly Quiz
Sep. 16 All About Applications (slides) Process execution, virtual memory, and the stack. Supplemental Content: Wiki: C Cheat Sheet Wiki: x86 Cheat Sheet AppSec Project released	Sep. 18 Attacking Applications (slides) Redirecting execution, shellcode, exploit writing. Supplemental Content: Wiki: GDB Cheat Sheet Payer §5.4: Privilege Escalation Crypto Project due by 11:59pm via Canvas	Due 9/22 via Canvas
Sep. 23 Defending Applications (slides) ASLR, DEP, and workarounds; secure coding practices. Supplemental Content: Payer §6.4: Mitigations	Sep. 25 Automated Bug Finding (slides) Fuzzing, symbolic execution, taint tracking. Supplemental Content: Payer §6.3: Testing	Due 9/29 via Canvas
Sep. 30 Access Control and Isolation (slides) Permissions, sandboxing, containers, virtual machines. Supplemental Content: Payer §2.4: Isolation	Oct. 02 Security in Practice: Malware (slides) Viruses, worms, spyware, botnets, and defenses. Supplemental Content: Darknet Diaries: Stuxnet	Due 10/13 via Canvas
Oct. 07 No Class (Fall break)	Oct. 09 No Class (Fall break)	No Quiz

Part 3: Web and Network Security

Web and Network Security schedule with Tuesday and Thursday meetings
Tuesday Meeting	Thursday Meeting	Weekly Quiz
Oct. 14 The Web Platform (slides) HTTP and HTML, cookies, JavaScript, and SQL. Supplemental Content: Wiki: SQL Cheat Sheet Wiki: HTML Cheat Sheet Wiki: JavaScript Cheat Sheet WebSec Project released	Oct. 16 Web Attacks and Defenses (slides) SQL injection, CSRF and XSS attacks, and defenses. Supplemental Content: Payer §7.1: Web Security AppSec Project due by 11:59pm via Canvas	Due 10/20 via Canvas
Oct. 21 Client-side Web Security and HTTPS (slides) Sandboxing, Same Origin Policy, SSL/TLS, certificates. Supplemental Content: Dordal §29.5: SSH and TLS	Oct. 23 Networking 101 (slides) The physical, link, network, transport, and app layers. Supplemental Content: Peterson & Davie §1.3: Architecture	Due 10/27 via Canvas
Oct. 28 Attacking Network Applications (slides) HTML injection, E-mail spoofing, DNS hijacking, packets. Supplemental Content: Tolboom §4.4: Application Layer Protocols	Oct. 30 Denial of Service Attacks (slides) Botnets and DDoS; SYN, ICMP, and ARP attacks. Supplemental Content: Dordal §17: TCP Transport Basics	Due 11/03 via Canvas
Nov. 04 Secure Authentication (slides) Multi-factor authentication, passwords, rainbow tables. Supplemental Content: Schneier: Choosing Secure Passwords UIC: Free Password Strength Tester NetSec Project released	Nov. 06 Security in Practice: Tor (slides) Privacy, anonymity, and censorship resistance. Supplemental Content: Crenshaw: Dropping Docs on Darknets WebSec Project due by 11:59pm via Canvas	Due 11/10 via Canvas

Part 4: New Frontiers in Security

New Frontiers in Security schedule with Tuesday and Thursday meetings
Tuesday Meeting	Thursday Meeting	Weekly Quiz
Nov. 11 Election Cybersecurity (slides) Computerized voting systems, attacks and defenses. Supplemental Content: EFF: Securing the Vote	Nov. 13 Side Channels and Hardware (slides) Side channel attacks, hardware supply chain attacks. Supplemental Content: Kocher: Exploiting Speculative Execution Practice Exam released	Due 11/17 via Canvas
Nov. 18 (guest lecture 😎) Attacking Cyber-physical Systems (slides) Security for cyber-physical and IoT systems. Supplemental Content: CS 5464: CPS & IoT Security (coming Fall 2026!)	Nov. 20 (guest lecture 😎) Software Reverse Engineering (slides) Binary disassembly, decompilation, and RE challenges. Supplemental Content: Lin: Binary Analysis in the Era of IoT	Due 12/01 via Canvas
Nov. 25 No Class (Thanksgiving Break)	Nov. 27 No Class (Thanksgiving Break)	No Quiz

Part 5: Course Wrap-Up

Course Wrap-Up schedule with Tuesday and Thursday meetings
Tuesday Meeting	Thursday Meeting	Weekly Quiz
Dec. 02 What's Next? Life After CS 4440 (slides) Bug bounties, CTF, cybersecurity careers. Supplemental Content: CISA's Map of U.S. Cybersecurity Careers Mickens: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?	Dec. 04 Final Exam Review Session (slides) Practice exam solutions discussed in-class. NetSec Project due by 11:59pm via Canvas	No Quiz