Ideas for improving the class next time
How to read this page
- Items marked ASSIGNMENT require you to hand something in. Do so by adding the relevant
files to your (or your partner's) GitHub repository and pushing to the GitHub server.
- Items marked VIDEO, READING, or TASK do not require you to hand anything in.
Do these items by the date specified, or during the week in which the video or task appears.
- Items marked "QUESTIONS DG1" (or DG2) tell you what to prepare or think about before your first
(or second) Discussion Group session in the given week.
- Tuesday due dates have a due-time of 11:59PM Central.
- Friday due dates have a due-time of 5:00PM Central.
Week 0
Things to do right away, on or before the first day of class.
Week 1
Thinking about security; setting up our tools
Week 2
TCP; HTTP; packet sniffing with wireshark; symmetric and asymmetric encryption
Week 3
encryption (symmetric and public key); key exchange; cryptographic hashes
Week 4
transport layer security (TLS); public key infrastructure (PKI); X.509 certificates
Week 5
more PKI; exam; threat modeling
- [READING/THINKING] Some study questions about Public Key Infrastructure
- [QUESTIONS DG1] (1) What are your questions about X.509 certificates, TLS, and PKI?
(2) During the second half of the class, what topics do you want to study? What security-related
stuff, day-to-day or historical or whatever, are you most curious about?
- [EXAM 11:59PM 4/28] TO BE POSTED BY 8:00AM 4/27
- [READING] "Threat modeling explained" blog post. Note the discussion
of STRIDE in particular.
- [READING] Sections 8.2 and 8.3 of Anderson's Security Engineering. Focus on the nature of security policy models,
the Bell-LaPadula model, and the Biba model.
- [READING] The CIA Triad
- [READING] Is the CIA model still relevant? (2009 blog post)
- [READING] The Parkerian Hexad
- [QUESTIONS DG2] What is a threat model, and what is it for? What are the various security
models (STRIDE, Bell-LaPadula, Biba, CIA, Parkerian Hexad) trying to get at?
- [ASSIGNMENT 4/30] (free extension to Monday May 3 8:00AM,
when I plan to start grading this one; there will be no assignment due 5/4)
A STRIDE-based threat analysis
- [EXAM due 11:59PM 4/28] I have posted the link on Slack and Moodle. Submit via Moodle as PDF file.
Week 6
midterm break; passwords; security-related laws
Week 7
ethical analysis; penetration testing
Week 8
web security
Week 9
tracking, data brokers, and data policy; security history
- [ASSIGNMENT 5/28] Security history video
- [READING 5/28] EFF's Recommendations for Consumer Data Privacy Laws
- [READING 5/28] GDPR "Principles"—make sure to click through and read about the 7 specific principles in the left-side menu, especially "Data minimisation" and "Storage limitiation"
- [QUESTIONS DG2] If you were allowed to regulate the collection, use, retention, sharing, and sale of people's personal
data, what regulations would you propose? What negative uses of data would your regulations prevent?
What positive uses of data would your regulations prevent?
Week 10
some more pen-testing; what could you study next?
- [ASSIGNMENT 7/2] (Wednesday, not Tuesday!) Pen-testing #2: Metasploit
- [VIDEO] Coming soon...a video about stuff we didn't cover in our 9.5 weeks, but that
you could look into next
- [VIDEO] (19:42) Where we've been and what you can do next
- [QUESTIONS DG1] Just show up. We'll have a little chat about my wrap-up video and anything
else that's on your minds