O you possessed of sturdy intellects, observe the teaching that is hidden here beneath the veil of verses so obscure.
—Dante Alighieri, Inferno IX:61–63, trans. A. Mandelbaum
This page contains links to lecture notes, class lecture slides, and related reading material. Lecture slides are in Adobe PDF format. The slides here will generally be a superset of the material presented in class, with extra annotations and, in some cases, additional pages for clarity.
Please let me know if you find any errors or unclear wording. Any corrections will be most appreciated.
Week 1 Introduction to Computer Security
Topics
- Confidentiality, integrity, availability
- Threat models and security mindset
- Trusted computing base
Lecture Notes Notes
- Foundations of Computer Security
- Threats, Vulnerabilities, and Attacks
- Adversaries and Cyber Warfare
- Tracking Vulnerabilities and Risks
Lecture Slides
Terms You Should Know Terms
Week 2 Cryptography
Topics
- Symmetric cryptography basics and principles
- Modern ciphers: DES, AES, ChaCha20
- Block modes: ECB, CBC, CTR
- Cryptanalysis: frequency, differential, linear
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 3 Integrity
Topics
- Asymmetric cryptography and key exchange: RSA, ECC, Diffie-Hellman, hybrid systems, forward secrecy
- Quantum threats and post-quantum cryptography standards
- Integrity mechanisms: cryptographic hashes, MACs, digital signatures, certificates
- Code signing and software integrity verification
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 4 Authentication
Topics
- Authentication methods: passwords, tokens, multi-factor, biometrics, risk-based authentication
- Biometric authentication: modalities, accuracy metrics, spoofing attacks, data breaches
- CAPTCHA: history, design, bypass techniques, AI challenges, emerging defenses
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 5 Bitcoin and blockchains
Topics
- Hash pointers, Merkle trees, and tamper-evident data structures
- Bitcoin design: decentralized ledger, transactions, and mining
- Proof of Work, difficulty adjustment, and 51% attacks
- Privacy, security, centralization risks, and real-world cryptocurrency incidents
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 6 Access control
Topics
- Access control concepts: protection, domains, access control matrices, ACLs, capabilities
- POSIX permissions, ACL extensions, setuid/setgid, least privilege, privilege separation
- Mandatory Access Control: DAC vs MAC, Bell-LaPadula, multilevel and multilateral security
- Advanced models: Type Enforcement, RBAC, Biba, Chinese Wall, SELinux
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 7 Memory Exploits and Code Injection
Topics
- Injection attacks: command, SQL, and code injection fundamentals
- Exploitation techniques: unsanitized input, shell metacharacters, path traversal
- Mitigations: input validation, escaping, parameterized queries, safe APIs
- Environment-based attacks: LD_PRELOAD, DLL sideloading, and interpreter abuse
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 8 Command Hijacking & Containment
Topics
- Command, SQL, and code injection vulnerabilities and mitigations
- Path traversal, path equivalence, Unicode parsing, and file parsing flaws
- Environment variable abuse, library hijacking, and function interposition
- TOCTTOU race conditions, mktemp attacks, and file descriptor exploits
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 9 Malware
Topics
- Malware types and components: viruses, worms, trojans, backdoors, rootkits
- Infiltration methods: exploits, infected media, supply chain attacks, social engineering
- Evasion and persistence: packing, polymorphism, sandbox detection, covert channels
- Detection and defense: signature scanning, heuristic analysis, behavioral monitoring
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 10 Network Security
Topics
- Link layer attacks: CAM overflow, VLAN hopping, ARP poisoning, DHCP spoofing
- IP and TCP/UDP threats: spoofing, DoS, SYN floods, routing attacks
- BGP hijacking and defenses: RPKI, BGPsec, notable real-world incidents
- DNS vulnerabilities: cache poisoning, pharming, rebinding, DNSSEC defenses
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 11 Network Security: Secure Communication
Topics
- DDoS fundamentals: flooding, amplification, reflection, and record-breaking attacks
- Botnets and command-and-control infrastructure for large-scale attacks
- TLS: authentication, confidentiality, integrity
- VPN protocols: OpenVPN, IPsec, WireGuard, tunneling, and encryption methods
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 12 Network Protection, Web Security
Topics
- Firewalls: NAT, packet filtering, stateful inspection, DPI, IDS/IPS, Zero Trust
- Web security: same-origin policy, CORS, cookies, CSRF, XSS, clickjacking, typosquatting
Lecture Notes Notes
Lecture Slides
Terms You Should Know Terms
Week 13 Hiding Things
Topics
- Steganography and watermarking: techniques, goals
- Digital watermarking in AI-generated, C2PA
- Anonymous communication: Tor, I2P, dark web, and covert channels
- Mesh networking for censorship resistance and offline communication