about this course

This course serves as an introduction to how security systems are broken in the real world. Topics include software flaws and reverse-engineering, protocol analysis and the misuse of cryptography, side channel attacks, and attacks on physical security measures such as locks and tamper-resistant devices.

Each week we will tackle a particular class of security problem, starting with a discussion of the theory behind each of the attacks. The bulk of the class will focus on real-life case studies; specifically, we will be interested in how each attack has been used to break deployed systems and what lessons we can learn from each failure.



The formal prequisite for the course is any of the 400-level security courses. However, any student with a background in security is welcome. If you are considering taking the course, but have not fulfilled the prerequisites, please email the instructor at astubble@ with a little about your background.

More precisely, students should have a foundation in most of the following areas:

course requirements

The course grade will be based on two take-home examinations, each approximately 3-4 hours in length. The first exam will be distributed on the second Wednesday of the course (2/4) and will be due in class the following Monday (2/9). The second (comprehensive) exam will be distributed on the last day of class (2/18) and will be due by 3:00 PM on the following Monday (2/23).

Though reading assignments from the textbook, relevant research papers, and online versions of the lecture slides will be made available, these resources are not guaranteed to cover all material presented in class. Class attendance is almost certainly a good idea.

course text

The recommended course text is Ross Anderson's Security Engineering. Suggested readings that correspond to each week's lectures are listed in the syllabus below.

For the interested student, the following books provide different treatments of many topics covered in the course:


(Papers listed in the syllabus provide extra information on attacks covered in class. They are provided for interested students, but are not required reading.)

Week 1: Software flaws and reverse engineering (Anderson, Chapter 4)
Some topics were not covered due to snow day
  • Decompilation and reverse engineering
  • Locating cryptographic operations and keys (PDF)
  • Exploiting buffer overflows (TXT)
  • Exploiting heap-based memory corruptions (TXT)
Week 2: Protocol Analysis and the Misuse of Cryptography (Anderson, Chapters 2 and 5)
  • Man-in-the-middle attacks (PS)
  • Version rollback attacks (PDF)
  • The pitfalls of nonces, sequence numbers, and time-stamps (PDF)
  • Misuse of cryptographic primitives (PDF | PDF)
  • Attacks on composition of primitives (PDF)
Week 3: Side Channel Attacks (Anderson, Chapter 15)
  • Power attacks (PDF)
  • Timing attacks (PDF)
  • TEMPEST/EM attacks (PDF)
  • Reaction attacks (PDF)
Week 4: Attacks on Physical Security (Anderson, Chapter 14)
  • Data remanence (PDF)
  • Fault injection (PDF)
  • Pin-tumbler lock-picking
  • Master keying (PDF)
Bonus Week: Full Attacks
  • Diebold Voting Systems (HTML)
  • Denial of Service via Algorithmic Complexity Attacks (HTML)


The course lectures are available as Quicktime files: