EECS 765, Spring 2026

Introduction to Cryptography and Computer Security

Course Goals

The overall goal of the course is to provide a solid theoretical foundation and hands-on experience in applying the theory to practice for cryptography, computer and communication security. The course materials cover common attack techniques, application of cryptography in security, authentication and authorization, network security, enterprise network defense, web security, and economics of cybersecurity. Besides the mechanisms for enhancing security that will be taught, a significant part of the course is dedicated to discussions on how design flaws in a system can be exploited to compromise security and, in general, the circumstances that lead to things going wrong. Students will have the opportunity to work on course projects that cover both the defense and offense aspects in the cyber space. Interesting research topics may be derived from course projects.

Course Schedule

Updated on a regular basis. Use your KU Online ID (all numeric is not correct) and password to access the slides and other materials.

Jan 20, 2026	Lecture 1	Introduction Supplemental readings: (Optional) Textbook: M. Bishop. 2019. Computer Security, 2nd Edition - Chapter 1	video, slides
Jan 22, 2026	Lecture 2	Buffer Overflow Exploit The source code getscore.c The sample score file score.txt Supporting older ciphers, key exchange protocols, and MACs on newer SSH clients. Virtual machine used in the demonstration redhat8. Supplemental readings: Unix - File Permission / Access Modes. Unix Permissions Calculator. (Optional) Textbook: M. Bishop. 2019. Computer Security, 2nd Edition - Appendix D	video, slides
Jan 27, 2026	Lecture 3	Buffer Overflow Exploit (continued) Supplemental readings: OS and function call primer slides. Setuid demystified.	video
Jan 29, 2026	Programming Assignment 1 (Lecture 4)	Remote Buffer Overflow Attack If you choose to use a host in 2003 Eaton for PA1, please see Using Clonezilla (Contact Bryan if you need help with setting up your PA1 environment)	pa1, video
Feb 3, 2026	Lecture 5	Mitigation of Buffer Overflow Exploits Due to a technical glitch, the video has no sound.	video, slides
Feb 5, 2026	Lecture 6	Mitigation of Buffer Overflow Exploits (continued) Reading Assignment Presentations Reading Assignment Evaluation Sheet Reading assignment 1 (Presentation 1, Presentation 2, Presentation 3): The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). Reading Assignment 2 (Presentation 4, Presentation 5, Presentation 6): Hacking Blind. Supplemental readings: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. Bypassing stackguard and stackshield. Getting around non-executable stack (and fix). The advanced return-into-lib(c) exploits: PaX case study. Install-time Vaccination of Windows Execs to Defend Against Stack Smashing Attacks. x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique. defeating compiler-level buffer overflow protection.	video, slides
Feb 10, 2026	Lecture 7	Basic Cryptography Reading assignment 3 (Presentation 7, Presentation 8, Presentation 9): Framing Signals - A Return to Portable Shellcode. Reading Assignment 4 (Presentation 10, Presentation 11, Presentation 12): ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks. Supplemental readings: (Optional) Textbook: M. Bishop. 2019. Computer Security, 2nd Edition - Chapter 10	video, slides
Feb 12, 2026	Lecture 8	Authentication and Authorization Supplemental readings: (Optional) Textbook: M. Bishop. 2019. Computer Security, 2nd Edition - Chapter 13	video, slides
Feb 17, 2026	Programming Assignment 2 (Lecture 9)	Windows Remote Buffer Overflow Attack Reading assignment 5 (Presentation 13, Presentation 14, Presentation 15): Modeling and Discovering Vulnerabilities with Code Property Graphs. Reading Assignment 6 (Presentation 16, Presentation 17, Presentation 18): How to Make ASLR Win the Clone Wars: Runtime Re-Randomization. Reading Assignment 7 (Presentation 19, Presentation 20, Presentation 21): Shuffler: fast and deployable continuous code re-randomization.	pa2, video, slides
Feb 19, 2026	Lecture 10	Practical Authentication Protocols Updated information about the "Reading Assignment Presentations" (see slides) Supplemental readings: Secure Shell Protocol	video, slides
Feb 24, 2026	Lecture 11	Man-in-the-Middle Attacks Reading assignment 8 (Presentation 22, Presentation 23, Presentation 24, and Presentation 25): FuzziFication: Anti-Fuzzing Techniques	video, slides
Feb 26, 2026	Homework 1 (Lecture 12)	Authentication in a Distributed Environment (Kerberos) Supplemental readings: Kerberos: An Authentication Service for Computer Networks On the Origin of Kerberos Limitations of the Kerberos authentication system	hw1, video, slides
Mar 3, 2026	Presentations (Lecture 13)	Reading Assignment Presentations: Reading Assignment 1 (Presentation 1, Presentation 2, Presentation 3) Reading Assignment 2 (Presentation 4, Presentation 5, Presentation 6)
Mar 5, 2026	Presentations (Lecture 14)	Reading Assignment Presentations: Reading Assignment 3 ( Presentation 7, Presentation 8, Presentation 9) Reading Assignment 4 ( Presentation 10, Presentation 11, Presentation 12)
Mar 10, 2026	Final Report (Lecture 15)	Public-Key Infrastructure (PKI) Final Report - Requirements, Guidelines, and Example Topics Report Topics Due: March 26, 2026 Final Report Due: May 7, 2026 Supplemental readings: Peter Gutmann's article on X.509 and his slides Comodo, Diginotar Attacks Expose Crumbling Foundation of CA System. Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1 (Optional) Textbook: M. Bishop. 2019. Computer Security, 2nd Edition - Chapters 11.4 and 11.5	video, slides
Mar 12, 2026	Lecture 16	Introduction to Network Security Supplemental readings: (Optional) Textbook: M. Bishop. 2019. Computer Security, 2nd Edition - Chapter 28 ARP Poisoning Attack IP Spoofing Attack	video, slides
Mar 16-20, 2026	Spring Break (No Lectures)	Enjoy the break!
Mar 24, 2026	Programming Assignment 3 (Lecture 17)	Heap Buffer Overflow Attacks Source code: heap.c Exploit code: heap_exploit.c Supplemental readings: PLT and GOT Heap overflows outdated? See DejaBlue Vulnerabilities	pa3, video, slides
Mar 26, 2026	Lecture 18	DNS Security Supplemental readings: Security Engineering (2nd edition) by Ross Anderson - Chapter 3: Protocols. Digging Up Dirt in the DNS Hierarchy. Ron Aitchison, Linux Journal, 2008. Part I, Part II. It's the End of the Cache as We Know It Dan Kaminsky, Black Hat USA 2008. Video. DNS Poisoning: Developments, Attacks and Research Directions, David Dagon. USENIX Security 2008. (The slides and audio of the presentation can be found on Thursday's panel "Setting DNS's Hair on Fire".) DANE: Taking TLS Authentication to the Next Level Using DNSSEC Some interesting DNSSEC deployment issues Do you have DNSSEC validation enabled?	video, slides
Mar 31, 2026	Lecture 19	No in-class lecture due to the Cybersecurity Intelligence Conference. Please see the conference webpage for more details.
Apr 2, 2026	Lecture 20	Windows Exception Overwrite Attack Supplemental readings: All Your iFRAMEs Point to Us AEG: Automatic Exploit Generation	video, slides
Apr 7, 2026	Programming Assignment 4 (Lecture 21)	Windows Exception Overwrite Attack (continued)	pa4, video, slides
Apr 9, 2026	Lecture 22	Firewalls No in-class lecture, please watch the recorded lecture
Apr 14, 2026	Lecture 23	Return Oriented Programming (ROP)
Apr 16, 2026	Programming Assignment 5 (Lecture 24)	ROP and Heap Spray
Apr 21, 2026	Presentations (Lecture 25)	Reading Assignment Presentations: Reading Assignment 5 (Presentation 13, Presentation 14, Presentation 15) Reading Assignment 6 (Presentation 16)
Apr 23, 2026	Presentations (Lecture 26)	Reading Assignment Presentations: Reading Assignment 6 (Presentation 17, Presentation 18) Reading Assignment 7 (Presentation 19, Presentation 20)
Apr 28, 2026	Homework 2 (Lecture 27)	Software Vulnerabilities
Apr 30, 2026	Presentations (Lecture 28)	Reading Assignment Presentations: Reading Assignment 7 (Presentation 21) Reading Assignment 8 (Presentation 22, Presentation 23, Presentation 24)
May 5, 2026	Lecture 29	Final Exam Review
May 7, 2026	Lecture 30	Advice and Q&A
May 14, 2026	Final Exam	In-person exam Thursday (May 14) at 10:30am in 2003 Eaton Hall	KU-finals-schedule

Instructor and Course Meeting Times

Lectures	Tuesday & Thursday 11:00am - 12:15pm, 2003 Eaton Hall
Instructor	Alex Bardas Office Hours: Tuesday and Thursday 12:30pm - 1:30pm in 2040 Eaton Hall (Email appointment is needed to schedule a meeting over Zoom) : `alexbardas ku edu`
Graduate Teaching Assistant	Bryan Richlinski Office Hours: Wednesday 9:30am - 10:30am and Friday 12pm - 1pm in 2003 Eaton Hall (Email appointment is needed to schedule a meeting over Zoom) : `b748r023 ku edu`

Syllabus

The syllabus is available through Simple Syllabus: EECS 765 Syllabus (Spring 2026). Check the syllabus frequently since its content is subject to change throughout the semester.
Announcements: You are responsible for all announcements we make during the lectures, over Canvas, and/or email. Announcements may include information about assignments, changes in the syllabus, etc.

Acknowledgments

The course materials are adapted from a previous version of the course taught by Xinming (Simon) Ou together with Xiaolong (Daniel) Wang. Some additional materials are adapted from the BlackHat Exploit Laboratory (thanks to Saumil Shah and S.K. Chong who kindly permit the use of their materials).