Security 2

Welcome to the first edition of the course!

Important Announcement

A new lecture on frames is now online and linked below. We will make an experiment for the upcoming lectures: having them via conference call, using Google Meet. In the meanwhile, I have created a Slack channel to simplify communication. If you need an invitation link to Slack, please send me an email.


  • 13 Mar 2020: Second assignment is out (trivia)
  • 20 Feb 2020: First assignment is out (obxssession)
  • 20 Feb 2020: The submission platform is online!
  • 06 Feb 2020: The course has started!

Lectures: Web Security

  1. The web platform
  2. Session management
  3. Same Origin Policy
  4. Cross Site Scripting
  5. Lab class: XSS Game
  6. Cross Site Request Forgery
  7. Online class: XSSI (video) and CSRF lab
  8. Online class: Content Security Policy (video)
  9. Online class: frames (video)
  10. HTTPS and TLS
  11. Server-side security (with video)
  12. Server-side security lab
  13. More server-side security (with video)
  14. Server-side security lab

Lectures: Formal Methods

  1. Access control verification (with video)
  2. ARBAC verification lab (challenge)
  3. Structural operational semantics (with video)
  4. Information flow control (with video)
  5. Declassification (with video)
  6. IFC lab class
  7. Cryptographic protocols (with video)
  8. Security properties (with video)
  9. ProVerif (with video)
  10. ProVerif lab