Course Information

  • Instructor: Sang Kil Cha
  • Time: (Tue./Thu.) 13:00 ~ 14:20
  • Location: N1 #112
  • Grading:
    • 5% Reading critique
    • 25% Homework
    • 40% Project
    • 15% Midterm
    • 15% Final

This course provides an in-depth study of attacks and defenses in software. The major themes this course will teach include memory safety vulnerabilities, control-flow hijacking, malicious software, web attacks, binary-level program analysis techniques, and software model checking. We will offer significant hands-on experience on each topic: students will work on CTF (Capture The Flag) style hacking challenges during the semester.

Late Submission Policy

Late assignments will be assessed a late penalty of 10% per day.

Final Project Report Submission Guideline

  • Submit a single ZIP file per team. The ZIP file should contain your final report (in PDF) and any code/implementation.
  • Use ACM sig proceedings templates for your final report: link
  • Maximum 6 pages (two columns).
  • It should roughly have the following format:
    • Introduction: show motivation.
    • Problem definition: what are you trying to solve? why is it important?
    • Proposed method: why is it better than the state of the art?
    • Evaluation: list of questions your experiments are designed to answer.
    • Conclusion.

Schedule

(subject to change)

Date Topic Reading Notes
03/03/2016 Introduction to software security [Thompson/CACM1984]
03/08/2016 Assembly (x86) Overview [Machine-Level Representation of Programs] HW1 out
03/10/2016 Control Hijack [Smashing The Stack for Fun and Profit]
[WYSINWYX: What You See Is Not What You eXecute]*
*Reading Critique #1
03/15/2016 Format String & Integer Overflow [Exploiting Format String Vulnerabilities]
[Basic Integer Overflows]
[Dietz/ICSE2012]
03/17/2016 Data Execution Prevention [The Advanced Return-into-Lib(c) Exploits]
[Shacham/CCS2007]*
Reading Critique #1 due
*Reading Critique #2 out
03/22/2016 ROP [Checkoway/CCS2010]
[Schwartz/USENIXSEC2011]
HW1 due
HW2 out
03/24/2016 ASLR [Shacham/CCS2004]
[ASLR Smack & Laugh Reference]
[Giuffrida/USENIXSEC2012]
Reading Critique #2 due
03/29/2016 Canary and Memory Disclosure [Cowan/USENIXSEC1998]
[Snow/Oakland2013]
[Backes/USENIXSEC2014]
03/31/2016 Modern Defenses [Davi/NDSS2015]
[Backes/CCS2014]
04/05/2016 Modern Defenses II [Crane/Oakland2015]*
*Reading Critique #3 out
04/07/2016 Type Confusion [Dewey/NDSS2012]
[Lee/USENIXSEC2015]
[Ratanaworabhan/USENIXSEC2009]
HW2 due
04/12/2016 No Class (Sang Kil out of town). Reading Critique #3 due
04/14/2016 Heap Hardening [Malloc Des-Maleficarum]
Project proposal due
04/19/2016 Midterm Overview
04/21/2016 No Class (midterm week)
04/26/2016 Midterm
04/28/2016 No Class (Meeting with instructors)
05/03/2016 Heap Hardening II [Berger/PLDI2006]
[Novark/CCS2010]
[Akritidis/USENIXSEC2010]
05/05/2016 Children's Day
05/10/2016 Runtime Monitoring [Schneider/TISSEC2000]*
[Nethercote/PLDI2007]
[Serebryany/ATC2012]
*Reading Critique #4 out
HW3 out
05/12/2016 Malware Detection [Cohen/1984]
[Wagner/CCS2002]
05/17/2016 Malware Detection II [Cha/NSDI2010]
[Forrest/Oakland1996]
Project checkpoint
Reading Critique #4 due
05/19/2016 Control Flow Integrity [Abadi/CCS2005]
[Carlini/USENIXSEC2015]
[Conti/CCS2015]
05/24/2016 Data Exploits [Chen/USENIXSEC2005]*
[Hu/USENIXSEC2015]
HW3 due
*Reading Critique #5 out
05/26/2016 Web Attacks [Bates/WWW2010]
[Barth/CCS2008]
HW4 out
05/31/2016 Symbolic Execution [Schwartz/Oakland2010]
[Cadar/CCS2006]
[Godefroid/NDSS2008]
Reading Critique #5 due
06/02/2016 Taint Analysis, Fuzzing [Rebert/USENIXSEC2014]
[Cha/Oakland2012]
HW4 due
06/07/2016 Course Wrapup
06/09/2016 Project Presentation (1) [Evaluation Sheet]
06/14/2016 Project Presentation (2)
06/16/2016 No Class (final week)
06/21/2016 Final Exam
Final Project Report Deadline