IS-561

Course Information

  • Instructor: Sang Kil Cha
  • Time: (Mon./Wed.) 9:00 ~ 10:30
  • Location: N1 #112
  • TAs:
    • 김수민
    • 정민규
    • 정윤종
    • 한형석
  • Grading:
    • 20% Homework
    • 45% Project
    • 15% Midterm
    • 20% Final

This course provides an in-depth study of attacks and defenses in software. The major themes this course will teach include memory safety vulnerabilities, control-flow hijacking, malicious software, and binary-level program analysis techniques. We will offer significant hands-on experience on each topic: students will work on CTF (Capture The Flag) style hacking challenges during the semester.

Late Submission Policy

Late assignments will be assessed a late penalty of 10% per day.

Final Project Report Submission Guideline

  • Submit a single ZIP file per team. The ZIP file should contain your final report (in PDF) and any code/implementation.
  • Use ACM sig proceedings templates for your final report: link
  • Maximum 6 pages (two columns).
  • It should roughly have the following format:
    • Introduction: show motivation.
    • Problem definition: what are you trying to solve? why is it important?
    • Proposed method: why is it better than the state of the art?
    • Evaluation: list of questions your experiments are designed to answer.
    • Conclusion.

Schedule

(subject to change)

Date Topic Reading Notes
08/27/2018 Introduction to software security [Thompson/CACM1984]
08/29/2018 Assembly (x86) Overview [Machine-Level Representation of Programs] HW1 out
09/03/2018 Control Hijack [Smashing the Stack for Fun and Profit]
[WYSINWYX: What You See Is Not What You eXecute]
09/05/2018 Format String & Integer Overflow [Exploiting Format String Vulnerabilities]
[Basic Integer Overflows]
[Dietz/ICSE2012]
09/10/2018 Data Execution Prevention [The Advanced Return-into-Lib(c) Exploits]
[Shacham/CCS2007] 		Project team/topic selection due
09/12/2018 ROP [Checkoway/CCS2010]
[Schwartz/USENIXSEC2011] 		HW1 due
09/17/2018 ASLR [Shacham/CCS2004]
[Giuffrida/USENIXSEC2012] 		HW2 out
09/19/2018 Canary and Memory Disclosure [Snow/Oakland2013]
[Backes/USENIXSEC2014] 		Project proposal due
09/24/2018 (추석) Chuseok
09/26/2018 (추석) Chuseok
10/01/2018 Modern Defenses [Davi/NDSS2015]
[Backes/CCS2014]
[Braden/NDSS2016]
[Crane/Oakland2015]
 Project checkpoint (10/5)
10/03/2018 (개천절) National Foundation Day HW2 due
10/08/2018 Runtime Monitoring [Schneider/TISSEC2000]
[Nethercote/PLDI2007]
[Serebryany/ATC2012]
[Han/NDSS2018]
10/10/2018 Midterm Overview
10/11/2018 Midterm (Location N1 #112) 18:00-21:00
10/17/2018 No Class (midterm week)
10/22/2018 Project midterm presentation
10/24/2018 Control Flow Integrity [Abadi/CCS2005]
[Carlini/USENIXSEC2015]
[Conti/CCS2015]
10/29/2018 Type Confusion [Lee/USENIXSEC2015]
[Ratanaworabhan/USENIXSEC2009]
10/31/2018 Heap Hardening [Malloc Des-Maleficarum]
[Berger/PLDI2006]
[Akritidis/USENIXSEC2010]
[Novark/CCS2010]
[Silvestro/USENIXSEC2018]
 Project midterm report due
11/05/2018 Obfuscation [Linn/CCS2003]
[Kruegel/USENIXSEC2004]
[Yadegari/Oakland2015]
 HW3 out
11/07/2018 Malware and Platform-Independent Programs [Cha/CCS2010]
11/12/2018 Data Exploits [Chen/USENIXSEC2005]
[Hu/USENIXSEC2015]
 Project checkpoint
11/14/2018 CTF [Wi/USENIXASE2018]
11/19/2018 Symbolic Execution, Taint Analysis [Schwartz/Oakland2010]
[Cadar/CCS2006]
[Godefroid/NDSS2008]
[Kang/NDSS2011]
11/21/2018 Fuzzing [Cha/Oakland2012]
[Woo/CCS2013]
[Li/FSE2017]
 HW3 due (11/25)
11/26/2018 Final Remark
11/28/2018 No Class (Undergraduate Admission)
12/03/2018 Project Presentation (1)
12/05/2018 Project Presentation (2) [Final Presentation Guideline]
12/10/2018 Final Exam 09:00-11:45
12/12/2018 No Class (Final week) Final report due (12/14)

Copyright © SoftSec Lab all rights reserved.