Course Information

  • Instructor: Sang Kil Cha
  • Time: (Mon./Wed.) 9:00 ~ 10:30
  • Location: N5 #2243
  • TAs:
    • 박민준
    • 위성일
    • 이병학
  • Grading:
    • 20% Homework
    • 45% Project
    • 15% Midterm
    • 20% Final

This course provides an in-depth study of attacks and defenses in software. The major themes this course will teach include memory safety vulnerabilities, control-flow hijacking, malicious software, and binary-level program analysis techniques. We will offer significant hands-on experience on each topic: students will work on CTF (Capture The Flag) style hacking challenges during the semester.

Late Submission Policy

Late assignments will be assessed a late penalty of 10% per day.

Final Project Report Submission Guideline

  • Submit a single ZIP file per team. The ZIP file should contain your final report (in PDF) and any code/implementation.
  • Use ACM sig proceedings templates for your final report: link
  • Maximum 6 pages (two columns).
  • It should roughly have the following format:
    • Introduction: show motivation.
    • Problem definition: what are you trying to solve? why is it important?
    • Proposed method: why is it better than the state of the art?
    • Evaluation: list of questions your experiments are designed to answer.
    • Conclusion.

Schedule

(subject to change)

Date Topic Reading Notes
09/02/2019 Introduction to software security [Thompson/CACM1984] HW0 out
09/04/2019 Assembly (x86) Overview [Machine-Level Representation of Programs] HW1 out
09/09/2019 Control Hijack [Smashing the Stack for Fun and Profit]
[WYSINWYX: What You See Is Not What You eXecute]
HW0 due (before class)
09/11/2019 Format String & Integer Overflow [Exploiting Format String Vulnerabilities]
[Basic Integer Overflows]
[Dietz/ICSE2012]
09/16/2019 Data Execution Prevention Project team/topic selection due
09/18/2019 ROP [Checkoway/CCS2010]
[Schwartz/USENIXSEC2011]
HW1 due
09/23/2019 ASLR [Shacham/CCS2004]
[Giuffrida/USENIXSEC2012]
HW2 out
09/25/2019 Canary and Memory Disclosure [Snow/Oakland2013]
[Backes/USENIXSEC2014]
[Petsios/ACSAC2015]
Project proposal due
09/30/2019 Modern Defenses [Davi/NDSS2015]
[Backes/CCS2014]
[Braden/NDSS2016]
[Crane/Oakland2015]
[Zhang/BLACKHAT2018]
10/02/2019 Runtime Monitoring [Schneider/TISSEC2000]
[Nethercote/PLDI2007]
[Serebryany/ATC2012]
[Han/NDSS2018]
10/07/2019 Binary Analysis [Jung/BAR2019]
[Kim/ASE2017]
[Brumley/CAV2011]
Project checkpoint (10/5)
10/09/2019 (한글날) Hangeul Proclamation Day HW2 due
10/14/2019 Control Flow Integrity [Abadi/CCS2005]
[Carlini/USENIXSEC2015]
[Conti/CCS2015]
Midterm goal declaration due
(send via email by 10/14)
10/16/2019 Midterm Overview
10/21/2019 Midterm (Location N5 #2243) 9:00-12:00
10/23/2019 No Class (midterm week)
10/28/2019 Project midterm presentation
10/30/2019 No Class (Undergraduate Admission)
11/04/2019 Type Confusion [Lee/USENIXSEC2015]
[Ratanaworabhan/USENIXSEC2009]
11/06/2019 Heap Hardening [Malloc Des-Maleficarum]
[Berger/PLDI2006]
[Akritidis/USENIXSEC2010]
[Novark/CCS2010]
[Silvestro/USENIXSEC2018]
[Heelan/USENIXSEC2018]
Midterm Review
Project midterm report due
11/11/2019 Heap Hardening (2) HW3 out
11/13/2019 Obfuscation [Linn/CCS2003]
[Kruegel/USENIXSEC2004]
[Yadegari/Oakland2015]
11/18/2019 Obfuscation (2) Project checkpoint
11/20/2019 Malware and Platform-Independent Programs [Cha/CCS2010]
11/25/2019 Data Exploits [Chen/USENIXSEC2005]
[Hu/USENIXSEC2015]
11/27/2019 No Class (Undergraduate Admission) HW3 due
12/02/2019 Fuzzing [Schwartz/Oakland2010]
[Cadar/CCS2006]
[Godefroid/NDSS2008]
[Kang/NDSS2011]
[Manes/TSE2019]
12/04/2019 Final Remark
12/09/2019 Project Presentation (1)
12/11/2019 Project Presentation (2) [Final Presentation Guideline]
12/16/2019 Final Exam 09:00-12:00
12/18/2019 No Class (Final week) Final report due (12/18)