IS-561

Course Information

Instructor: Sang Kil Cha
Time: (Mon./Wed.) 10:30 ~ 12:00
Location: N5 #2243
TAs:
- 신명근
- 이준오
Grading:
- 15% Reading critique
- 15% Homework
- 20% In-class discussion, quiz, and extra activities
- 25% Midterm
- 25% Final

This course provides an in-depth study of attacks and defenses in software. The major themes this course will teach include memory safety vulnerabilities, control-flow hijacking, malicious software, and binary-level program analysis techniques. We will offer significant hands-on experience on each topic as well as reading and writing assignments.

Late Submission Policy

Late assignments will be assessed a late penalty of 10% per day.

Reading Critique Guideline

Use this LaTeX template.
No more than a single page.
Must start with a summary paragraph.
Must include your critical view.
Must summarize what you learned or what can be improved.

Report Submission Guideline

Submit a single ZIP file per team. The ZIP file should contain your final report (in PDF) and any code/implementation.
Use ACM sig proceedings templates for your final report: link
Maximum 6 pages (two columns).
It should roughly have the following format:
- Introduction: show motivation.
- Problem definition: what are you trying to solve? why is it important?
- Proposed method: why is it better than the state of the art?
- Evaluation: list of questions your experiments are designed to answer.
- Conclusion.

Schedule

(subject to change)

Date	Topic	Reading	Notes
08/30/2021	Introduction to software security	[Thompson/CACM1984]^RC1
09/01/2021	Assembly (x86) Overview	[Machine-Level Representation of Programs] [WYSINWYX: What You See Is Not What You eXecute]^RC2	RC1 due (before class)
09/06/2021	Control Hijack	[Smashing the Stack for Fun and Profit]	RC2 due HW 1 out
09/08/2021	Format String & Integer Overflow	[Exploiting Format String Vulnerabilities] [Basic Integer Overflows] [Dietz/ICSE2012]
09/13/2021	Format String & Integer Overflow (2)	~~[Shacham/CCS2004]~~^RC3 [Shacham/CCS2007]	RC3 due
09/15/2021	DEP and ROP	[Checkoway/CCS2010] [Schwartz/USENIXSEC2011] [Giuffrida/USENIXSEC2012]
09/20/2021	Chuseok
09/22/2021	Chuseok		HW1 due (9/22)
09/27/2021	ASLR and Canary	[Backes/USENIXSEC2014] [Petsios/ACSAC2015]	HW2 out RC4 due
09/29/2021	Memory Disclosure	[Snow/Oakland2013]^RC4 [Backes/CCS2014]
10/04/2021	Modern Defenses	[Davi/NDSS2015] [Braden/NDSS2016] [Crane/Oakland2015]^RC5 [Zhang/BLACKHAT2018]	RC5 due
10/06/2021	Runtime Monitoring	[Schneider/TISSEC2000]^RC6 [Nethercote/PLDI2007] [Serebryany/ATC2012] [Han/NDSS2018]	RC6 due
10/11/2021	Binary Rewriting	[Wenzl/CSUR2019] [Wang/USENIXSEC2015] [Wang/NDSS2017] [Williams-King/ASPLOS2020]^RC7	RC7 due
10/13/2021	Midterm Overview
10/18/2021	Midterm (Location N5 #2243)	9:00-12:00	HW2 due (10/20)
10/20/2021	No Class (midterm week)
10/25/2021	Control Flow Integrity	[Abadi/CCS2005]^RC8 [Carlini/USENIXSEC2015] [Conti/CCS2015]	RC8 due HW3 out
10/27/2021	No Class (undergraduate admission)
11/01/2021	PoE and CFI (2)	[Castro/OSDI2006]
11/03/2021	Type Confusion	[Lee/USENIXSEC2015] [Ratanaworabhan/USENIXSEC2009]
11/08/2021	Heap Hardening	[Malloc Des-Maleficarum] [Berger/PLDI2006] [Akritidis/USENIXSEC2010] [Novark/CCS2010]^RC9 [Silvestro/USENIXSEC2018] [Heelan/USENIXSEC2018]	RC9 due
11/10/2021	Binary Analysis	[Brumley/CAV2011] [Jung/BAR2019] [Kim/ASE2017] [Miller/ICSE2019]^RC10	RC10 due Project out
11/15/2021	Obfuscation	[Linn/CCS2003] [Kruegel/USENIXSEC2004]^RC11 [Yadegari/Oakland2015]	RC11 due
11/17/2021	Decompile	[Lee/NDSS2011]^RC12 [Schwartz/USENIXSEC2013] [Yakdan/NDSS2017]	HW3 due RC12 due
11/22/2021	Platform-Independence and Malware Detection	[Cha/CCS2010] [Jang/Oakland2012]^RC13	RC13 due
11/24/2021	Data Exploits	[Chen/USENIXSEC2005]^RC14 [Hu/USENIXSEC2015]	RC14 due
11/29/2021	Data Exploits (2)
12/01/2021	No Class (Undergraduate Admission)
12/06/2021	Symbolic Execution	[Kang/NDSS2011] [Cadar/CCS2006] [Godefroid/NDSS2008] [Schwartz/Oakland2010]^RC15	RC15 due
12/08/2021	Fuzzing	[Manes/TSE2021] [Choi/ICSE2019]^RC16 [Manes/ICSE2020]	RC16 due
12/13/2021	Final Exam	09:00-12:00
12/15/2021	No Class (Final week)