IS-561

Course Information

  • Instructor: Sang Kil Cha
  • Time: (Mon./Wed.) 9:00 ~ 10:30
  • Location: N5 #2243
  • TAs:
    • 김정현
    • 윤창조
  • Grading:
    • 5% Reading critique
    • 5% Homework
    • 45% Midterm
    • 45% Final

This course provides an in-depth study of attacks and defenses in software. The major themes this course will teach include memory safety vulnerabilities, control-flow hijacking, malicious software, and binary-level program analysis techniques. We will offer significant hands-on experience on each topic as well as reading and writing assignments.

Late Submission Policy

Late assignments will be assessed a late penalty of 10% per day.

Reading Critique Guideline

  • Use this LaTeX template.
  • No more than a single page.
  • Must start with a summary paragraph.
  • Must include your critical view.
  • Must summarize what you learned or what can be improved.

Report Submission Guideline

  • Submit a single ZIP file per team. The ZIP file should contain your final report (in PDF) and any code/implementation.
  • Use ACM sig proceedings templates for your final report: link
  • Maximum 6 pages (two columns).
  • It should roughly have the following format:
    • Introduction: show motivation.
    • Problem definition: what are you trying to solve? why is it important?
    • Proposed method: why is it better than the state of the art?
    • Evaluation: list of questions your experiments are designed to answer.
    • Conclusion.

Schedule

(subject to change)

Date Topic Reading Notes
08/28/2023 Introduction to software security [Thompson/CACM1984]RC1
08/30/2023 Binary [WYSINWYX: What You See Is Not What You eXecute]RC2 RC1 due (24h before class)
09/04/2023 Assembly (x86) Overview [Machine-Level Representation of Programs] RC2 due (24h before class)
09/06/2023 ABI HW1 out
09/11/2023 Control-Flow Hijack [Smashing the Stack for Fun and Profit]
09/13/2023 Format String Attacks [Exploiting Format String Vulnerabilities]
09/18/2023 Integer Overflows [Basic Integer Overflows]
[Dietz/ICSE2012]
09/20/2023 DEP and ROP [Shacham/CCS2007]RC3
[Checkoway/CCS2010]
[Schwartz/USENIXSEC2011]
[Giuffrida/USENIXSEC2012] 		HW1 due
RC3 due (24h before class)
09/25/2023 ASLR (online lecture) [Shacham/CCS2004]RC4
[Backes/USENIXSEC2014] 		TA recitation (TBD)
RC4 due (9am Fri.)
HW2 out
09/27/2023 Canary [Petsios/ACSAC2015]
10/02/2023 Chuseok
10/04/2023 Memory Disclosure [Snow/Oakland2013]
[Backes/CCS2014]
[Davi/NDSS2015]
[Braden/NDSS2016]
[Crane/Oakland2015]RC5
[Zhang/BLACKHAT2018]
 RC5 due (24h before class)
10/09/2023 Hangul Proclamation Day
10/11/2023 Runtime Monitoring [Schneider/TISSEC2000]RC6
[Nethercote/PLDI2007]
[Serebryany/ATC2012]
[Han/NDSS2018]
 RC6 due (24h before class)
HW2 due (10/11)
10/16/2023 Midterm (Location N1 #422) 9:00-12:00
10/18/2023 No Class (midterm week)
10/23/2023 Binary Rewriting [Wenzl/CSUR2019]
[Wang/USENIXSEC2015]
[Wang/NDSS2017]
[Williams-King/ASPLOS2020]RC7
 RC7 due (9am Fri.)
10/25/2023 No Class (Undergraduate Admission) TA recitation
10/30/2023 Control Flow Integrity [Abadi/CCS2005]RC8
[Carlini/USENIXSEC2015]
[Conti/CCS2015]
[Castro/OSDI2006]
 RC8 due (9am Fri.)
11/01/2023 Type Confusion [Lee/USENIXSEC2015]RC9
 RC9 due (24h before class)
11/06/2023 Heap Exploit [Malloc Des-Maleficarum]
[Heelan/USENIXSEC2018]
[Ratanaworabhan/USENIXSEC2009]
 HW3 out
11/08/2023 Heap Hardening [Berger/PLDI2006]
[Akritidis/USENIXSEC2010]
[Novark/CCS2010]RC10
[Silvestro/USENIXSEC2018]
 RC10 due (24h before class)
11/13/2023 Binary Analysis [Brumley/CAV2011]
[Jung/BAR2019]
[Kim/ASE2017]
[Miller/ICSE2019]RC11
 RC11 due (9am Fri.)
11/15/2023 Decompilation [Kruegel/USENIXSEC2004]
[Lee/NDSS2011]RC12
[Schwartz/USENIXSEC2013]
[Yakdan/NDSS2017]
 RC12 due (24h before class)
11/20/2023 Obfuscation and Malware Analysis [Linn/CCS2003]
[Yadegari/Oakland2015]
[Cha/CCS2010]
[Jang/Oakland2012]RC13
 RC13 due (9am Fri.)
11/22/2023 Data Exploits [Chen/USENIXSEC2005]RC14
[Hu/USENIXSEC2015]
 HW3 due
RC14 due (24h before class)
11/27/2023 Symbolic Execution [Kang/NDSS2011]
[Cadar/CCS2006]
[Godefroid/NDSS2008]
[Schwartz/Oakland2010]RC15
 RC15 due (9am Fri.)
11/29/2023 Fuzzing (Online make-up class. Time will be announced later) [Manes/TSE2021]
[Choi/ICSE2019]RC16
[Manes/ICSE2020]
 RC16 due (9am, Dec. 1st)
12/04/2023 Wrap-Up
12/06/2023 No Class (Make-Up Class on 11/29)
12/11/2023 Final Exam 09:00-12:00
12/13/2023 No Class (Final week)

Copyright © SoftSec Lab all rights reserved.