Course Information

  • Instructor: Sang Kil Cha
  • Time: (Tue./Thu.) 9:00 ~ 10:30
  • Location: N1 #113
  • TAs:
    • 김정현
    • 송용호
    • 이정우
  • Grading:
    • 5% Reading critique
    • 20% Homework
    • 35% Midterm
    • 40% Final

This course provides an in-depth study of attacks and defenses in software. The major themes this course will teach include memory safety vulnerabilities, control-flow hijacking, malicious software, and binary-level program analysis techniques. We will offer significant hands-on experience on each topic as well as reading and writing assignments.

Late Submission Policy

Late assignments will be assessed a late penalty of 10% per day.

Reading Critique Guideline

  • Use this LaTeX template.
  • No more than a single page.
  • Must start with a summary paragraph.
  • Must include your critical view.
  • Must summarize what you learned or what can be improved.

Schedule

(subject to change)

Date Topic Reading Notes
09/03/2024 Introduction to software security [Thompson/CACM1984]RC1
09/05/2024 Binary [WYSINWYX: What You See Is Not What You eXecute]RC2 RC1 due (24h before class)
09/08/2024 Assembly Overview
(online make-up class for 10/1)
[Machine-Level Representation of Programs] Lecture video available @ KLMS
09/10/2024 ABI RC2 due (24h before class)
09/12/2024 Control-Flow Hijack [Smashing the Stack for Fun and Profit] TA recitation on PoE
HW1 out
09/13/2024 Format String Attacks
(offline+online make-up class @ 9/13)
[Exploiting Format String Vulnerabilities]
09/17/2024 Chuseok
09/19/2024 No Class
09/24/2024 Integer Overflows [Basic Integer Overflows]
[Dietz/ICSE2012]
09/26/2024 DEP and ROP [Shacham/CCS2007]RC3
[Checkoway/CCS2010]
[Schwartz/USENIXSEC2011]
[Giuffrida/USENIXSEC2012]
HW1 due (9/28)
RC3 due (24h before class)
10/01/2024 Armed Forces Day
10/03/2024 National Foundation Day
10/08/2024 ASLR (online) [Shacham/CCS2004]RC4
[Backes/USENIXSEC2014]
RC4 due (24h before class)
HW2 out
10/10/2024 Canary (online) [Petsios/ACSAC2015]
10/15/2024 Memory Disclosure [Snow/Oakland2013]
[Backes/CCS2014]
[Davi/NDSS2015]
[Braden/NDSS2016]
[Crane/Oakland2015]RC5
[Zhang/BLACKHAT2018]
RC5 due (24h before class)
10/17/2024 Runtime Monitoring [Schneider/TISSEC2000]RC6
[Nethercote/PLDI2007]
[Serebryany/ATC2012]
[Han/NDSS2018]
RC6 due (24h before class)
HW2 due (10/19)
10/22/2024 Midterm (Location N1 #113) 9:00-12:00
10/24/2024 No Class (midterm week)
10/29/2024 Binary Rewriting [Wenzl/CSUR2019]
[Wang/USENIXSEC2015]
[Wang/NDSS2017]
[Williams-King/ASPLOS2020]RC7
[Kim/USENIXSEC2023]
RC7 due (24hr before class)
10/31/2024 No Class (Undergraduate Admission) TA recitation
11/05/2024 Control Flow Integrity [Abadi/CCS2005]RC8
[Carlini/USENIXSEC2015]
[Conti/CCS2015]
[Castro/OSDI2006]
RC8 due (24hr before class)
11/07/2024 Type Confusion [Lee/USENIXSEC2015]RC9
RC9 due (24h before class)
11/12/2024 Heap Exploit [Malloc Des-Maleficarum]
[Heelan/USENIXSEC2018]
[Ratanaworabhan/USENIXSEC2009]
HW3 out
11/14/2024 Heap Hardening [Akritidis/USENIXSEC2010]
[Novark/CCS2010]RC10
[Silvestro/USENIXSEC2018]
[Ahn/USENIXSEC2024]
RC10 due (24h before class)
11/19/2024 Binary Analysis [Brumley/CAV2011]
[Jung/BAR2019]
[Kim/ASE2017]
[Miller/ICSE2019]RC11
[Pang/USENIXSEC2022]
RC11 due (24hr before class)
11/21/2024 Decompilation [Kruegel/USENIXSEC2004]
[Lee/NDSS2011]RC12
[Schwartz/USENIXSEC2013]
[Yakdan/NDSS2017]
RC12 due (24h before class)
11/26/2024 Obfuscation and Malware Analysis [Linn/CCS2003]
[Yadegari/Oakland2015]
[Cha/CCS2010]
[Jang/Oakland2012]RC13
RC13 due (24h before class)
11/28/2024 No Class (undergraduate admission) HW3 due (11/30)
12/03/2024 Data Exploits [Chen/USENIXSEC2005]RC14
[Hu/USENIXSEC2015]
HW4 out (12/2)
RC14 due (24h before class)
12/05/2024 Symbolic Execution [Kang/NDSS2011]
[Cadar/CCS2006]
[Godefroid/NDSS2008]
[Schwartz/Oakland2010]RC15
RC15 due (24h before class)
12/10/2024 Special Guest Lecture (Prof. Kangkook Jee) [Wiedemeier/Oakland2025]
12/12/2024 Fuzzing & Wrap-Up [Manes/TSE2021]
[Choi/ICSE2019]RC16
[Manes/ICSE2020]
HW4 due (12/14)
RC16 due (24h before class)
12/17/2024 Final Exam 09:00-12:00
12/19/2024 No Class (Final week)