Course Information
- Instructor: Sang Kil Cha
- Time: (Tue./Thu.) 9:00 ~ 10:30
- Location: N1 #113
- TAs:
- 김정현
- 송용호
- 이정우
- Grading:
- 5% Reading critique
- 20% Homework
- 35% Midterm
- 40% Final
This course provides an in-depth study of attacks and defenses in software. The major themes this course will teach include memory safety vulnerabilities, control-flow hijacking, malicious software, and binary-level program analysis techniques. We will offer significant hands-on experience on each topic as well as reading and writing assignments.
Late Submission Policy
Late assignments will be assessed a late penalty of 10% per day.
Reading Critique Guideline
- Use this LaTeX template.
- No more than a single page.
- Must start with a summary paragraph.
- Must include your critical view.
- Must summarize what you learned or what can be improved.
Schedule
(subject to change)
Date | Topic | Reading | Notes |
---|---|---|---|
09/03/2024 | Introduction to software security | [Thompson/CACM1984]RC1 | |
09/05/2024 | Binary | [WYSINWYX: What You See Is Not What You eXecute]RC2 |
RC1 due (24h before class) |
09/08/2024 | Assembly Overview (online make-up class for 10/1) |
[Machine-Level Representation of Programs] | Lecture video available @ KLMS |
09/10/2024 | ABI |
RC2 due (24h before class) |
|
09/12/2024 | Control-Flow Hijack | [Smashing the Stack for Fun and Profit] |
TA recitation on PoE HW1 out |
09/13/2024 | Format String Attacks (offline+online make-up class @ 9/13) |
[Exploiting Format String Vulnerabilities] | |
09/17/2024 | Chuseok | ||
09/19/2024 | No Class | ||
09/24/2024 | Integer Overflows |
[Basic Integer Overflows] [Dietz/ICSE2012] |
|
09/26/2024 | DEP and ROP |
[Shacham/CCS2007]RC3 [Checkoway/CCS2010] [Schwartz/USENIXSEC2011] [Giuffrida/USENIXSEC2012] |
HW1 due (9/28) RC3 due (24h before class) |
10/01/2024 | Armed Forces Day | ||
10/03/2024 | National Foundation Day | ||
10/08/2024 | ASLR (online) |
[Shacham/CCS2004]RC4 [Backes/USENIXSEC2014] |
RC4 due (24h before class) HW2 out |
10/10/2024 | Canary (online) | [Petsios/ACSAC2015] | |
10/15/2024 | Memory Disclosure |
[Snow/Oakland2013] [Backes/CCS2014] [Davi/NDSS2015] [Braden/NDSS2016] [Crane/Oakland2015]RC5 [Zhang/BLACKHAT2018] |
RC5 due (24h before class) |
10/17/2024 | Runtime Monitoring |
[Schneider/TISSEC2000]RC6 [Nethercote/PLDI2007] [Serebryany/ATC2012] [Han/NDSS2018] |
RC6 due (24h before class) HW2 due (10/19) |
10/22/2024 | Midterm (Location N1 #113) | 9:00-12:00 | |
10/24/2024 | No Class (midterm week) | ||
10/29/2024 | Binary Rewriting |
[Wenzl/CSUR2019] [Wang/USENIXSEC2015] [Wang/NDSS2017] [Williams-King/ASPLOS2020]RC7 [Kim/USENIXSEC2023] |
RC7 due (24hr before class) |
10/31/2024 | No Class (Undergraduate Admission) | TA recitation | |
11/05/2024 | Control Flow Integrity | [Abadi/CCS2005]RC8 [Carlini/USENIXSEC2015] [Conti/CCS2015] [Castro/OSDI2006] |
RC8 due (24hr before class) |
11/07/2024 | Type Confusion |
[Lee/USENIXSEC2015]RC9 |
RC9 due (24h before class) |
11/12/2024 | Heap Exploit |
[Malloc Des-Maleficarum] [Heelan/USENIXSEC2018] [Ratanaworabhan/USENIXSEC2009] |
HW3 out |
11/14/2024 | Heap Hardening |
[Akritidis/USENIXSEC2010] [Novark/CCS2010]RC10 [Silvestro/USENIXSEC2018] [Ahn/USENIXSEC2024] |
RC10 due (24h before class) |
11/19/2024 | Binary Analysis |
[Brumley/CAV2011] [Jung/BAR2019] [Kim/ASE2017] [Miller/ICSE2019]RC11 [Pang/USENIXSEC2022] |
RC11 due (24hr before class) |
11/21/2024 | Decompilation |
[Kruegel/USENIXSEC2004] [Lee/NDSS2011]RC12 [Schwartz/USENIXSEC2013] [Yakdan/NDSS2017] |
RC12 due (24h before class) |
11/26/2024 | Obfuscation and Malware Analysis |
[Linn/CCS2003] [Yadegari/Oakland2015] [Cha/CCS2010] [Jang/Oakland2012]RC13 |
RC13 due (24h before class) |
11/28/2024 | No Class (undergraduate admission) |
HW3 due (11/30) |
|
12/03/2024 | Data Exploits |
[Chen/USENIXSEC2005]RC14 [Hu/USENIXSEC2015] |
HW4 out (12/2) RC14 due (24h before class) |
12/05/2024 | Symbolic Execution |
[Kang/NDSS2011] [Cadar/CCS2006] [Godefroid/NDSS2008] [Schwartz/Oakland2010]RC15 |
RC15 due (24h before class) |
12/10/2024 | Special Guest Lecture (Prof. Kangkook Jee) |
[Wiedemeier/Oakland2025] |
|
12/12/2024 | Fuzzing & Wrap-Up |
[Manes/TSE2021] [Choi/ICSE2019]RC16 [Manes/ICSE2020] |
HW4 due (12/14) RC16 due (24h before class) |
12/17/2024 | Final Exam | 09:00-12:00 | |
12/19/2024 | No Class (Final week) |