IS-50601

Course Information

  • Instructor: Sang Kil Cha
  • Time: (Tue./Thu.) 9:00 ~ 10:30
  • Location: N1 #113
  • TAs:
    • 김세훈
    • 박상준
    • 이정우
    • 이준학
  • Grading:
    • 5% Reading critique
    • 20% Homework
    • 35% Midterm
    • 40% Final

This course provides an in-depth study of attacks and defenses in software. The major themes this course will teach include memory safety vulnerabilities, control-flow hijacking, malicious software, and binary-level program analysis techniques. We will offer significant hands-on experience on each topic as well as reading and writing assignments.

Late Submission Policy

Late assignments will be assessed a late penalty of 10% per day.

Reading Critique Guideline

  • Use this LaTeX template.
  • No more than a single page.
  • Must start with a summary paragraph.
  • Must include your critical view.
  • Must summarize what you learned or what can be improved.

Schedule

(subject to change)

Date Topic Reading Notes
09/02/2025 Introduction to software security [Thompson/CACM1984]RC1
09/04/2025 Binary [WYSINWYX: What You See Is Not What You eXecute]RC2 RC1 due (24h before class)
09/09/2025 Assembly Overview [Machine-Level Representation of Programs]
09/11/2025 ABI RC2 due (24h before class)
09/16/2025 Control-Flow Hijack [Smashing the Stack for Fun and Profit] TA recitation on PoE
HW1 out
09/18/2025 Format String Attacks [Exploiting Format String Vulnerabilities]
09/23/2025 Integer Overflows [Basic Integer Overflows]
[Dietz/ICSE2012]
09/25/2025 No Class
09/30/2025 DEP and ROP [Shacham/CCS2007]RC3
[Checkoway/CCS2010]
[Schwartz/USENIXSEC2011]
[Giuffrida/USENIXSEC2012] 		RC3 due (24h before class)
HW1 due
10/02/2025 ASLR [Shacham/CCS2004]RC4
[Backes/USENIXSEC2014] 		RC4 due (24h before class)
10/07/2025 Chuseok
10/09/2025 Hangul Day HW2 out (delayed)
10/14/2025 Canary [Petsios/ACSAC2015]
10/16/2025 Memory Disclosure [Snow/Oakland2013]
[Backes/CCS2014]
[Davi/NDSS2015]
[Braden/NDSS2016]
[Crane/Oakland2015]RC5
[Zhang/BLACKHAT2018]
 RC5 due (24h before class)
HW2 due (by 10/20)
10/21/2025 Midterm (Location N1 #113) 9:00-12:00
10/23/2025 No Class (midterm week)
10/28/2025 Runtime Monitoring [Schneider/TISSEC2000]RC6
[Nethercote/PLDI2007]
[Serebryany/ATC2012]
[Han/NDSS2018]
 RC6 due (24h before class)
TA recitation
10/30/2025 Binary Rewriting [Wenzl/CSUR2019]
[Wang/NDSS2017]
[Williams-King/ASPLOS2020]RC7
[Kim/USENIXSEC2023]
[Kim/ASPLOS2025]
 RC7 due (24hr before class)
11/04/2025 Control Flow Integrity [Abadi/CCS2005]RC8
[Carlini/USENIXSEC2015]
[Conti/CCS2015]
[Castro/OSDI2006]
 RC8 due (24hr before class)
11/06/2025 Type Confusion [Lee/USENIXSEC2015]RC9
 RC9 due (24h before class)
11/11/2025 Heap Exploit [Malloc Des-Maleficarum]
[Heelan/USENIXSEC2018]
[Ratanaworabhan/USENIXSEC2009]
 HW3 out
11/13/2025 Heap Hardening [Akritidis/USENIXSEC2010]
[Novark/CCS2010]RC10
[Silvestro/USENIXSEC2018]
[Ahn/USENIXSEC2024]
 RC10 due (24h before class)
11/18/2025 Binary Analysis [Brumley/CAV2011]
[Jung/BAR2019]
[Kim/ASE2017]
[Miller/ICSE2019]RC11
[Pang/USENIXSEC2022]
 RC11 due (24hr before class)
11/20/2025 Decompilation [Kruegel/USENIXSEC2004]
[Lee/NDSS2011]RC12
[Schwartz/USENIXSEC2013]
[Yakdan/NDSS2017]
[Wiedemeier/Oakland2025]
 RC12 due (24h before class)
11/25/2025 Obfuscation and Malware Analysis [Linn/CCS2003]
[Yadegari/Oakland2015]
[Cha/CCS2010]
[Jang/Oakland2012]RC13
 RC13 due (24h before class)
HW3 due
11/27/2025 No Class (undergraduate admission)
12/02/2025 Data Exploits [Chen/USENIXSEC2005]RC14
[Hu/USENIXSEC2015]
 HW4 out (12/2)
RC14 due (24h before class)
12/04/2025 Symbolic Execution [Kang/NDSS2011]
[Cadar/CCS2006]
[Godefroid/NDSS2008]
[Schwartz/Oakland2010]RC15
 RC15 due (24h before class)
12/09/2025 Fuzzing & Wrap-up [Manes/TSE2021]
[Choi/ICSE2019]RC16
[Manes/ICSE2020]
 RC16 due (24h before class)
12/11/2025 No class (substituted with the 12/09 class) HW4 due (12/14)
12/16/2025 Final Exam 09:00-12:00
12/18/2025 No Class (Final week)

Copyright © SoftSec Lab all rights reserved.