Software Security
Winter 2022/2023Time and Place
- Lecture: Wed 10-12, ID 04/653
- Exercise: Thur 8-10, ID 04/653
Course Description and Syllabus
The course covers the area of software security and vulnerability discovery and vulnerability verification, focusing on:
- Assembly and Disassembly, Shellcode
- Binary Reverse Engineering and Debugging
- Sandboxing
- Memory and Type Safety/Errors
- Information Leakage
- Vulnerability Exploitation/Verification, Buffer and Heap Overflows
- Code Re-use Attacks, e.g., Return Oriented Programming
- Race Conditions
- Format String Vulnerabilities
- Exploit/Verification Synthesis and Automated Exploitation/Verification
- Kernel Security
- Defensive Programming
Goals
At the end of this course, students will be able to:
- classify and describe vulnerabilities and protection mechanisms of software systems
- analyze and reason about protection mechanisms for modern software systems
- identify vulnerabilities in software systems
- develop proofs of concept exploits/verifications to show the existence of a vulnerability in a software system
- understand how to write code defensively to reduce the risk of vulnerabilities
Prerequisites
Completed bachelor courses System Security and OS Security, or other equivalent courses.