Software Security 1
Winter 2024/2025Team
- Prof. Dr. Kevin Borgolte
- Tobias Holl
- Felipe Novais
Time and Place
- Lecture: Wed 10-12, HZO 70
- Exercise, Group 1: Thur 10-12, MC 5/222
- Exercise, Group 2: Thur 12-14, MC 5/222
Course Description and Syllabus
The course covers the area of software security and vulnerability discovery and vulnerability verification, focusing on:
- Assembly and Disassembly, Shellcode
- Binary Reverse Engineering and Debugging
- Memory and Type Safety/Errors
- Stack-based Buffer Overflows
- Heap Attacks
- Information Leakage
- Format String Vulnerabilities
- Code Re-use Attacks
- Types and Type Safety
- Race Conditions
Goals
At the end of this course, students will be able to:
- classify and describe vulnerabilities and protection mechanisms of userspace applications for modern operating systems
- analyze and reason about protection mechanisms for userspace software
- identify vulnerabilities in software
- develop proofs of concept exploits/verifications to show the existence of a vulnerability in a software system
- understand how to write code defensively to reduce the risk of vulnerabilities
Prerequisites
The following courses (or equivalent) are required:
- System Security (211011)
- Operating Systems (211005)
In exceptional circumstances and on written request only, this requirement may be waived by the responsible lecturer.
Exam
The exam will be a practical exam in a CIP pool and span two days of 6 hrs each.