- Future Students
- Academic Progams
- Undergraduate Program
- Current Semester CS Courses
- New Course Offerings
- Upcoming Semesters
- Previous Semesters
- Canonical Syllabi
- Course Access & Request Policy
- Academic Integrity Policy
- Grad Student Registration
- Variable Title Courses
- Study Abroad
- Professional Practice
- Co-Op Professional Practice
- Non-Co-Op Professional Practice
- ISS Application Process for International Students (CPT, OPT, RCL, Program Extension, COEL)
- Pass/Not Pass Spring 2020
CS 52700: Software Security
Course Description:
This course focuses on software security fundamentals, secure coding guidelines and principles, and advanced software security concepts. Students will learn to assess and understand threats, learn how to design and implement secure software systems, and get hands-on experience with common security pitfalls. The course material builds upon CS 52600 Information Security.
Week 1: Introduction to software security and access control
Introduce general software security topics and give a review of basic security principles, properties, and requirements and how they apply to software security. Introduction to access control fundamentals for software systems, how they can be implemented, and how they are used effectively in real systems. Topics include:
- Security goals: separation, least privilege, trust
- Hardware abstractions, virtual memory
- Trust and threat models
- Access control fundamentals in software: Protection system, Reference monitors, Mandatory access control (MAC)
Week 2: Software vulnerabilities: memory (un-)safety
Memory safety as a fundamental security property for software systems and how the lack thereof enables a wide range of attacks against software systems. Categorize different attack vectors according to attacker capabilities and explore fundamental properties of memory safety errors, differentiating between spatial and temporal memory errors. Introduce secure coding guidelines and discuss how they enable more secure software. Topics include:
- Eternal War in Memory
- Spatial memory-safety errors
- Temporal memory-safety errors
- Secure coding guidelines
Week 3: Introduction to reverse engineering
Analyze existing binaries using industry-proven tools. After a general introduction into IDA pro usage, dissect small binaries and reverse engineer different data structures used in the program. Applied exercises enhance understanding on how source code ties to binaries and allows better understanding of binaries and exploitation of functions. Understand how binaries are structured and how data structures and algorithms can be recovered from binary programs. Topics include:
- Introduction to IDA
- Assembly code and binary formats (ELF)
- Stack and heap layouts
- Recover data structures from assembly
- Decompiling programs
Week 4: Dynamic defense mechanisms
Overview of defense mechanisms widely deployed on current systems (probabilistic and deterministic approaches). Future defense mechanisms and safe languages that could mitigate the security problems by design. Topics include:
- Deployed defense mechanisms: Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Stack Cookies
- Safe memory allocators
- Control-Flow Integrity (CFI) and Code-Pointer Integrity (CPI)
- Safe languages
Week 5: Static protection through bug finding
Finding and fixing bugs in programs. Static code analysis and static verification to find bugs in source code and prove the absence of specific classes of vulnerabilities. Possibilities and limitations of these bug finding techniques. Topics include:
- Static code analysis: correctness through over-approximative static analysis
- Static verification: proving correctness using abstract interpretation
- Symbolic execution: using FuzzBall and KLEE to show correctness
Week 6: Finding and exploiting vulnerabilities
Vulnerabilities in binary code to understanding how memory corruption exploits work. Taking a look at simple stack and heap based exploits as well as more complicated ones. Understand how an exploit is constructed for a given vulnerability and target shellcode. Topics include:
- Finding bugs in binary code
- Memory corruption exploits
- Exploits and payloads (shell code)
Week 7: Operating system security and forensics
Moving from individual programs to privileged software components like operating systems. Explore different authentication problems and privilege models used in current kernels with a hands-on discussion of file system protection mechanisms and forensics. Topics include:
- User authentication, privilege models
- File system protection mechanisms
- Vulnerabilities and accountability
- General forensic with a focus on file systems and file formats (e.g., to recover deleted data)
Week 8: Protecting data
Analyze programs from a software engineering perspective, evaluating how techniques like taint and information-flow tracking enable the protection of data. Explore how these techniques can be used to find bugs during development and protect applications after deployment. Topics include taint tracking, Information-flow tracking, covert channels.
Week 9: Defense in practice
Given a vulnerable program and a set of vulnerabilities, fix vulnerabilities on the source code level and on the binary level. Explore and discuss how modern defense techniques like CFI and CPI can help protect the integrity of systems even in the presence of vulnerabilities. Topics include:
- Approaches to fixing vulnerabilities in existing code and patching vulnerabilities in binaries
- Evaluation and use of modern defense techniques (CFI and CPI)
Week 10: Web security
Evaluating software security aspects of web frameworks and their underlying software. Explore vulnerabilities and problems of web frameworks and the programming languages they are implemented in. Discuss the needed awareness of limitations when writing secure software. Topics include:
- Web frameworks (Perl, PHP, Ruby) and their common vulnerabilities
- Regular and blind SQL injection
- Cross-site scripting (XSS)
Week 11: Browser security
Browsers are large and complex software systems that are exposed to potentially malicious, attacker-controlled code. Design principles that help protect users and their data from attacks. Topics include:
- Browser design principles
- Browser as OS
- Plugin security
- Heap spraying and information leaks
Week 12: Web security
Browsers, servers, and web frameworks are specifically exposed to attackers; vulnerabilities in these programs lead to a significant attack surface. Discuss the opportunities of an attacker, standard exploitation paths, and defense methods used. Topics include:
- SQL injection
- XSS
- PHP exploits
- Heap spraying
Week 13: Android OS/mobile security
The mobile sector introduced new software methodologies and makes programs first class citizens on an operating system, separating permissions on a per application and no longer on a per user level. Novel permission models allow clear separation of applications and especially hardened kernels protect mobile devices against both local and remote attacks. We discuss the security design decisions of such mobile system and evaluate the power of the permission models of different approaches. Topics include:
- Permission model
- User-level app security
- Kernel hardening
- rooting mobile devices
Week 14: Malware analysis
Malicious software is developed just like regular software and therefore is as likely to contain vulnerabilities. Inspect the malware development cycle using a specific malware family; reverse engineer one sample of this family and discuss attribution and possible vulnerabilities of the reversed malware. Topics include:
- Reverse engineering
- Anti-debugging techniques
- Anti-VM techniques
Week 15: Review