Secure Software Development

Course Number 705022 and 705023 | Wintersemester 2020/21

Lecturers

Daniel Gruß

Vedad Hadzic

Martin Schwarzl

Samuel Weiser

Teaching Assistants

Michael Ehrenreich

Lukas Anton Lamster

Marcel Nageler

Content

This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve “memory safety”. We will discuss methods for debugging and bug discovery as well.

Material

IMPORTANT-INFORMATION

  • This course replaces the Security Aspects in Software Development course: WS2019/2020
  • More information and course modalities are provided on the material pages
  • The slides are available here after the end of each lecture
Date Type Topic Lecturer Material
Fr 02.10.2020 12:00 Lecture Organizational + Introduction I Daniel 00-lecture-intro.pdf
We 07.10.2020 10:00 Tutorium Warmup assignment handout Martin, Samuel slides, examples
Fr 09.10.2020 12:00 Lecture Introduction II Daniel 01-intro_low_level_1
We 14.10.2020 10:00 Tutorium H1+H2 assignment handout Marcel, Martin slides-assignment,slides-rop1, examples
Fr 16.10.2020 12:00 Lecture Memory Corruption I Martin slides
We 21.10.2020 10:00 Tutorium Exploits I Marcel, Martin slides-rop1, examples
Fr 23.10.2020 12:00 Lecture Memory Corruption II Martin Slides
Fr 23.10.2020 23:59 Deadline Warmup assignment
We 28.10.2020 10:00 Tutorium Exploits II Marcel, Martin slides-rop2, examples
Fr 30.10.2020 12:00 Lecture Exploits Vedad 04-exploits
We 04.11.2020 10:00 Tutorium Question hour Marcel, Martin
Fr 06.11.2020 12:00 Lecture Finding Bugs I Vedad 05-finding_bugs_1
Fr 06.11.2020 23:59 Deadline H1 assignment
We 11.11.2020 10:00 Tutorium D1+D2 assignment handout Lukas, Vedad assignment-2-handout
Fr 13.11.2020 12:00 Lecture Finding Bugs II Vedad 06-finding_bugs_2
Fr 13.11.2020 23:59 Deadline H2 assignment
We 18.11.2020 10:00 Tutorium Defensive I Lukas examples
Fr 20.11.2020 12:00 Lecture Defensive I Samuel 07-defensive
We 25.11.2020 10:00 Tutorium Defensive II Samuel examples
Fr 27.11.2020 12:00 Lecture Defensive II Samuel 08-countermeasures1
We 02.12.2020 10:00 Tutorium Defensive III (Rust) Invited speaker 07-rust
Fr 04.12.2020 12:00 Lecture Defensive III Samuel 09-countermeasures2
We 09.12.2020 10:00 Tutorium Question hour Lukas, Vedad
Fr 11.12.2020 23:59 Deadline D1 assignment
We 16.12.2020 10:00 Tutorium D3 assignment handout Michael 08-assignment-3-handout
Fr 18.12.2020 12:00 Lecture Exam Final exam
Fr 18.12.2020 23:59 Deadline D2 assignment
Fr 08.01.2021 23:59 Deadline D3 assignment
Mi 13.01.2021 Lecture Exam Final exam (second slot)
18-22.01.2021 Oral Exam Oral exam for practicals
29.01.2021 Mid of Feb. 2021
Lecture Exam Final exam (third slot)

Administrative Information

Teaching Venue

This semester all lectures and tutorials are streamed online via Youtube. Questions can be asked via Youtube and Discord. We will have Discord live sessions with voice chat as well as text channels throughout the whole semester.

The links to the streams and to Discord will be distributed per mail ahead of time, so make sure to register for the lecture and the practicals in TUGOnline.

How to get a grade for the lecture?

Written or Oral Exam (possibly virtual). Optional hacklets can be solved during the semester to earn bonus points for the exam.

How to get a grade for the practicals?

The grade consists of multiple practical assignments in combination with oral exams (possibly virtual).

Contact

  • Please contact us under ssd@iaik.tugraz.at or in the Discord channel which you will receive per mail.

 

Below you can find the lecture dates exported from TUGOnline.

Lecturers

Daniel Gruß
Daniel
Gruß

Assistant Professor

View more
Vedad Hadzic
Vedad
Hadzic

PhD Student

View more
Martin Schwarzl
Martin
Schwarzl

PhD Student

View more
Samuel Weiser
Samuel
Weiser

PostDoc

View more

Teaching Assistants

Michael Ehrenreich
Michael
Ehrenreich


Lukas Anton Lamster
Lukas Anton
Lamster


View more
Marcel Nageler
Marcel
Nageler