Secure Software Development

Course Number 705022 and 705023 | Wintersemester 2020/21

Lecturers

Daniel Gruß

Vedad Hadzic

Martin Schwarzl

Samuel Weiser

Teaching Assistants

Michael Ehrenreich

Lukas Anton Lamster

Marcel Nageler

Content

This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve “memory safety”. We will discuss methods for debugging and bug discovery as well.

Material

IMPORTANT-INFORMATION

  • This course replaces the Security Aspects in Software Development course: WS2019/2020
  • More information and course modalities are provided on the material pages
  • The slides are available here after the end of each lecture
Date Type Topic Lecturer Material
Fr 02.10.2020 12:00 Lecture Organizational + Introduction I Daniel 00-lecture-intro.pdf
We 07.10.2020 10:00 Tutorium Warmup assignment handout Martin, Samuel slides, examples
Fr 09.10.2020 12:00 Lecture Introduction II Daniel 01-intro_low_level_1
We 14.10.2020 10:00 Tutorium H1+H2 assignment handout Marcel, Martin slides-assignment,slides-rop1, examples
Fr 16.10.2020 12:00 Lecture Memory Corruption I Martin slides
We 21.10.2020 10:00 Tutorium Exploits I Marcel, Martin
Fr 23.10.2020 12:00 Lecture Memory Corruption II Martin Slides
Fr 23.10.2020 23:59 Deadline Warmup assignment
We 28.10.2020 10:00 Tutorium Exploits II Marcel, Martin
Fr 30.10.2020 12:00 Lecture Exploits Vedad
We 04.11.2020 10:00 Tutorium Question hour Marcel, Martin
Fr 06.11.2020 12:00 Lecture Finding Bugs I Daniel
Fr 06.11.2020 23:59 Deadline H1 assignment Marcel, Martin
We 11.11.2020 10:00 Tutorium D1+D2 assignment handout Marcel, Martin
Fr 13.11.2020 12:00 Lecture Finding Bugs II Vedad
Fr 13.11.2020 23:59 Deadline H2 assignment
We 18.11.2020 10:00 Tutorium Defensive I Lukas, Vedad
Fr 20.11.2020 12:00 Lecture Defensive I Samuel
We 25.11.2020 10:00 Tutorium Defensive II Lukas, Vedad
Fr 27.11.2020 12:00 Lecture Defensive II Samuel
We 02.12.2020 10:00 Tutorium Defensive III Lukas, Vedad
Fr 04.12.2020 12:00 Lecture Defensive III Invited speaker
We 09.12.2020 10:00 Tutorium Question hour Lukas, Vedad
Fr 11.12.2020 23:59 Deadline D1 assignment
We 16.12.2020 10:00 Tutorium D3 assignment handout Michael
Fr 18.12.2020 12:00 Lecture Exam Final exam
Fr 18.12.2020 23:59 Deadline D2 assignment
Fr 08.01.2021 23:59 Deadline D3 assignment
18-22.01.2021 Oral Exam Oral exam for practicals
29.01.2021 Lecture Exam Final exam (second slot)

Administrative Information

Teaching Venue

This semester all lectures and tutorials are streamed online via Youtube. Questions can be asked via Youtube and Discord. We will have Discord live sessions with voice chat as well as text channels throughout the whole semester.

The links to the streams and to Discord will be distributed per mail ahead of time, so make sure to register for the lecture and the practicals in TUGOnline.

How to get a grade for the lecture?

Written or Oral Exam (possibly virtual). Optional hacklets can be solved during the semester to earn bonus points for the exam.

How to get a grade for the practicals?

The grade consists of multiple practical assignments in combination with oral exams (possibly virtual).

Contact

  • Please contact us under ssd@iaik.tugraz.at or in the Discord channel which you will receive per mail.

 

Below you can find the lecture dates exported from TUGOnline.

Lecture Dates

Date Begin End Location Event Type Comment
2020/12/18 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/Online / Virtual - See course website / email announcement!
2021/01/19 10:00 12:00 Seminarraum Abhaltung KU fix/
2021/01/19 13:00 17:00 Seminarraum Abhaltung KU fix/
2021/01/19 13:00 17:00 Seminarraum Abhaltung KU fix/
2021/01/20 10:00 12:00 Seminarraum Abhaltung KU fix/
2021/01/20 13:00 17:00 Seminarraum Abhaltung KU fix/
2021/01/21 10:00 12:00 Seminarraum Abhaltung KU fix/
2021/01/21 13:00 17:00 Seminarraum Abhaltung KU fix/

Lecturers

Daniel Gruß
Daniel
Gruß

Assistant Professor

View more
Vedad Hadzic
Vedad
Hadzic

PhD Student

View more
Martin Schwarzl
Martin
Schwarzl

PhD Student

View more
Samuel Weiser
Samuel
Weiser

PostDoc

View more

Teaching Assistants

Michael Ehrenreich
Michael
Ehrenreich


Lukas Anton Lamster
Lukas Anton
Lamster


Marcel Nageler
Marcel
Nageler