Content
This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve "memory safety". We will discuss methods for debugging and bug discovery as well.
Material
IMPORTANT-INFORMATION
- This course replaces the Security Aspects in Software Development course: WS2019/2020
- More information and course modalities are provided on the material pages
- The slides are available here after the end of each lecture
Date |
Type |
Topic |
Lecturer |
Material |
Fr 02.10.2020 12:00 |
Lecture |
Organizational + Introduction I |
Daniel |
00-lecture-intro.pdf |
We 07.10.2020 10:00 |
Tutorium |
Warmup assignment handout |
Martin, Samuel |
slides, examples |
Fr 09.10.2020 12:00 |
Lecture |
Introduction II |
Daniel |
01-intro_low_level_1 |
We 14.10.2020 10:00 |
Tutorium |
H1+H2 assignment handout |
Marcel, Martin |
slides-assignment,slides-rop1, examples |
Fr 16.10.2020 12:00 |
Lecture |
Memory Corruption I |
Martin |
slides |
We 21.10.2020 10:00 |
Tutorium |
Exploits I |
Marcel, Martin |
slides-rop1, examples |
Fr 23.10.2020 12:00 |
Lecture |
Memory Corruption II |
Martin |
Slides |
Fr 23.10.2020 23:59 |
Deadline |
Warmup assignment |
- |
- |
We 28.10.2020 10:00 |
Tutorium |
Exploits II |
Marcel, Martin |
slides-rop2, examples |
Fr 30.10.2020 12:00 |
Lecture |
Exploits |
Vedad |
04-exploits |
We 04.11.2020 10:00 |
Tutorium |
Question hour |
Marcel, Martin |
- |
Fr 06.11.2020 12:00 |
Lecture |
Finding Bugs I |
Vedad |
05-finding_bugs_1 |
Fr 06.11.2020 23:59 |
Deadline |
H1 assignment |
- |
- |
We 11.11.2020 10:00 |
Tutorium |
D1+D2 assignment handout |
Lukas, Vedad |
assignment-2-handout |
Fr 13.11.2020 12:00 |
Lecture |
Finding Bugs II |
Vedad |
06-finding_bugs_2 |
Fr 13.11.2020 23:59 |
Deadline |
H2 assignment |
- |
- |
We 18.11.2020 10:00 |
Tutorium |
Defensive I |
Lukas |
examples |
Fr 20.11.2020 12:00 |
Lecture |
Defensive I |
Samuel |
07-defensive |
We 25.11.2020 10:00 |
Tutorium |
Defensive II |
Samuel |
examples |
Fr 27.11.2020 12:00 |
Lecture |
Defensive II |
Samuel |
08-countermeasures1 |
We 02.12.2020 10:00 |
Tutorium |
Defensive III (Rust) |
Invited speaker |
07-rust |
Fr 04.12.2020 12:00 |
Lecture |
Defensive III |
Samuel |
09-countermeasures2 |
We 09.12.2020 10:00 |
Tutorium |
Question hour |
Lukas, Vedad |
|
Fr 11.12.2020 23:59 |
Deadline |
D1 assignment |
- |
- |
We 16.12.2020 10:00 |
Tutorium |
D3 assignment handout |
Michael |
08-assignment-3-handout |
Fr 18.12.2020 12:00 |
Lecture Exam |
Final exam |
- |
- |
Fr 18.12.2020 23:59 |
Deadline |
D2 assignment |
- |
- |
Fr 08.01.2021 23:59 |
Deadline |
D3 assignment |
- |
- |
Mi 13.01.2021 |
Lecture Exam |
Final exam (second slot) |
- |
- |
18-22.01.2021 |
Oral Exam |
Oral exam for practicals |
- |
- |
29.01.2021 Mid of Feb. 2021
|
Lecture Exam |
Final exam (third slot) |
- |
- |
Administrative Information
Teaching Venue
This semester all lectures and tutorials are streamed online via
Youtube. Questions can be asked via Youtube and Discord. We will have Discord live sessions with voice chat as well as text channels throughout the whole semester.
The links to the streams and to Discord will be distributed per mail ahead of time, so make sure to register for the
lecture and the
practicals in TUGOnline.
How to get a grade for the lecture?
Written or Oral Exam (possibly virtual). Optional hacklets can be solved during the semester to earn bonus points for the exam.
How to get a grade for the practicals?
The grade consists of multiple practical assignments in combination with oral exams (possibly virtual).
Contact
- Please contact us under ssd@iaik.tugraz.at or in the Discord channel which you will receive per mail.
Below you can find the lecture dates exported from TUGOnline.
Lecturers