Secure Software Development

Content

This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve "memory safety". We will discuss methods for debugging and bug discovery as well.

Material

IMPORTANT-INFORMATION

• This course replaces the Security Aspects in Software Development course: WS2019/2020
• More information and course modalities are provided on the material pages
• The slides are available here after the end of each lecture

Date	Type	Topic	Lecturer	Material
Fr 02.10.2020 12:00	Lecture	Organizational + Introduction I	Daniel	00-lecture-intro.pdf
We 07.10.2020 10:00	Tutorium	Warmup assignment handout	Martin, Samuel	slides, examples
Fr 09.10.2020 12:00	Lecture	Introduction II	Daniel	01-intro_low_level_1
We 14.10.2020 10:00	Tutorium	H1+H2 assignment handout	Marcel, Martin	slides-assignment,slides-rop1, examples
Fr 16.10.2020 12:00	Lecture	Memory Corruption I	Martin	slides
We 21.10.2020 10:00	Tutorium	Exploits I	Marcel, Martin	slides-rop1, examples
Fr 23.10.2020 12:00	Lecture	Memory Corruption II	Martin	Slides
Fr 23.10.2020 23:59	Deadline	Warmup assignment	-	-
We 28.10.2020 10:00	Tutorium	Exploits II	Marcel, Martin	slides-rop2, examples
Fr 30.10.2020 12:00	Lecture	Exploits	Vedad	04-exploits
We 04.11.2020 10:00	Tutorium	Question hour	Marcel, Martin	-
Fr 06.11.2020 12:00	Lecture	Finding Bugs I	Vedad	05-finding_bugs_1
Fr 06.11.2020 23:59	Deadline	H1 assignment	-	-
We 11.11.2020 10:00	Tutorium	D1+D2 assignment handout	Lukas, Vedad	assignment-2-handout
Fr 13.11.2020 12:00	Lecture	Finding Bugs II	Vedad	06-finding_bugs_2
Fr 13.11.2020 23:59	Deadline	H2 assignment	-	-
We 18.11.2020 10:00	Tutorium	Defensive I	Lukas	examples
Fr 20.11.2020 12:00	Lecture	Defensive I	Samuel	07-defensive
We 25.11.2020 10:00	Tutorium	Defensive II	Samuel	examples
Fr 27.11.2020 12:00	Lecture	Defensive II	Samuel	08-countermeasures1
We 02.12.2020 10:00	Tutorium	Defensive III (Rust)	Invited speaker	07-rust
Fr 04.12.2020 12:00	Lecture	Defensive III	Samuel	09-countermeasures2
We 09.12.2020 10:00	Tutorium	Question hour	Lukas, Vedad
Fr 11.12.2020 23:59	Deadline	D1 assignment	-	-
We 16.12.2020 10:00	Tutorium	D3 assignment handout	Michael	08-assignment-3-handout
Fr 18.12.2020 12:00	Lecture Exam	Final exam	-	-
Fr 18.12.2020 23:59	Deadline	D2 assignment	-	-
Fr 08.01.2021 23:59	Deadline	D3 assignment	-	-
Mi 13.01.2021	Lecture Exam	Final exam (second slot)	-	-
18-22.01.2021	Oral Exam	Oral exam for practicals	-	-
29.01.2021 Mid of Feb. 2021	Lecture Exam	Final exam (third slot)	-	-

Administrative Information

Teaching Venue

This semester all lectures and tutorials are streamed online via Youtube. Questions can be asked via Youtube and Discord. We will have Discord live sessions with voice chat as well as text channels throughout the whole semester. The links to the streams and to Discord will be distributed per mail ahead of time, so make sure to register for the lecture and the practicals in TUGOnline.

How to get a grade for the lecture?

Written or Oral Exam (possibly virtual). Optional hacklets can be solved during the semester to earn bonus points for the exam.

How to get a grade for the practicals?

The grade consists of multiple practical assignments in combination with oral exams (possibly virtual).

Contact

• Please contact us under ssd@iaik.tugraz.at or in the Discord channel which you will receive per mail.

  Below you can find the lecture dates exported from TUGOnline.

Lecturers