Secure Software Development

Course Number 705022 and 705023 | Wintersemester 2020/21

Content

This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve "memory safety". We will discuss methods for debugging and bug discovery as well.

Material

IMPORTANT-INFORMATION

  • This course replaces the “Security Aspects in Software Development” course: WS2019/2020

Contact

Administrative Information

Previous Knowledge

Information Security course (INP.33504UF and INP.33503UF)

Prerequisites Curriculum

See position in the curriculum

Objective

After this course you understand the concept of "memory safety" and the various memory corruption vulnerabilities (buffer overflow, integer overflows, use-after-free, double free, uninitialized data, type confusion, etc.) violating it. You know how to detect, exploit and mitigate such vulnerabilities. Furthermore, you know about various runtime mitigation techniques and are able to assess their (in)effectiveness in practice. You know the principles of defensive programming.

Language

English

Teaching Method

All lectures are streamed online. Some lectures will have the option for physical attendance in the lecture hall.

How to get a grade

Written or Oral Exam (possibly virtual). Optional hacklets can be solved during the semester to earn bonus points for the exam.

Registration

https://online.tugraz.at/tug_online/sa.gruppen_einteilung?clvnr=242921&corg=983

Lecture Dates

Date Begin End Location Event Type Comment
2020/10/02 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2020/10/07 10:00 11:00 Seminarraum Abhaltung KU fix/
2020/10/07 10:15 11:00 HS i12 "BearingPoint Hörsaal" Abhaltung KU fix/
2020/10/09 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2020/10/09 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/findet gemeinsam mit LV INP.33404UF statt
2020/10/14 10:15 11:00 HS i12 "BearingPoint Hörsaal" Abhaltung KU fix/
2020/10/14 10:15 11:00 HS i12 "BearingPoint Hörsaal" Abhaltung KU fix/
2020/10/16 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2020/10/21 10:15 11:00 HS i12 "BearingPoint Hörsaal" Abhaltung KU fix/
2020/10/23 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2020/11/11 10:15 11:00 HS i12 "BearingPoint Hörsaal" Abhaltung KU fix/
2020/11/11 10:15 11:00 Seminarraum Abhaltung KU fix/
2020/11/13 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2020/11/18 10:15 11:00 HS i12 "BearingPoint Hörsaal" Abhaltung KU fix/
2020/11/20 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2020/11/25 10:15 11:00 HS i12 "BearingPoint Hörsaal" Abhaltung KU fix/
2020/11/27 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2020/12/02 10:15 11:00 HS i12 "BearingPoint Hörsaal" Abhaltung KU fix/
2020/12/04 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2020/12/09 10:15 11:00 Seminarraum Abhaltung KU fix/
2020/12/16 10:15 11:00 HS i12 "BearingPoint Hörsaal" Abhaltung KU fix/
2020/12/18 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2021/01/08 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2021/01/13 10:15 11:00 HS i12 "BearingPoint Hörsaal" Abhaltung KU fix/
2021/01/15 12:00 14:00 HS i12 "BearingPoint Hörsaal" Abhaltung VO fix/
2021/01/20 10:00 12:00 Seminarraum Abhaltung KU fix/
2021/01/20 13:00 17:00 Seminarraum Abhaltung KU fix/
2021/01/21 13:00 17:00 Seminarraum Abhaltung KU fix/

Lecturers

Daniel Gruß
Daniel
Gruß

Assistant Professor

View more
Vedad Hadzic
Vedad
Hadzic

PhD Student

View more
Martin Schwarzl
Martin
Schwarzl

PhD Student

View more
Samuel Weiser
Samuel
Weiser

PostDoc

View more