Secure Software Development
Table of Content
This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve “memory safety”. We will discuss methods for debugging and bug discovery as well.
- This course replaces the Security Aspects in Software Development course: WS2019/2020
- More information and course modalities are provided on the material pages
- The slides are available here after the end of each lecture
|Fr 02.10.2020 12:00||Lecture||Organizational + Introduction I||Daniel||00-lecture-intro.pdf|
|We 07.10.2020 10:00||Tutorium||Warmup assignment handout||Martin, Samuel||slides, examples|
|Fr 09.10.2020 12:00||Lecture||Introduction II||Daniel||01-intro_low_level_1|
|We 14.10.2020 10:00||Tutorium||H1+H2 assignment handout||Marcel, Martin||slides-assignment,slides-rop1, examples|
|Fr 16.10.2020 12:00||Lecture||Memory Corruption I||Martin||slides|
|We 21.10.2020 10:00||Tutorium||Exploits I||Marcel, Martin||slides-rop1, examples|
|Fr 23.10.2020 12:00||Lecture||Memory Corruption II||Martin||Slides|
|Fr 23.10.2020 23:59||Deadline||Warmup assignment||–||–|
|We 28.10.2020 10:00||Tutorium||Exploits II||Marcel, Martin||slides-rop2, examples|
|Fr 30.10.2020 12:00||Lecture||Exploits||Vedad||04-exploits|
|We 04.11.2020 10:00||Tutorium||Question hour||Marcel, Martin||–|
|Fr 06.11.2020 12:00||Lecture||Finding Bugs I||Vedad||05-finding_bugs_1|
|Fr 06.11.2020 23:59||Deadline||H1 assignment||–||–|
|We 11.11.2020 10:00||Tutorium||D1+D2 assignment handout||Lukas, Vedad||assignment-2-handout|
|Fr 13.11.2020 12:00||Lecture||Finding Bugs II||Vedad||06-finding_bugs_2|
|Fr 13.11.2020 23:59||Deadline||H2 assignment||–||–|
|We 18.11.2020 10:00||Tutorium||Defensive I||Lukas||examples|
|Fr 20.11.2020 12:00||Lecture||Defensive I||Samuel||07-defensive|
|We 25.11.2020 10:00||Tutorium||Defensive II||Samuel||examples|
|Fr 27.11.2020 12:00||Lecture||Defensive II||Samuel||08-countermeasures1|
|We 02.12.2020 10:00||Tutorium||Defensive III (Rust)||Invited speaker||07-rust|
|Fr 04.12.2020 12:00||Lecture||Defensive III||Samuel||09-countermeasures2|
|We 09.12.2020 10:00||Tutorium||Question hour||Lukas, Vedad|
|Fr 11.12.2020 23:59||Deadline||D1 assignment||–||–|
|We 16.12.2020 10:00||Tutorium||D3 assignment handout||Michael||08-assignment-3-handout|
|Fr 18.12.2020 12:00||Lecture Exam||Final exam||–||–|
|Fr 18.12.2020 23:59||Deadline||D2 assignment||–||–|
|Fr 08.01.2021 23:59||Deadline||D3 assignment||–||–|
|Mi 13.01.2021||Lecture Exam||Final exam (second slot)||–||–|
|18-22.01.2021||Oral Exam||Oral exam for practicals||–||–|
|Lecture Exam||Final exam (third slot)||–||–|
This semester all lectures and tutorials are streamed online via Youtube. Questions can be asked via Youtube and Discord. We will have Discord live sessions with voice chat as well as text channels throughout the whole semester.
How to get a grade for the lecture?
Written or Oral Exam (possibly virtual). Optional hacklets can be solved during the semester to earn bonus points for the exam.
How to get a grade for the practicals?
The grade consists of multiple practical assignments in combination with oral exams (possibly virtual).
- Please contact us under firstname.lastname@example.org or in the Discord channel which you will receive per mail.
Below you can find the lecture dates exported from TUGOnline.