Secure Software Development (WS 2021/22)
Table of Content
Content
This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve “memory safety”. We will discuss methods for debugging and bug discovery as well.
Material
You can find the practicals and exam hacklets descriptions here: Material
The slides are available here after the end of each lecture.
| Date | Type | Topic | Lecturer | Material |
|---|---|---|---|---|
| Fr 01.10.2021 12:00 | VO | Organizational + Introduction I | Daniel, Martin | Slides |
| We 06.10.2021 10:15 | KU | Warmup handout | David, Andreas | Slides |
| Fr 08.10.2021 12:00 | VO | Introduction II | Daniel | – |
| We 13.10.2021 10:15 | KU | Defenselets handout | Andreas, Nikolaus, Lukas | Slides |
| Fr 15.10.2021 12:00 | VO | Memory Corruption I | Martin, Marcel | Slides |
| We 20.10.2021 10:15 | KU | Defenselets I | Andreas, Nikolaus, Lukas | Slides |
| Fr 22.10.2021 12:00 | VO | Memory Corruption II | Martin, Marcel | Slides |
| We 27.10.2021 10:15 | KU | Defenselets II | Andreas, Nikolaus, Lukas | Slides |
| Fr 29.10.2021 12:00 | VO | Exploits | Vedad | Slides – Annotated |
| We 03.11.2021 10:15 | KU | Question hour | Andreas, Nikolaus, Lukas | – |
| Fr 05.11.2021 12:00 | VO | Finding Bugs I | Vedad | Slides – Annotated |
| We 10.11.2021 10:15 | KU | Defensive handout | David, Katharina | Slides |
| Fr 12.11.2021 12:00 | VO | Finding Bugs II | Vedad | Slides – Annotated |
| We 17.11.2021 10:15 | KU | Defensive I | David, Katharina | – |
| Fr 19.11.2021 12:00 | VO | Defensive I | Martin, Andreas | Slides |
| Fr 26.11.2021 12:00 | VO | Defensive II | Martin, Andreas | Slides1–Slides2 |
| We 01.12.2021 10:15 | KU | Question hour | David, Katharina | – |
| Fr 03.12.2021 12:00 | VO | Defensive III | Lukas P. | Slides |
| Fr 10.12.2021 12:00 | VO | Invited topic | Invited speaker | Slides |
Administrative Information
Teaching Venue
This semester all lectures and tutorials are streamed online via Youtube. Questions can be asked via Youtube and Discord. We will have Discord live sessions with voice chat as well as text channels throughout the whole semester.
The links to the streams and to Discord will be distributed per mail ahead of time, so make sure to register for the lecture and the practicals in TUGOnline.
How to get a grade for the lecture?
Written or Oral Exam (possibly virtual). Optional hacklets can be solved during the semester to earn bonus points for the exam.
How to get a grade for the practicals?
The grade consists of multiple practical assignments in combination with oral exams (possibly virtual).
Contact
- Please contact us under ssd@iaik.tugraz.at or in the Discord channel which you will receive per mail.
Below you can find the lecture dates exported from TUGOnline.
