Secure Software Development (WS 2021/22)

Course Number 705022 and 705023 | Wintersemester 2021/22

Content

This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve “memory safety”. We will discuss methods for debugging and bug discovery as well.

Material

You can find the practicals and exam hacklets descriptions here: Material
The slides are available here after the end of each lecture.

Date Type Topic Lecturer Material
Fr 01.10.2021 12:00 VO Organizational + Introduction I Daniel, Martin Slides
We 06.10.2021 10:15 KU Warmup handout David, Andreas Slides
Fr 08.10.2021 12:00 VO Introduction II Daniel
We 13.10.2021 10:15 KU Defenselets handout Andreas, Nikolaus, Lukas Slides
Fr 15.10.2021 12:00 VO Memory Corruption I Martin, Marcel Slides
We 20.10.2021 10:15 KU Defenselets I Andreas, Nikolaus, Lukas Slides
Fr 22.10.2021 12:00 VO Memory Corruption II Martin, Marcel Slides
We 27.10.2021 10:15 KU Defenselets II Andreas, Nikolaus, Lukas Slides
Fr 29.10.2021 12:00 VO Exploits Vedad SlidesAnnotated
We 03.11.2021 10:15 KU Question hour Andreas, Nikolaus, Lukas
Fr 05.11.2021 12:00 VO Finding Bugs I Vedad SlidesAnnotated
We 10.11.2021 10:15 KU Defensive handout David, Katharina Slides
Fr 12.11.2021 12:00 VO Finding Bugs II Vedad SlidesAnnotated
We 17.11.2021 10:15 KU Defensive I David, Katharina
Fr 19.11.2021 12:00 VO Defensive I Martin, Andreas Slides
Fr 26.11.2021 12:00 VO Defensive II Martin, Andreas Slides1Slides2
We 01.12.2021 10:15 KU Question hour David, Katharina
Fr 03.12.2021 12:00 VO Defensive III Lukas P. Slides
Fr 10.12.2021 12:00 VO Invited topic Invited speaker Slides

Administrative Information

Teaching Venue

This semester all lectures and tutorials are streamed online via Youtube. Questions can be asked via Youtube and Discord. We will have Discord live sessions with voice chat as well as text channels throughout the whole semester.

The links to the streams and to Discord will be distributed per mail ahead of time, so make sure to register for the lecture and the practicals in TUGOnline.

How to get a grade for the lecture?

Written or Oral Exam (possibly virtual). Optional hacklets can be solved during the semester to earn bonus points for the exam.

How to get a grade for the practicals?

The grade consists of multiple practical assignments in combination with oral exams (possibly virtual).

Contact

  • Please contact us under ssd@iaik.tugraz.at or in the Discord channel which you will receive per mail.

Below you can find the lecture dates exported from TUGOnline.

Lecturers

Daniel Gruß
Daniel
Gruß

Assistant Professor

View more
Vedad Hadzic
Vedad
Hadzic

PhD Student

View more
Andreas Kogler
Andreas
Kogler

PhD Student

View more
David Schrammel
David
Schrammel

PhD Candidate

View more