Secure Software Development (WS 2022/23)

Course Number 705022 and 705023 | Wintersemester 2022/23

Content

This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve “memory safety”. We will discuss methods for debugging and bug discovery as well.

Material

The slides are available here after the end of each lecture.

The practicals, an explanation about the lecture, exam hacklets, and old exams can be found here: Material

 

Date Type Topic Lecturer Material
05.10.2022 10:15 KU Organizational + Warmup handout David, Andreas Slides
06.10.2022 12:00 VO Intro Daniel Slides
12.10.2022 10:15 KU Tools Andreas, David Slides
14.10.2022 12:00 VO Low Level / C++ Objects Daniel Slides
19.10.2022 10:15 KU Defenselets Handout David, Ferdinand Slides
21.10.2022 12:00 VO Memory Corruption I Marcel, Martin Slides
28.10.2022 12:00 VO Memory Corruption II Marcel, Martin Slides
04.11.2022 12:00 VO Exploits Vedad Slides
09.11.2022 10:15 KU
16.11.2022 10:15 KU Handout Defensive Slides
18.11.2022 12:00 VO Finding Bugs I Slides
23.11.2022 10:15 KU
23.11.2022 13:00 VO Finding Bugs II Slides
30.11.2022 13:00 VO Defensive Programming Slides
30.11.2022 10:15 KU
02.12.2022 12:00 VO Countermeasures Slides
07.12.2022 10:15 KU
09.12.2022 12:00 VO Exam
14.12.2022 10:15 KU
11.01.2023 10:15 KU
13.01.2023 12:00 VO
17.01.2023 10:00 KU
18.01.2023 10:15 KU
19.01.2023 10:00 KU
20.01.2023 12:00 VO
25.01.2023 10:15 KU
27.01.2023 12:00 VO

Administrative Information

Contact

  • Please contact us under ssd@iaik.tugraz.at or in the Discord channel which you will receive per mail.

 

Below you can find the lecture dates exported from TUGOnline.

Lecturers

Teaching Assistants