Secure Software Development (WS 2023/24)

Course Number 705022 and 705023 | Wintersemester 2023/24

Content

This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve “memory safety”. We will discuss methods for debugging and bug discovery as well.

Material

The slides are available here after the end of each lecture.

The practicals, an explanation about the lecture, exam hacklets, and old exams can be found here: Material

Date Type Topic Lecturer Material
2023-10-04 10:15 KU Warmup + Organization Slides
2023-10-06 12:00 VO Organization + Intro Daniel, Lukas, Marcel, Stefan, Vedad Slides
2023-10-11 10:15 KU Tools 1 Slides
2023-10-13 12:00 VO Low Level / C++ Objects Daniel Slides
2023-10-18 10:15 KU Defenselets 1
2023-10-20 12:00 VO Memory Corruption 1 Marcel, Stefan Slides
2023-10-25 10:15 KU Tools 2 / Question Hour
2023-10-27 12:00 VO Memory Corruption 2 Marcel, Stefan Slides
2023-11-03 12:00 VO Exploits Lukas Slides
2023-11-08 10:15 KU Defenselets 2
2023-11-10 12:00 VO Finding Bugs 1 Vedad Slides
2023-11-15 10:15 KU Question Hour
2023-11-17 12:00 VO Finding Bugs 2 Vedad Slides
2023-11-22 10:15 KU Question Hour
2023-11-24 12:00 VO Defensive Programming Lukas Slides
2023-11-29 10:15 KU Question Hour
2023-12-01 12:00 VO Countermeasures Lukas Slides
2023-12-06 10:15 KU Defensive Programming Slides
2023-12-13 10:15 KU Question Hour
2023-12-15 12:00 VO Christmas Special (?)
2024-01-10 10:15 KU Question Hour

Administrative Information

Contact

  • Please contact us under ssd@iaik.tugraz.at or in the Discord channel which you will receive per mail.

Below you can find the lecture dates exported from TUGOnline.

Lecturers

Daniel Gruß
Daniel
Gruß

Assistant Professor

View more
Vedad Hadzic
Vedad
Hadzic

PhD Student

View more
Lukas Maar
Lukas
Maar

PhD Student

View more
Marcel Nageler
Marcel
Nageler

PhD Student

View more
David Schrammel
David
Schrammel

PhD Candidate

View more