Schedule
SS3: Software Security: Principles, Policies, and Protection, by Mathias Payer
Note: Readings marked with “(*)” are usually more advanced and are optional for those who are curious to explore the topic further.
| Week | Date | Topic | Readings |
|---|---|---|---|
| 1 | Thu 8/22 | Introduction | SS3P Chap. 1, Chap. 2.3, Chap. 2.7–2.8 |
| 2 | Tue 8/27 | Security Principles | Information Protection Abstract, Sec. I.A |
| Thu 8/29 | Anatomy of a Program in Memory | Memory Layout of C Programs | |
| Program in Memory | |||
| (*) Lifetime of Hello World | |||
| 3 | Tue 9/3 | Buffer Overflows | SS3P Chap. 4.1, Chap. 4.2.1 |
| Smashing the Stack for Fun and Profit | |||
| Thu 9/5 | Return-to-libc Attack | Return-to-libc / ret2libc | |
| Getting around non-executable stack | |||
| 4 | Tue 9/10 | Return-oriented Programming | Innocent Flesh on the Bone Sec. 1–3 |
| Thu 9/12 | Integer Overflows and Heap Overflows | ||
| 5 | Tue 9/17 | Use-after-Free | SS3P Chap. 4.2.2 |
| SeMalloc Sec. 2.1 | |||
| Thu 9/19 | Format String Vulnerabilities | TESO's Format String Paper Sec. 1–3 | |
| 6 | Tue 9/24 | Addres Space Layout Randomization | SS3P Chap. 6.4.2 |
| ASLR | |||
| (*) ASLR Evaluation 2004 | |||
| (*) ASLR Evaluation 2024 | |||
| Thu 9/26 | Instructor traveling. No Class. | ||
| 7 | Tue 10/1 | Stack Canaries and Shadow Stacks | SS3P Chap. 6.4.3 |
| Shining Light on Shadow Stacks Sec. 1–3 | |||
| Thu 10/3 | Control-flow Integrity (CFI) | SS3P Chap. 6.4.6 | |
| CFI Sec. 1, Sec.3 | |||
| 8 | Tue 10/8 | Testing | SS3P Chap. 6 intro, Chap. 6.3.1 |
| Thu 10/10 | Fall break. No Class. | ||
| 9 | Tue 10/15 | Fuzzing | SS3P Chap. 6.3.3 |
| Thu 10/17 | Software-based Fault Isolation (SFI) | SS3P Chap. 6.4.8 | |
| SFI Sec.1–3 | |||
| 10 | Tue 10/22 | SFI (cont.) & Hardware-based Memory Isolation | Page table entries |
| Thu 10/24 | Hardware-based Memory Isolation Part 2 | libmpk Sec. 2 | |
| Silhouette Sec. 2 | |||
| (*) Hodor | |||
| 11 | Tue 10/29 | Least Privilege Principle | AutoPriv Sec. 1–2 |
| Thu 10/31 | Address Sanitizing | SS3P 6.3.2 | |
| ASan Section 1–3 | |||
| 12 | Tue 11/5 | Election day. No Class. | |
| Thu 11/7 | Pointer-based Memory Safety | SoftBoundCETS Sec. 1–2 | |
| 13 | Tue 11/12 | Object-based Memory Safety | Jones and Kelly's Sec. 1–3 |
| Thu 11/14 | Type Safety | SS3P Sec. 4.3 | |
| HexType Sec. 1–2 | |||
| 14 | Tue 11/19 | Safe Programming Languages | Checked C Sec. 1, Sec. 3 |
| Thu 11/21 | Course Review and Q & A | ||
| 15 | Tue 11/26 | Thanksgiving. No Class. | |
| Thu 11/28 | |||
| 16 | Tue 12/3 | Students-led Paper Discussion | |
| Thu 12/5 | Students-led Paper Discussion | ||
| 17 | Tue 12/10 | Students-led Paper Discussion |