Syllabus
Topics
Memory Safety
This course focuses on memory safety because memory safety bugs account for around 70% of software vulnerabilities. We will talk about the root causes, exploitation techniques, and defenses.
- Causes
- Buffer overflows
- Use-After-Free
- Format string vulnerability
- Exploitations
- ret2libc
- Return-oriented Programming (ROP)
- Defenses
- Run-time mitigations
- Retrofitting memory safety into C/C++
- Fuzz testing
- Safe languages
Type Safety
Besides being memory-unsafe, the two mainstream systems programming languages, C and C++, are also weakly-typed, thus allowing type conversion/confusion bugs that lead to security vulnerabilities. We will discuss common type safety errors and their countermeasures.
Least Privilege Principle
Privilege escalation is a buggy program exercising more power (privilege) than it should. We will discuss how to mitigate this problem, even when the victim program is already compromised.
Learning Materials
Readings
This course uses online articles, research papers, and Mathias Payer's free textbook Software Security: Principles, Policies, and Protection.
In addition, the following books are good references:
- Hacking: The Art of Exploitation 2/e, by Jon Erickson
- Software Security: Building Security In, by Gary McGraw
- Computer Security: A Hands-on Approach 2/e, by Wenliang Du
Tools
One core technique you need and you will learn in this course is how to examine programs in memory. To this end, the most common tool is a debugger, and one of the most common debuggers for low-level software is GDB. You need to be familiar with it for solving machine problems. Below are good resources for learning GDB. In addition, the Hacking book by Erickson mentioned above also offers useful materials.
More on Memory Safety
Since memory safety is the focus of this course, curious students are strongly encouraged to explore this topic further. See this compilation of classic memory safety publications.