Syllabus
Topics (Tentative)
Memory Safety
This course focuses on memory safety because memory safety bugs account for around 70% of software vulnerabilities. We will talk about the root causes, exploitation techniques, and defenses.
- Causes
- Buffer overflows
- Use-After-Free
- Format string vulnerability
- Exploitations
- ret2libc
- Return-oriented Programming (ROP)
- Heap spraying and heap feng shui
- Defenses
- Run-time mitigations
- Retrofitting memory safety into C/C++
- Static analysis and fuzz testing
- Safe languages
Type Safety
Besides being memory-unsafe, the two mainstream systems programming languages, C and C++, are also weakly-typed, thus allowing type conversion/confusion bugs that lead to security vulnerabilities. We will discuss common type safety errors and their countermeasures.
Least Privilege Principle
Privilege escalation is a buggy program exercising more power (privilege) than it should. We will discuss how to mitigate this problem, even when the victim program is already compromised.
Learning Materials
Readings
This course uses online articles, research papers, and Mathias Payer's Software Security: Principles, Policies, and Protection. Reading assignments for lectures will be posted in the course schedule at least one week prior to each lecture.
In addition, the following books are good references when you have an appetite for extra information:
- Hacking: The Art of Exploitation 2/e, by Jon Erickson
- Software Security: Building Security In, by Gary McGraw
Tools
One core technique you need and you will learn in this course is how to examine programs in memory. To this end, the most common tool is a debugger, and one of the most common debuggers for low-level software is GDB. You need to be familiar with it for programming assignments. Below are good resources for learning GDB. In addition, the Hacking book by Erickson mentioned above also offers useful materials.
More on Memory Safety
Since memory safety is the focus of this course, curious students are strongly encouraged to explore this topic further. See this compilation of classic memory safety publications.