Schedule
SS3: Software Security: Principles, Policies, and Protection, by Mathias Payer
Note: Readings marked with “(*)” are usually more advanced and are optional for those who are curious to explore the topic further.
| Week | Date | Topic | Readings | Slides |
|---|---|---|---|---|
| 1 | 8/25 | Intro & Security Principles | SS3P Chap. 1, 2.3, 2.7–2.8 | Slides |
| Information Protection Abstract, Sec. I.A | ||||
| (*) Reflections on Trusting Trust | ||||
| 2 | 9/1 | No class. Labor Day | ||
| 3 | 9/8 | Memory & Buffer Overflows | SS3P Chap. 4.1, 4.2.1 | Slides |
| Memory Layout of C Programs | ||||
| Smashing the Stack for Fun and Profit | ||||
| ret2libc | ||||
| (*) Getting around non-executable stack | ||||
| (*) Lifetime of Hello World | ||||
| 4 | 9/15 | Return-oriented Programming & More Overflows | Innocent Flesh on the Bone Sec. 1–3 | Slides |
| 5 | 9/22 | Use-After-Free & Format String Vulnerabilities | SS3P Chap. 4.2.2 | Slides |
| SeMalloc Sec. 2.1 | ||||
| TESO's Format String Paper Sec. 1–3 | ||||
| 6 | 9/29 | Course Review & Address Space Layout Randomization | SS3P Chap. 6.4.2 | Slides |
| ASLR | ||||
| (*) ASLR Evaluation 2004 | ||||
| (*) ASLR Evaluation 2024 | ||||
| 7 | 10/6 | No class. Instructor traveling. | ||
| 8 | 10/13 | Control-flow Integrity | SS3P Chap. 6.4.3, 6.4.6 | Slides |
| Shining Light on Shadow Stacks Sec. 1–3 | ||||
| CFI Sec. 1, Sec.3 | ||||
| 9 | 10/20 | Testing and Fuzzing | SS3P Chap. 6 intro, 6.3.1, 6.3.3 | Slides |
| 10 | 10/27 | Memory Isolation | SS3P Chap. 6.4.8 | Slides |
| SFI Sec.1–3 | ||||
| Page table entries | ||||
| libmpk Sec. 2 | ||||
| (*) Hodor | ||||
| (*) Silhouette | ||||
| 11 | 11/3 | Least Privilege Principle & Compartmentalization | SS3P Chap. 2.5, 2.6 | |
| AutoPriv Sec. 1–2 | ||||
| (*) Software Compartmentalization | ||||
| 12 | 11/10 | Address Sanitizing & Pointer-based Memory Safety | SS3P 6.3.2 | |
| ASan Section 1–3 | ||||
| SoftBoundCETS Sec. 1–2 | ||||
| 13 | 11/17 | Type Safety & Safe Programming Languages | SS3P Sec. 4.3 | |
| HexType Sec. 1–2 | ||||
| Checked C Sec. 1, Sec. 3 | ||||
| 14 | 11/24 | No class. Thanksgiving | ||
| 15 | 12/1 | Course Review & Students-led Paper Discussion | ||
| 16 | 12/8 | Students-led Paper Discussion |