Schedule
SS3: Software Security: Principles, Policies, and Protection, by Mathias Payer
Note: Readings marked with “(*)” are usually more advanced and are optional for those who are curious to explore the topic further.
| Week | Date | Topic | Readings | Slides |
|---|---|---|---|---|
| 1 | 8/26 | Intro & Security Principles | SS3P Chap. 1, 2.3, 2.7–2.8 | |
| Information Protection Abstract, Sec. I.A | ||||
| (*) Reflections on Trusting Trust | ||||
| 2 | 9/2 | Memory & Buffer Overflows | SS3P Chap. 4.1, 4.2.1 | |
| Memory Layout of C Programs | ||||
| Smashing the Stack for Fun and Profit | ||||
| ret2libc | ||||
| (*) Getting around non-executable stack | ||||
| (*) Lifetime of Hello World | ||||
| 3 | 9/9 | Return-oriented Programming & More Overflows | Innocent Flesh on the Bone Sec. 1–3 | |
| 4 | 9/16 | Use-After-Free & Format String Vulnerabilities | SS3P Chap. 4.2.2 | |
| SeMalloc Sec. 2.1 | ||||
| TESO's Format String Paper Sec. 1–3 | ||||
| 5 | 9/23 | Course review & Address Space Layout Randomization | SS3P Chap. 6.4.2 | |
| ASLR | ||||
| (*) ASLR Evaluation 2004 | ||||
| (*) ASLR Evaluation 2024 | ||||
| 6 | 9/30 | Control-flow Integrity | SS3P Chap. 6.4.3, 6.4.6 | |
| Shining Light on Shadow Stacks Sec. 1–3 | ||||
| CFI Sec. 1, Sec.3 | ||||
| 7 | 10/7 | Testing and Fuzzing | SS3P Chap. 6 intro, 6.3.1, 6.3.3 | |
| 8 | 10/14 | Memory Isolation | SS3P Chap. 6.4.8 | |
| SFI Sec.1–3 | ||||
| Page table entries | ||||
| libmpk Sec. 2 | ||||
| (*) Hodor | ||||
| (*) Silhouette | ||||
| 9 | 10/21 | Least Privilege Principle & Software Compartmentalization | SS3P Chap. 2.5, 2.6 | |
| AutoPriv Sec. 1–2 | ||||
| (*) Software Compartmentalization | ||||
| 10 | 10/28 | Address Sanitizer & Pointer-based Memory Safety | SS3P 6.3.2 | |
| ASan Section 1–3 | ||||
| SoftBoundCETS Sec. 1–2 | ||||
| 11 | 11/4 | Type Safety & Safe Programming Languages | SS3P Sec. 4.3 | |
| HexType Sec. 1–2 | ||||
| Checked C Sec. 1, Sec. 3 | ||||
| 12 | 11/11 | AI for Software Security & Course review | TBD | |
| 13 | 11/18 | Exam | ||
| 14 | 11/25 | No class. Thanksgiving | ||
| 15 | 12/2 | Students-led Paper Presentation |