Software Security (CS 52700), Fall 16

Course Overview

This course focuses on software security fundamentals, secure coding guidelines and principles, and advanced software security concepts. Students will learn to assess and understand threats, learn how to design and implement secure software systems, and get hands-on experience with common security pitfalls.

The course consists of two lectures per week (50 minutes each) and a 2-hour lab.

Instructor : Byoungyoung Lee (email: byoungyoung@purdue.edu)
TA : Chen Feng (email: fang102@purdue.edu)
Lecture: 2:30 pm - 3:20 pm (Mon & Wed) at Felix Haas Hall G066.
Lab: 2:30pm - 4:20pm (Fri) at Felix Haas Hall G056 (by annoucements)
Office hour: 3:30 pm - 4:30 pm (Mon & Wed) at LWSN 1187

Schedule

Date	Slides	Reading material
08/22	Introduction
08/24	Memory corruption
08/29	Attacks on Memory Corruption
09/07	Defenses on Memory Corruption
09/11	Bug finding: symbolic execution	KLEE
09/19	Bug finding: fuzzing	The reliability of UNIX utilities
09/21	Automated exploitation generation	AEG
09/26	Jailbreaking
09/28	Memory safety	Pointer-based checking (SoftBound, etc.)
10/03	Research projects mid-presentation
10/05	Memory error detection	Address Sanitizer
10/10	No class (October break)
10/12	Runtime defense - ASLR	ASLR-guard
10/17	Runtime defense - CFI	Control-Flow Integrity
10/19	Midterm exam
10/24	No class
10/26	Guest Lecture (TBD)
10/31	Software Fault Isolation	NaCl
11/02	Browser Security	Chrome Security Architecture
11/09	Intrusion Detection	Intrusion Detection Mimicry attacks
11/14	Side-channel Attacks
11/16	Malware analysis	Ether
11/23	Mobile Security
11/30	Trusted computing	Haven
12/05	Attacks/Defenses on Trusted computing	Controlled-Channel Attacks
12/07	Research projects final-presentation
12/12	Final exam

This schedule is subject to change, and changes will be announced in class or emailed if necessary.

Lab

Grading

Midterm exam: 20%
Final exam: 20%
Lab assignments: 30%
Research projects: 30%

For academic honesty refer to the Purdue integrity/code of conduct; Except as by prior arrangement or notification by the professor of an extension before the deadline, missing or late work will be counted as a zero/fail.

Course Policy

This course will be run under the "reasonable adults" policy wherein it is assumed that all students are reasonable adults that want to benefit the most of the course by attending the course regularly, completing the homework assignments and projects on time, asking questions during the course and if they run into problems, and checking back with the instructor and the TA regularly to ensure good progress.

A more detailed version of the policy is available on Spaf's page. CS-527 follows the policies listed on that page. If you have any question about the course policy, don't hesitate to ask the instructor or the TA.

As a short summary: (i) you are expected to attend all classes (modulo good reasons), (ii) you are supposed to hand in all work before the deadlines (there's a 10% point reduction per day for late hand-ins), (iii) if you need special treatment or have special circumstances, talk to the instructor or TA.

Acknowledgment

Lecture slides are built with the help of Prof. Mathias Payer's class.
Lab assignments are built based on Prof. Taesoo Kim's class.