Overview

CSCI 1650 covers software exploitation techniques and state-of-the-art mechanisms for protecting (vulnerable) software. The course begins with a summary of prevalent software defects, typically found in applications written in memory unsafe languages, like C/C++, and proceeds with studying traditional and modern exploitation techniques, ranging from classical code injection and code reuse up to the newest goodies (e.g., JIT-ROP, Blind ROP). For the most part, it focuses on defenses against certain vulnerability classes and the way(s) to bypass them. Students will be introduced to advanced software exploitation techniques and countermeasures, and study (in depth) the boundaries and effectiveness of standard hardening mechanisms, such as address space randomization and stack and heap protections.

Prerequisites

Grading

10% Participation
60% Assignments (CTF-like write-ups)
10% Midterm
20% Final

Acknowledgments

This course would not be possible without the support and assistance of the following people:

Meetings

  • Monday 3PM – 5:20PM (M hour)
  • CIT 477 (Lubrano)

Instructor

Vasileios (Vasilis) Kemerlis

Teaching Assistant

Frederick Rice
  • echo @cs.brown.edu|sed 's/^/frice/'
  • CIT 506 (Wed. 6PM – 8PM)

Announcements

11/20/2017 Lecture 0x9 posted.
11/17/2017 Assignment 0x3 is due on 11/24/2017.
11/13/2017 Lecture 0x8 posted.
11/10/2017 Assignment 0x3 posted.
11/06/2017 Lecture 0x7 posted.
11/03/2017 Assignment 0x2 is due today.
10/30/2017 Hack Day!
10/30/2017 Midterm exam.
10/27/2017 Assignment 0x2 is due on 11/03/2017.
10/23/2017 Lecture 0x6 posted.
10/23/2017 Midterm is on 10/30/2017.
10/20/2017 Assignment 0x2 posted.
10/20/2017 Assignment 0x1 is due today.
10/16/2017 Lecture 0x5 posted.
10/13/2017 Assignment 0x1 is due on 10/20/2017.
10/09/2017 No class today.
10/06/2017 Assignment 0x1 posted.
10/02/2017 Lecture 0x4 posted.
09/25/2017 Lecture 0x3 posted.
09/18/2017 Lecture 0x2 posted.
09/11/2017 Lecture 0x1 posted.
09/06/2017 Welcome to CSCI 1650!