Topics in Software Security
|Meeting Time:||M: Mon 3:00-5:20|
|Exam Group:||13: 19-MAY-2017 Exam Time: 02:00:00 PM|
|Offered this year?||Yes|
|When Offered?||Most years|
This course investigates the state-of-the-art in software exploitation and defense. More specifically, the course is structured as a seminar where students present (along with the instructor) research papers to their peers. We will begin with a summary of prevalent software defects, typically found in applications written in memory unsafe languages, like C/C++, and proceed to surveying what we are up against: traditional and modern exploitation techniques, ranging from classical code injection and code reuse up to the newest goodies (e.g., JIT-ROP, Blind ROP). For the bulk part, we will be focusing on the latest advances in protection mechanisms, mitigation techniques, and tools against modern vulnerability classes and exploitation methods.
Familiarity with topics covered in 'Software Security and Exploitation' (CSCI1951-H) or 'Operating Systems' (CSCI1670) is essential.