Overview

CSCI 2951U investigates the state-of-the-art in software/systems exploitation and defense. More specifically, the course is structured as a seminar where students present (along with the instructor) research papers to their peers. We will begin with a summary of prevalent software- and hardware-related defects, which are typically found in applications written in memory unsafe languages, like C/C++, and/or contemporary architectures, such as x86 and ARM, and proceed to surveying what we are up against: traditional and modern exploitation techniques, ranging from classical code injection and code reuse up to the newest goodies, like JIT-ROP, Blind ROP, and software-based microarchitectural attacks. For the bulk part, we will be focusing on the latest advances in protection mechanisms, mitigation techniques, and tools against modern vulnerability classes and exploitation methods.

• syllabus.pdf

Course Format

Every week we will be discussing (a set of) research papers. Students are expected to read the assigned papers and write a short review (critique) before each class. In addition, one (or more) student(s) will do a short presentation about each paper for the day, which will be the starting point for our discussion(s).

In parallel, students will work on a semester-long project, on an open research problem, related to the topics covered in the course. Projects can have an offensive or defensive focus, or both, while projects relating to the students' own research interests are strongly encouraged—provided they also fit with the theme of the class.

Paper Reviews

Everyone, apart from the presenter(s), is expected to read the assigned reading(s) for the week and submit a constructive critique (review). The reviews should: (a) be at most a page long; (b) provide a summary of the assigned paper(s); (c) discuss the pros and cons of the proposed idea, protection mechanism, or bypass technique; and (d) conclude with at least two thought-provoking questions regarding the material covered, along with a brief direction of future work.

Paper Presentations

Each student will be presenting a (set of) research paper(s) to the class, and evaluated on the following:

• Understanding: Does the presenter understand the material?
• Thoughtfulness: Does the presented have insights and opinions beyond what is in the paper?
• Clarity: Can the audience understand the presentation? Are there useful examples?
• Materials: Do the slides (or use of whiteboard) illustrate and support the talk? Are there diagrams to help convey the technicalities?
• Delivery: Has the presenter practiced?
• Non-regurgiation: Did the presenter do something beyond simply typing sections of the paper as bullet points? Did the presenter motivate the ideas in their own words?
• Answering questions: Can the presenter handle questions from the audience?

Course Project

The (semester-long) course project entails working on an open research problem, which can be defensive or offensive in nature (or both), and submitting (to the instructor) a workshop-quality research paper. Note that although the project may rely on concepts learned from existing papers, it must also introduce new ideas. Validation of prior work (i.e., in terms of effectiveness and/or performance) is permitted, but, in such cases, a more thorough analysis of the original work's strengths and weaknesses must be undertaken.

Collaboration Policy

You are free to discuss technical issues regarding the assigned readings, or your project, with your peers. You may also consult outside sources of information for your project and/or presentation(s), but you must cite them. Every write-up (i.e., paper review, project report, code, or presentation) must be entirely your own work.

• Academic Code