CS 460: Software Vulnerability Analysis: Syllabus

Tue, Sep. 4

Introduction
Reading:

K. Thompson ~~Reflections on Trusting Trust~~
C. Miller The Legitimate Vulnerability Market. Inside the Secretive World of 0-day Exploit Sales
S. Inguva et al. ~~Source Code Review of the Hart InterCivic Voting System~~ (Chapter 3 only)

Thu, Sep. 6

x86 primer and stack smashing
Reading:

Aleph One Smashing The Stack For Fun And Profit

Tue, Sep. 11

Project tutorial
No reading, but I will demonstrate how to solve part 1 of project 1.

Thu, Sep. 13

Memory safety vulnerabilities 1
Reading:

Tue, Sep. 18

Memory safety vulnerabilities 2
Reading:

scut / team teso Exploiting Format String Vulnerabilities

Thu, Sep. 20

Format string vulnerabilities, attempt 1

Tue, Sep. 25

Format string vulnerabilities, attempt 2
Slides: pdf

Thu, Sep. 27

Return-Oriented Programming
Reading:

H. Shacham The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)

Tue, Oct. 2

ROP defenses
Reading:

L. Davi, A-R. Sadeghi, and M. Winandy ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks.
V. Pappas kBouncer: Efficient and Transparent ROP Mitigation

Thu, Oct. 4

Software Fault Isolation and Control-Flow Integrity
Reading:

S. McCamant and G. Morrisett Evaluating SFI for a CISC Architecture
M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti Control-Flow Integrity: Principles, Implementations, and Applications

Tue, Oct. 9

Data as code
Reading:

N. Alramli ~~Why Python Pickle is Insecure~~
J. Mason, S. Small, F. Monrose, and G. MacManus English Shellcode
S. Checkoway, H. Shacham, and E. Rescorla Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer

Thu, Oct. 11

Exam preperation
No Reading. Come with questions!

Tue, Oct. 16

No class

Thu, Oct. 18

Exam 1
No Reading.

Tue, Oct. 23

Catch up
No reading.

Thu, Oct. 25

Catch up
No reading.

Tue, Oct. 30

Hurrican Sandy
Reading:

Hurricane

Thu, Nov. 1

Class cancelled

Tue, Nov. 6

Heap spraying/ JIT spraying
Reading:

A. Sotirov Heap Feng Shui in JavaScript Part I only
F. Muttis and A. Sacco HTML5 Heap Sprays
D. Blazakis Interpreter Exploitation: Pointer Inference and JIT Spraying

Thu, Nov. 8

Class Cancelled

Tue, Nov. 13

Browsers and the Same-Origin Policy
Reading:

M. Zalewski Browser Security Handbook chapters 1 (basic concepts) and 2 (standard security features)
C. Jackson and A. Barth Beware of Finer-Grained Origins

Thu, Nov. 15

Class cancelled
Catch up on reading.

Tue, Nov. 20

Cross-Origin Attacks
Reading:

A. Barth, C. Jackson, and J. Mitchell Robust Defenses for Cross-Site Request Forgery

Thu, Nov. 22

Thanksgiving vacation
No reading.

Tue, Nov. 27

Frames: Communication and Clickjacking
Reading:

A. Barth, C. Jackson, and J. Mitchell Securing Frame Communication in Browsers
P. Stone ~~Next Generation Clickjacking: New Attacks Against Framed Web Pages~~

Thu, Nov. 29

HTTPS
Reading:

C. Jackson and A. Barth ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
C. Soghoian and S. Stamm Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL

Tue, Dec. 4

Exam preperation and a worm!

M. Eichin and J. Rochlis With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988

Thu, Dec. 6

Exam 2
No reading.