CS 460: Software Vulnerability Analysis: Syllabus

Week 1

Tue, Sep. 03

Introduction
Reading:

K. Thompson ~~Reflections on Trusting Trust~~
C. Miller The Legitimate Vulnerability Market. Inside the Secretive World of 0-day Exploit Sales
S. Inguva et al. ~~Source Code Review of the Hart InterCivic Voting System~~ (Chapter 3 only)

Thu, Sep. 05

x86 primer and stack smashing
Reading:

Aleph One Smashing The Stack For Fun And Profit

Week 2

Tue, Sep. 10

Project tutorial
No reading.

Thu, Sep. 12

Integer overflows
Reading:

blexim Basic Integer Overflows

Week 3

Tue, Sep. 17

Memory safety vulnerabilities 1
Reading:

MaXX Vudo - An object superstitiously believed to embody magical powers

Thu, Sep. 19

Memory safety vulnerabilities 2
Reading:

scut/team teso Exploiting Format String Vulnerabilities
Format String Vulnerabilities slides

Week 4

Tue, Sep. 24

Code reuse attacks
No reading.

Thu, Sep. 26

Return-Oriented Programming
Reading:

H. Shacham The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)

Week 5

Tue, Oct. 01

ROP defenses
Reading:

L. Davi, A.-R. Sadeghi, and M. Winandy ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks
V. Pappas kBouncer: Efficient and Transparent ROP Mitigation

Thu, Oct. 03

Software Fault Isolation and Control-Flow Integrity
Reading:

S. McCamant and G. Morrisett Evaluating SFI for a CISC Architecture
M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti Control-Flow Integrity: Principles, Implementations, and Applications

Week 6

Tue, Oct. 08

Data as code
Reading:

N. Alramli Why Python Pickle is Insecure
J. Mason, S. Small, F. Monrose, and G. MacManus English Shellcode
S. Checkoway, H. Shacham, and E. Rescorla Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer

Thu, Oct. 10

Exam review
No reading.

Week 7

Tue, Oct. 15

No class
No reading.

Thu, Oct. 17

Exam 1
No reading.

Week 8

Tue, Oct. 22

Browsers and the Same-Origin Policy
Reading:

M. Zalewski Browser Security Handbook chapters 1 (basic concepts) and 2 (standard security features)
C. Jackson and A. Barth Beware of Finer-Grained Origins

Thu, Oct. 24

Cross-origin Attacks: CSRF
Reading:

A. Barth, C. Jackson, and J. Mitchell Robust Defenses for Cross-Site Request Forgery

Week 9

Tue, Oct. 29

Cross-origin Attacks: XSS
Reading:

OWASP Cross-site Scripting (XSS)
D. Bates, A. Barth, and C. Jackson Regular Expressions Considered Harmful in Client-Side XSS Filters

Thu, Oct. 31

Frames: Communication and Clickjacking
Reading:

A. Barth, C. Jackson, and J. Mitchell Securing Frame Communication in Browsers
P. Stone ~~Next Generation Clickjacking: New Attacks Against Framed Web Pages~~

Week 10

Tue, Nov. 05

Frames 2: Framebusting
Reading:

G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular Sites

Thu, Nov. 07

HTTPS
Reading:

C. Jackson and A. Barth ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
C. Soghoian and S. Stamm Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL

Week 11

Tue, Nov. 12

Embedded system security
No reading.

Thu, Nov. 14

Guest lecture by Prof. Matthew Green
No reading.

Week 12

Tue, Nov. 19

Class canceled
No reading.

Thu, Nov. 21

Is it all worth it?
Reading:

E. Rescorla ~~Is finding security holes a good idea?~~
E. Rescorla ~~Security holes… Who cares?~~ Optional

Week 13

Tue, Nov. 26

Guest lecture by Eric Rescorla
Reading:

E. Rescorla SSH, SSL, and IPsec: wtf?

Thu, Nov. 28

Thanksgiving: No class
No reading.

Week 14

Tue, Dec. 03

Review
No reading.

Thu, Dec. 05

Exam 2
No reading.