CS 460: Software Vulnerability Analysis: Syllabus

Week 1

Thu, Aug. 28

Introduction
Reading:

K. Thompson ~~Reflections on Trusting Trust~~

Week 2

Tue, Sep. 02

Assembly primer and stack smashing
Reading:

Aleph One Smashing The Stack For Fun And Profit

Thu, Sep. 04

Integer overflows and project tutorial
Reading:

blexim Basic Integer Overflows

Week 3

Tue, Sep. 09

No class
No reading.

Thu, Sep. 11

No class
No reading.

Week 4

Tue, Sep. 16

Memory safety vulnerabilities 1
Reading:

MaXX Vudo - An object superstitiously believed to embody magical powers

Thu, Sep. 18

Memory safety vulnerabilities 2
Reading:

scut/team teso Exploiting Format String Vulnerabilities
Format String Vulnerabilities slides

Week 5

Tue, Sep. 23

Code reuse attacks
No reading.

Thu, Sep. 25

Return-Oriented Programming
Reading:

H. Shacham The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)

Week 6

Tue, Sep. 30

ROP defenses
Reading:

L. Davi, A.-R. Sadeghi, and M. Winandy ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks
V. Pappas kBouncer: Efficient and Transparent ROP Mitigation

Thu, Oct. 02

Software Fault Isolation and Control-Flow Integrity
Reading:

S. McCamant and G. Morrisett Evaluating SFI for a CISC Architecture
M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti Control-Flow Integrity: Principles, Implementations, and Applications

Week 7

Tue, Oct. 07

Data as code
Reading:

N. Alramli Why Python Pickle is Insecure
J. Mason, S. Small, F. Monrose, and G. MacManus English Shellcode
S. Checkoway, H. Shacham, and E. Rescorla Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer

Thu, Oct. 09

Heap spraying/JIT spraying
Reading:

A. Sotirov Heap Feng Shui in JavaScript Part I only
F. Muttis and A. Sacco HTML5 Heap Sprays
D. Blazakis Interpreter Exploitation: Pointer Inference and JIT Spraying

Week 8

Tue, Oct. 14

Browsers and the Same-Origin Policy
Reading:

M. Zalewski Browser Security Handbook chapters 1 (basic concepts) and 2 (standard security features)
C. Jackson and A. Barth Beware of Finer-Grained Origins

Thu, Oct. 16

No class
No reading.

Week 9

Tue, Oct. 21

Cross-origin Attacks: CSRF
Reading:

A. Barth, C. Jackson, and J. Mitchell Robust Defenses for Cross-Site Request Forgery

Thu, Oct. 23

Cross-origin Attacks: XSS
Reading:

OWASP Cross-site Scripting (XSS)
D. Bates, A. Barth, and C. Jackson Regular Expressions Considered Harmful in Client-Side XSS Filters

Week 10

Tue, Oct. 28

Frames: Communication and Clickjacking
Reading:

A. Barth, C. Jackson, and J. Mitchell Securing Frame Communication in Browsers
P. Stone ~~Next Generation Clickjacking: New Attacks Against Framed Web Pages~~

Thu, Oct. 30

Frames 2: Framebusting
Reading:

G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular Sites

Week 11

Tue, Nov. 04

Class canceled
No reading.

Thu, Nov. 06

Class canceled
No reading.

Week 12

Tue, Nov. 11

HTTPS
Reading:

C. Jackson and A. Barth ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
C. Soghoian and S. Stamm Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL

Thu, Nov. 13

TBD
No reading.

Week 13

Tue, Nov. 18

TBD
No reading.

Thu, Nov. 20

Class canceled
No reading.

Week 14

Tue, Nov. 25

Thanksgiving: No class
No reading.

Thu, Nov. 27

Thanksgiving: No class
No reading.

Week 15

Tue, Dec. 02

TBD
No reading.

Thu, Dec. 04

TBD
No reading.