Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).
| Date | Topic | Assignments Due | Readings for Discussion (do readings before class) | |
| 01/09/18 | ( | Course syllabus link | ||
| 01/11/18 | ( | Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link | ||
| 01/16/18 | ( | Server Authentication (Due 2/13/18)link | Linux Password and Shadow File Formatlink | |
| 01/18/18 | ( | SQL Injection Cheat Sheet and Tutoriallink The Risks Digest link | ||
| 01/23/18 | ( | Smashing the Stack for Fun and Profit, Aleph One. Phrack 7(49), 1996link Common Vulnerabilities and Exposures link Talk: Secure Software through Proof Engineering, Greg Morrisett.link Some OpenSSL helplink | ||
| 01/25/18 | ( | Hacker's Hut: Exploiting the Heap (11-11.2) link Security Focus: BugTraq link | ||
| 01/30/18 | ( | Using Freed Memory link Double Frees link One Perfect Bug: Exploiting Type Confusion in Flash (Basic Idea) link Format String Vulnerability link | ||
| 02/01/18 | ( | An Evil Copy: How the Loader Betrays You. X. Ge,
M. Payer, T. Jaeger. Proceedings of the Network and
Distributed Systems Security Symposium, 2017.link | ||
| 02/06/18 | ( | The Confused Deputy (or why capabilities might have
been invented). Norm Hardy. Operating Systems Review,
pp. 36-38, Oct. 1988. link | ||
| 02/08/18 | ( | Secure Programming HOWTO (Chapter 5)link | ||
| 02/13/18 | ( | Secure Programming HOWTO (Chapter 6)link | ||
| 02/15/18 | ( | Server Hardening (Due 2/27/18)link | The Fuzzing Project: Tutoriallink American Fuzzy Loplink | |
| 02/20/18 | ( | Tutorial: Static Analysis and Dynamic Testing of Software, Richard Fairley, 1978.link LLVM Checkerslink | ||
| 02/22/18 | ( | AWare: Preventing Abuse of Privacy-Sensitive Sensors
via Operation Bindings. Giuseppe Petracca, Ahmad-Atamli Reineh,
Yuqiong Sun, Jens Grossklags, and Trent Jaeger. In Proceedings of
the 26th USENIX Security Symposium,
Aug. 2017.link | ||
| 02/27/18 | ( | HP Fortifylink IBM Rationallink LLVM Based Bug Detection: A comparison of CETS and
Parfait (Focus on Parfait). Sebastian Hunkeler.link | ||
| 03/01/18 | ( | KLEE: Unassisted and Automatic Generation of
High-Coverage Tests for Complex Systems. Cristian Cadar,
Daniel Dunbar, Dawson Engler, in Proceedings of the 8th
USENIX Conference on Operating Systems Design and
Implementation, 2008. link | ||
| 03/06/18 | Spring Break - No class | |||
| 03/08/18 | Spring Break - No class | |||
| 03/13/18 | ( | |||
| 03/15/18 | Midterm | |||
| 03/20/18 | ( | Break Someone's Server (Due 4/7/18)link | ||
| 03/22/18 | ( | Control-Flow Integrity: Precision, Security, and Performance (Section 2.1)link | ||
| 03/27/18 | ( | Privilege-Separated OpenSSH link | ||
| 03/29/18 | No Lecture | |||
| 04/03/18 | ( | PtrSplit: Supporting General Pointers in Automatic
Program Partitioning. S. Liu, G. Tan, and T. Jaeger. In 24th
ACM Conference on Computer and Communications Security
(CCS), 2017.link | ||
| 04/05/18 | ( | Reference Monitorlink
Leveraging 'Choice' in Authorization Hook Placement (Sections 1-3).
Divya Muthukumaran, Trent Jaeger, and Vinod Ganapathy. In
19th ACM Conference on Computer and Commumications
Security, 2012.
link | ||
| 04/10/18 | ( | Authorization (Due 4/26/18)link | Software-based Fault Isolation (Notes)link | |
| 04/12/18 | ( | |||
| 04/17/18 | ( | Jave Information Flow (Jif)link | ||
| 04/19/18 | ( | Design of Intel MPXlink | ||
| 04/24/18 | ( | Attack Surface Analysis Cheat Sheetlink | ||
| 04/26/18 | ( | |||
| 05/01/18 | Final Exam - 10:10AM - 12:00PM, 106 Forest Res Bldg | |||
.