This is a graduate-level research-oriented course. The goal of this course is to teach graduate students the state-of-the-art techniques and tools and their applications to software security problems, including vulnerabilities and exploits, malware, patching, reverse engineering, and forensics. This course is aimed to balance between lectures, lab assignments and projects, such that the students can grasp the core concepts, gain first-hand experience through lab assignments to reinforce the understanding of these concepts, and further explore unknowns via course projects.
We will use eLearn for assignments and grading, and Piazza for Q&A and general announcements.
Each student is responsible to present one paper in the class for about 25 minutes and lead the discussion for about 15 minutes. A signup sheet will be provided to select which paper to present (first come first serve). Use your R'Mail to access it.
Each student is required to write reviews of at least 400 words for all the papers presented by students, before the papers are presented in class. A review must include the following aspects:
Each student needs to submit a research proposal (by Week 6) and a term paper.
Monday | Wednesday |
---|---|
04/01 Syllabus Binary Code Comprehension Lab 1: Buffer Overflow Exploit Construction |
04/03 Symbolic Execution |
04/08 Symbolic Execution |
04/10 Fuzzing |
04/15 Fuzzing Lab 2: Experimenting with Symbolic Execution and Fuzzing |
04/17 Exploit Generation |
04/22 Hardening |
04/24 Canceled |
04/29 Binary Rewriting |
05/01 Binary Code Embedding |
05/06 |
05/08 Guest Lecture by Prof. Chengyu Song |
05/13 SymSan: Time and Space Efficient Concolic Execution via Dynamic Data-Flow Analysis Marco: A Stochastic and Asynchronous Concolic Explorer |
05/15 Gramatron: Effective Grammar-Aware Fuzzing Beacon: Directed Grey-Box Fuzzing with Provable Path Pruning |
05/20 Efficient Directed Fuzzing with Selective Path Exploration Revery: From Proof-of-Concept to Exploitable |
05/22 Guest Lecture by Lian Gao |
05/27 Code-Pointer Integrity SAFER: Efficient and Error-Tolerant Binary Instrumentation |
05/29 CLAP: Learning Transferable Binary Code Representations with Natural Language Supervision Code is not Natural Language: Unlock the Power of Semantics-Oriented Graph Representation for Binary Code Similarity Detection |
06/03 SigmaDiff: Semantics-Aware Deep Graph Matching for Pseudocode Diffing Understanding the Effectiveness of Large Language Models in Detecting Security Vulnerabilities |
06/05 Examining Zero-Shot Vulnerability Repair with Large Language Models Automated Program Repair in the Era of Large Pre-trained Language Models |