CS 250: Software Security

Course Description

This is a graduate-level research-oriented course. The goal of this course is to teach graduate students the state-of-the-art techniques and tools and their applications to software security problems, including vulnerabilities and exploits, malware, patching, reverse engineering, and forensics. This course is aimed to balance between lectures, lab assignments and projects, such that the students can grasp the core concepts, gain first-hand experience through lab assignments to reinforce the understanding of these concepts, and further explore unknowns via course projects.

  • Instructor: Heng Yin
  • Email: heng AT cs DOT ucr DOT edu
  • Office: Winston Chung Hall 316
  • Office hours: by appointment
  • Location and Time: Gordon Watkins Hall 1101, M/W 9:30-10:50AM

Communication

We will use eLearn for assignments and grading, and Piazza for Q&A and general announcements.

Covered Topics

  • Fuzzing
  • Symbolic Execution
  • Exploit Generation
  • Hardening and Patching
  • Binary Code Reverse Engineering
  • Software Supply Chain Security

Paper Review and Presentation

Each student is responsible to present one paper in the class for about 25 minutes and lead the discussion for about 15 minutes. A signup sheet will be provided to select which paper to present (first come first serve). Use your R'Mail to access it.

Each student is required to write reviews of at least 400 words for all the papers presented by students, before the papers are presented in class. A review must include the following aspects:

  • Describe the problem
  • Explain how previous work solves this problem and why it is insufficient
  • Explain how this paper tackles the problem and why this approach can solve this problem
  • What you like and dislike about this paper
  • List questions you have and would like to discuss in the class.

Lab Assignments

  1. Binary Code Comprehension: Construct simple exploits from binary code.
  2. Experimenting with Symbolic Execution and Fuzzing
  3. Implementing CFI and Shadow Stack for Binary.

Projects

Each student needs to submit a research proposal (by Week 6) and a term paper.

Grading (Tentative)

  • Class participation: 10%
  • Lab assignments: 25%
  • Presentation: 20%
  • Paper reviews: 10%
  • Proposal: 5%
  • Term paper: 30%

Schedule

Monday Wednesday
04/01
Syllabus
Binary Code Comprehension
Lab 1: Buffer Overflow Exploit Construction 		04/03
Symbolic Execution
04/08
Symbolic Execution 		04/10
Fuzzing
04/15
Fuzzing
Lab 2: Experimenting with Symbolic Execution and Fuzzing 		04/17
Exploit Generation
04/22
Hardening 		04/24
Canceled
04/29
Binary Rewriting 		05/01
Binary Code Embedding
05/06
 05/08
Guest Lecture by Prof. Chengyu Song
05/13
SymSan: Time and Space Efficient Concolic Execution via Dynamic Data-Flow Analysis
Marco: A Stochastic and Asynchronous Concolic Explorer 		05/15
Gramatron: Effective Grammar-Aware Fuzzing
Beacon: Directed Grey-Box Fuzzing with Provable Path Pruning
05/20
Efficient Directed Fuzzing with Selective Path Exploration
Revery: From Proof-of-Concept to Exploitable
 05/22
Guest Lecture by Lian Gao
05/27
Code-Pointer Integrity
SAFER: Efficient and Error-Tolerant Binary Instrumentation 		05/29
CLAP: Learning Transferable Binary Code Representations with Natural Language Supervision
Code is not Natural Language: Unlock the Power of Semantics-Oriented Graph Representation for Binary Code Similarity Detection
06/03
SigmaDiff: Semantics-Aware Deep Graph Matching for Pseudocode Diffing
Understanding the Effectiveness of Large Language Models in Detecting Security Vulnerabilities 		06/05
Examining Zero-Shot Vulnerability Repair with Large Language Models
Automated Program Repair in the Era of Large Pre-trained Language Models