This is a graduate-level research-oriented course. The goal of this course is to teach graduate students the state-of-the-art binary analysis techniques and tools and their applications to security problems. This course is aimed to balance between lectures, lab assignments and projects, such that the students can grasp the core concepts, gain first-hand experience through lab assignments to reinforce the understanding of these concepts, and further explore unknowns via course projects.
We will use iLearn for assignments and grading, and Piazza for Q&A and general announcements.
Each student is responsible to present one paper in the class for about 15 minutes and lead the discussion. Use this signup sheet to select which paper to present (first come first serve). Use your R'Mail to access it.
Each student is required to write reviews of at least 400 words for all the papers presented by students, before the papers are presented in class. A review must include the following aspects:
A list of suggeted projects will be provided. Students may also propose their own projects. Projects can be done individually or by groups. Each group should not exceed 3 students. In the project report, clearly state each member's contribution.
Monday | Wednesday | Friday |
---|---|---|
01/07 Syllabus/Introduction |
01/09 Binary Code Comprehension |
01/11 Binary Code Comprehension (cont'ed) Buffer Overflow Exploit Construction Lab 1 released |
01/14 Dynamic Binary Instrumentation |
01/16 Dynamic Taint Analysis |
01/18 Whole-System Dynamic Analysis Lab 2 released. |
01/21 No Class (Holiday) |
01/23 Symbolic Execution |
01/25 Symbolic Execution (cont'ed) Lab 3 released. |
01/28 Fuzzing |
01/30 Reverese Engineering of Data Structures and Types |
02/01 Binary Code Search |
02/04 Unleashing MAYHEM on Binary Code |
02/06 QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing |
02/08 Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints |
02/11 Angura: Efficient Fuzzing by Principled Search |
02/13 Function Interface Analysis: A Principled Approach for Function Recognition in COTS Binaries |
02/15 NEUZZ: Efficient Fuzzing with Neural Program Smoothing |
02/18 No Class (Holiday) |
02/20 Directed Greybox Fuzzing |
02/22 Driller: Augmenting Fuzzing through Selective Symbolic Execution |
02/25 Debin: Predicting Debug Information in Stripped Binaries |
02/27 Send Hardest Problem My Way: Probablistic Path Prioritization for Hybird Fuzzing |
03/01 Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization |
03/04 Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs |
03/06 Reassembleable Disassembling |
03/08 Ramblr: Making Reassembly Great Again |
03/11 Using Logic Programming to Recover C++ Classes and Methods from Compiled Executables |
03/13 No Class (Conference travel) |
03/15 Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits |