UB CSE 610 Special Topics: System Security - Attack and Defense for Binaries

Fall 2020; Monday, 5:20 PM - 8:10 PM; Online

General Information

Instructor

Dr. Ziming Zhao
E-mail: zimingzh@buffalo.edu
Homepage: https://zzm7000.github.io/
Office: 338B Davis Hall
Office Hours: By Appointment
Monday, 5:20 PM - 8:10 PM; Online
Any UB student can request the Zoom link for the class by shooting the instructor an email.
The lecture recordings will be posted online after each class.

Overview

This course is designed to provide students with good understanding of the theories, principles, techniques and tools used for software and system hacking and hardening. Students will study, in-depth, binary reverse engineering, vulnerability classes, vulnerability analysis, exploit/shellcode development, defensive solutions, etc. to understand how to crack and protect native software. In particular, this class covers offensive techniques including stack-based buffer overflow, heap-based buffer overflow, format string vulnerability, return-oriented programming, etc. This class also covers defensive techniques including canary, shadow stack, address space layout randomization, etc. A key part of studying security is putting skills to the test in practice. Hacking challenges known as Capture The Flag (CTF) competitions are a great way to do this. In this class the progress of students are evaluated by lab assignment and in-class Capture-The-Flag (CTF) competitions. The course can be used to satisfy the MS project requirement.

Downloads: Course Syllabus

Downloads: Virtual Machine

Tentative Schedule

Date Topic Notes
Week-1 8/31  Overview and Background Knowledge Slides Code HW1 Video UB Cloud YouTube Youku  
Week-2 9/7  Stack-based Buffer Overflow 1 Slides Code HW2 Video UB Cloud YouTube Youku  
Week-3 9/14  Stack-based Buffer Overflow 2 Slides Code HW3 Video UB Cloud YouTube Youku  
Week-4 9/21  Stack-based Buffer Overflow 3 & Defenses 1 Slides Code HW4 Video UB Cloud YouTube Youku  
Week-5 9/28  Defenses 2 Slides HW5 Video UB Cloud YouTube Youku  
Week-6 10/5    
Week-7 10/12    
Week-8 10/19    
Week-9 10/26    
Week-10 11/2    
Week-11 11/9    
Week-12 11/16    
Week-13 11/23    
Week-14 11/30    
Week-15 12/7    

Resources