UB CSE 410/510 Software Security

Fall 2021; Monday, 5:00 PM - 7:50 PM;

General Information

Instructor

Dr. Ziming Zhao
E-mail: zimingzh@buffalo.edu
Homepage: https://zzm7000.github.io/
Monday, 5:00 PM - 7:50 PM; Norton 218
Office hours will be online: Wednesday 1:00 PM - 2:30 PM or by appointment
You will need to log in to UB Zoom before you join the office hours at https://buffalo.zoom.us/j/98554246767?pwd=V2E3Y1VOa2lCelNqc0FEOHI1ZDZiUT09
The lecture recordings will be posted online after each class.

Teaching Assistant

Md. Armanuzzaman Tomal
E-mail: mdarmanu@buffalo.edu
Office hours will be online: Friday 3:00 PM - 4:30 PM or by appointment
You will need to log in to UB Zoom before you join the office hours at https://buffalo.zoom.us/j/98554246767?pwd=V2E3Y1VOa2lCelNqc0FEOHI1ZDZiUT09

Overview

This course is designed to provide students with good understanding of the theories, principles, techniques and tools used for software and system hacking and hardening. Students will study, in-depth, binary reverse engineering, vulnerability classes, vulnerability analysis, exploit and shellcode development, defensive solutions, etc. to understand how to crack and protect native software. In particular, this class covers offensive techniques including stack-based buffer overflow, heap security, format string vulnerability, return-oriented programming, etc. This class also covers defensive techniques including canary, shadow stack, address space layout randomization, control-flow integrity, etc. A key part of studying security is putting skills to the test in practice. Hacking challenges known as Capture The Flag (CTF) competitions are a great way to do this. In this class the progress of students are evaluated by lab assignment and in-class Capture-The-Flag (CTF) competitions. The course can be used to satisfy the MS project requirement.

Downloads: Course Syllabus

Downloads: Virtual Machine

Tentative Schedule

Date Topic Notes
Week-1 8/30  Overview and Background Knowledge Slides Code HW Video UB YouTube  
Week-2 9/6  Labor Day Observed -- No class HW2  
Week-3 9/13  ELF and Buffer Overflow Slides Code HW YouTube  
Week-4 9/20  Buffer Overflow Slides Code HW YouTube  
Week-5 9/27  Buffer Overflow Slides Code HW YouTube  
Week-6 10/4  Buffer Overflow and Defense Slides Code HW YouTube  
Week-7 10/11  Buffer Overflow Defense and Shellcode Slides HW YouTube  
Week-8 10/18  Written Midterm and Midterm CTF HW  
Week-9 10/25  Shellcode and Format String Slides HW YouTube  
Week-10 11/1  Format String Slides HW YouTube  
Week-11 11/8  ROP Slides HW YouTube  
Week-12 11/15  ROP Slides HW YouTube  
Week-13 11/22  Cache side-channel, meltdown, spectre Slides HW YouTube  
Week-14 11/29  Heap Exploitation Slides HW YouTube  
Week-15 12/6  TBD  

Resources