UB CSE 410/510 Software Security

Fall 2021; Monday, 5:00 PM - 7:50 PM;

General Information

Instructor

Dr. Ziming Zhao
E-mail: zimingzh@buffalo.edu
Homepage: https://zzm7000.github.io/
Office: 338B Davis Hall
Office Hours: TBD
Monday, 5:00 PM - 7:50 PM; Online
Any UB student can request the Zoom link for the class by shooting the instructor an email.
The lecture recordings will be posted online after each class.

Overview

This course is designed to provide students with good understanding of the theories, principles, techniques and tools used for software and system hacking and hardening. Students will study, in-depth, binary reverse engineering, vulnerability classes, vulnerability analysis, exploit and shellcode development, defensive solutions, etc. to understand how to crack and protect native software. In particular, this class covers offensive techniques including stack-based buffer overflow, heap security, format string vulnerability, return-oriented programming, etc. This class also covers defensive techniques including canary, shadow stack, address space layout randomization, control-flow integrity, etc. A key part of studying security is putting skills to the test in practice. Hacking challenges known as Capture The Flag (CTF) competitions are a great way to do this. In this class the progress of students are evaluated by lab assignment and in-class Capture-The-Flag (CTF) competitions. The course can be used to satisfy the MS project requirement.

Downloads: Course Syllabus

Downloads: Virtual Machine

Tentative Schedule

Date Topic Notes
Week-1 8/30  Overview and Background Knowledge  
Week-2 9/6  Labor Day Observed -- No class  
Week-3 9/13  TBD  
Week-4 9/20  TBD  
Week-5 9/27  TBD  
Week-6 10/4  TBD  
Week-7 10/11  TBD  
Week-8 10/18  TBD  
Week-9 10/25  TBD  
Week-10 11/1  TBD  
Week-11 11/8  TBD  
Week-12 11/15  TBD  
Week-13 11/22  TBD  
Week-14 11/29  TBD  
Week-15 12/6  TBD  

Resources