UB CSE 703 Seminar: Advanced Software Security - Techniques and Tools

Spring 2021 2/1/2021 - 5/10/2021; Monday, 12:50 PM - 2:55 PM; Online

General Information

Instructor

Dr. Ziming Zhao
E-mail: zimingzh@buffalo.edu
Homepage: https://zzm7000.github.io/
Office: 338B Davis Hall
Office Hours: By Appointment
Monday, 12:50 PM - 2:55 PM; Online
This is a seminar class with students presentations. Lecture recordings will be available for UB students.

Overview

This seminar course is designed to provide students with good understandings of the theories, principles, techniques and tools used for software security. Students will study state-of-the-art vulnerability analysis techniques and tools. In particular, this class covers many static and dynamic analysis techniques, including fuzzing, taint analysis, symbolic execution, etc. Depending on how many credits a student takes for this class, the coursework will consist of: paper reading, paper presentation, paper reviewing, labs and course projects.

The seminar is suitable for students who have strong interest in software security and intent to pursue a career in the area, e.g., PhD students already working in security or MS students interested in pursuing a PhD or doing research in the field (in the form of independent studies and/or MS Thesis). One of the goals of this seminar is to identify, by the end of the semester, a set of open research problems on which students can work during the next semester, e.g., in the form of independent studies or thesis.

Tentative Schedule

Date Topic Paper Presentations Reading Assignment
Week-1 2/1  x86/x64 Binary Disassembly Notes Recording  NA
  • Sok: All you ever wanted to know about x86/x64 binary disassembly but were afraid to ask. Oakland 2021. Paper.
Week-2 2/8  LLVM Notes Recording  NA
  • SoK: Sanitizing for Security. Oakland 2019. Paper.
Week-3 2/15  LLVM Notes Recording
  • AddressSanitizer: A fast address sanity checker. USENIX ATC 2012. Paper. Presenter: Xi Tan
  • IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. NDSS 2018. Paper. Presenter: Gursimran Singh
  • Fuzzing: Hack, art, and science. CACM 2020. Paper.
Week-4 2/22  Fuzzing
  • FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation. USENIX 2019. Paper. Presenter: Md Armanuzzaman
  • HFL: Hybrid fuzzing on the Linux kernel. NDSS 2020. Paper. Presenter: Jacquelyn Dufresne
  • The art, science, and engineering of fuzzing: A survey. TSE 2019. Paper.
Week-5 3/1  Fuzzing
  • T-Fuzz: Fuzzing by Program Transformation. Oakland 2018. Paper. Presenter: Charles Wiechec
  • Taint-based Directed Whitebox Fuzzing. ICSE 2009. Paper. Presenter: Anjie Sun
  • All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). Oakland 2010. Paper.
Week-6 3/8  Dynamic Taint Analysis
  • Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. NDSS 2005. Paper. Presenter: Malav Dharmendrakumar Vyas
  • TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. OSDI 2010. Paper. Presenter:
  • Sok: Eternal war in memory. Oakland 2013. Paper.
Week-7 3/15  Dynamic Taint Analysis
  • FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. PLDI 2014. Paper. Presenter:
  • TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection. Oakland 2010. Paper. Presenter:
  • Symbolic execution for software testing three decades later. CACM 2013. Paper.
Week-8 3/22  Symbolic and Concolic Execution
  • KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. OSDI 2008. Paper. Presenter:
  • Driller: Augmenting fuzzing through selective symbolic execution. NDSS 2016. Paper. Presenter: Ariel Shevah
  • SoK: (state of) the art of war: Offensive techniques in binary analysis. Oakland 2016. Paper.
Week-9 3/29  Symbolic and Concolic Execution
  • Intscope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. NDSS 2009. Paper. Presenter: Gursimran Singh
  • Symbolic execution with SymCC: Don't interpret, compile!. USENIX 2020. Paper. Presenter: Xi Tan
  • SMT Solvers for Software Security. WOOT 2012. Paper.
Week-10 4/5  SMT Solver
  • EXE: Automatically Generating Inputs of Death. CCS 2006. Paper. Presenter: Jacquelyn Dufresne
  • AEG: Automatic Exploit Generation. NDSS 2011. Paper. Presenter: Md Armanuzzaman
  • Challenges in Firmware Re-Hosting, Emulation, and Analysis. CSUR 2021. Paper.
Week-11 4/12  SMT Solver
  • FIE on Firmware: Finding Vulnerabilities in Embedded Systems Using Symbolic Execution. USENIX 2013. Paper. Presenter: Malav Dharmendrakumar Vyas
  • FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities. USENIX 2018. Paper. Presenter:
  • Automatic Exploit Generation. CACM 2014. Paper.
Week-12 4/19  Automatic Exploit Generation
  • Unleashing MAYHEM on Binary Code. Oakland 2012. Paper. Presenter: Anjie Sun
  • KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities. USENIX 2020. Paper. Presenter:
Week-13 4/26  Other Bug Huntings
  • CP-Miner: A tool for finding copy-paste and related bugs in operating system code. OSDI 2004. Paper. Presenter: Charles Wiechec
  • discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code. NDSS 2017. Paper. Presenter:
Week-14 5/3  Other Bug Huntings
  • VulPecker: an automated vulnerability detection system based on code similarity analysis. AsiaCCS 2016. Paper. Presenter: Ariel Shevah
  • VulDeePecker: A Deep Learning-Based System for Vulnerability Detection. NDSS 2018. Paper. Presenter:
Week-15 5/10  Course Project Presentations    

Course Structure

We will discuss several topics in this class. Each lecture may consist of two parts. In the first part, the instructor will discuss some basic knowledge, show demos of existing tools (30 mins). In the second part (1.5 hours), we will discuss 2 papers (one student will be presenting - 30 mins / leading the discussion - 15 mins).

A list of papers from top security, system or software engineering conferences (IEEE Security and Privacy aka. Oakland, USENIX Security, ACM CCS, NDSS, OSDI, SOSP, PLDI, ICSE, etc.) are provided for presentations under the "Paper Presentations" column. Usualy, we will have 2 presentations each week. Each student will present 2 papers throughout the semester. Only the presenter is required to read the papers, but it is highly recommended that everyone reads all the papers.

submit reviews for a subset of them, and participate in discussions in class.

One paper for each topic will be listed as "Reading Assignment". All students are required to read all the papers in this column. These papers are mostly survey, SoK, or managzine papers from top venues (Oakland, CACM, TSE, etc.).

Assignments

The course includes the following assignments:

  1. Paper reading. Please first read "How to Read a Paper" by S. Keshav.

  2. Class presentations: Each student will present 2 research papers throughout the semester. To better prepare for the presentation, you are required to do the following:

    1. Email me your answers to the talk preparation questions 3 days before the presentation.
    2. Email me your slides 3 days before the presentation.

      3. You can find a set of recommendations on how to give a good presentation here.

  3. Paper reviews: you will write reviews for 3 papers (you will choose which ones). The template of a review can be download here. You can find a set of recommendations on how to write a good reviews here and some high-level guidelines here.

  4. Course Project: 3-credit student will participate in a course project and give a presentation on the last class.

  5. Homework: students will finish some homework.

Resources