CSC-591 Systems Attacks and Defenses


Date Topic Discussions (do readings before class)
01/09 Introduction (slides, hackpack)  
01/16 Shellcode (slides) x86 Assembly Guide (link)
Emulation-based Detection of Non-self-contained Polymorphic Shellcode (link) [RAID’07]
01/23 Linux Security (slides) Setuid Demystified (link) [USENIX Sec’02]
Address Space Layout Permutation (ASLP) (link) [ACSAC’06]
01/30 Reverse Engineering (slides) Automatic Reverse Engineering of Malware Emulators (link) [S&P’09],
Native x86 Decompilation using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring (link) [USENIX Sec’13],
Reassembleable Disassembling (link) [USENIX Sec’15]
02/06 Control-flow hijack attacks (slides) Smashing The Stack For Fun And Profit (link) and Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns (link) [S&P’04]
02/13 Stack Canaries & ASLR (slides) StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks (link) [USENIX Sec’98] and NOEXEC
02/20 Return-into-libc & ROP (slides) The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) (link) [CCS’07]
02/27 Symbolic Execution & Fuzzing (slides) KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs (link) [OSDI’08],
The Art, Science, and Engineering of Fuzzing:A Survey (link) [IEEE TSE’19]
03/05 Midterm Exam  
03/12 Spring Break - No class  
03/19 Web Security (slides)  
03/26 Web Security  
04/02 Web Security  
04/09 Web Security  
04/16 Final Exam  
04/17 HackPack CTF 1pm-7pm Capture the Flag event at Hunt Library Room 4106
04/23 CTFs & Research