Section outline
-
Teacher
Course schedule
Part 1 (5 first weeks)
class on Wednesday (2 pm to 5 pm)
Part 2 (7 next weeks)
class on Tuesday (2 pm to 5 pm)
Part 3 (1 week)
class on Tuesday January the 7th (8.15 am to 11.15 am)Some general references
web sites- The software security course website from Erik Poll
- Securimag - The IMAG ethical hacking / security association
- A short overview of the C language (but sufficient for the purpose of this course)
books and papers
-
"Writing Secure Codes" (M. Howard and D. LeBlanc, MicroSoft) [also available online]
- The lecture notes on software security, by E. Poll
Examples of past exams & mid-term assignments
-
25/09
- Lecture 1 : course introduction
- Lecture 2 :How (in)-secure is a programming language ?
Reading suggestions:
- slides from E. Poll introduction course
- Mind your Language(s)
- A comprehensive description of C undefined behaviors
- "The Emperor's Old Clothes" (The 1980 ACM Turing Award Lecture, by C.A.R Hoare)
- A guide to undefined behaviors in C and C++
- "The Programming Languages Enthusiast'' (Michael Hicks) blog
-
02/10
- Lecture 3 : understanding (and avoiding !) code vulnerabilities
- some exercises about programming languages (in)-security
Reading suggestions:
- The NIST Vulnerability Database, two examples of recent CVE (CVE-2023-43907 and CVE-2023-36131)
- Common Weakness Enumeration: buffer overflows, integer overflows, use-after-free, etc.
- What happened to my Code ? (about undefined behaviors in C)
- CERT secure coding standarts
- Google Zero Project: 0day Exploit Root Cause Analyses
- The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities (M. Dowd, J. MacDonald, J. Shuh) [chapters 5 to 8]
- Summary of C/C++ integer rules
-
09/10
- Lab on language-level vulnerabilities [Room E200]
Reading suggestions:- about StackProtector
- about clang code hardening options (on Quarkslab blog)
- Using Ghidra
-
You should upload your report and source codes for Lab 1 before October the 20th (by groups of 2 students)
-
16/10
- Lecture 4: protecting our code from (some) classical attacks (slides)
- next lab presentation/preparation
- Lecture 5: disassembling (slides and E. Fleury slides)
Reading suggestions:- about StackProtector
- about clang code hardening options (on Quarkslab blog)
- Using Ghidra
- A (complete !) course on x86 assembly language
- A web site for playing with compilers ...
- Practical Binary Analysis [Dennis Andriesse]
- some slides on x86_64 (from E. Fleury)
-
23/10 - Lab on buffer overflow exploitation techniques
-
Vacations - No class !
-
5/11
- Lecture 6 : timing attacks (non-interference, constant-time programming), (some slides, and some others from E. Poll)
- some exercises (and some correction indications)
Reading suggestions
-
- Access Control: introduction, and some slides from E. Poll (part1 and part2)
- A short introduction on tools for code security analysis [slides]
Reading suggestions:
Lecture notes from E. Poll Language-Based Security (chapter 4 and 5)
-
19/11:
- Written assignment at 2 pm (1h long)
- A short introduction on tools for code security analysis [slides]
- An outline on fuzzing and Symbolic Execution [slides] [+ slides from D.Song] [+ Slides from Martin Vechev]
Reading suggestions:
-
26/11:
- Lab on fuzzing and symbolic execution
-
5/12 :
- Static code analysis for security : some slides and [Dillig's slides]
- Exercises and Solutions
-
10/12
- Lab : static code analysis for security
-
17/12
Lab on code analysis with codeQL : the subject
-
Vacations - No class !