Sorry, this activity is currently hidden
Section outline
-
Teacher
Course schedule
Every Wednesday (2pm - 5pm) , from September the 24th to January the 7th ...
(see ADE for information regarding the room number)
Some general references
web sites- The software security course website from Erik Poll
- Securimag - The IMAG ethical hacking / security association
- A short overview of the C language (but sufficient for the purpose of this course)
books and papers
-
"Writing Secure Codes" (M. Howard and D. LeBlanc, MicroSoft) [also available online]
- The lecture notes on software security, by E. Poll
Examples of past exams & mid-term assignments
-
- Lecture 1 : course introduction
- Lecture 2 :How (in)-secure is a programming language ?
Reading suggestions:
- slides from E. Poll introduction course
- Mind your Language(s)
- A comprehensive description of C undefined behaviors
- "The Emperor's Old Clothes" (The 1980 ACM Turing Award Lecture, by C.A.R Hoare)
- A guide to undefined behaviors in C and C++
- "The Programming Languages Enthusiast'' (Michael Hicks) blog
-
- Lecture 3 : understanding (and avoiding !) code vulnerabilities
- some exercises about programming languages (in)-security
Reading suggestions:
- The NIST Vulnerability Database, two examples of recent CVE (CVE-2023-43907 and CVE-2023-36131)
- Common Weakness Enumeration: buffer overflows, integer overflows, use-after-free, etc.
- What happened to my Code ? (about undefined behaviors in C)
- CERT secure coding standarts
- Google Zero Project: 0day Exploit Root Cause Analyses
- The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities (M. Dowd, J. MacDonald, J. Shuh) [chapters 5 to 8]
- Summary of C/C++ integer rules
-
- Lab on language-level vulnerabilities [Room E106]
Reading suggestions:- about StackProtector
- about clang code hardening options (on Quarkslab blog)
- Using Ghidra
-
- Lecture 4: protecting our code from (some) classical attacks (slides)
- next lab presentation/preparation
- Lecture 5: disassembling (slides and E. Fleury slides)
Reading suggestions:- about StackProtector
- about clang code hardening options (on Quarkslab blog)
- Using Ghidra
- A (complete !) course on x86 assembly language
- A web site for playing with compilers ...
- Practical Binary Analysis [Dennis Andriesse]
- some slides on x86_64 (from E. Fleury)
-
Lab on buffer overflow exploitation techniques [Room D201]
-
Vacations - No class !
-
- Lecture 6 : timing attacks (non-interference, constant-time programming), (some slides, and some others from E. Poll)
- some exercises
Reading suggestions
-
- Access Control: introduction, and some slides from E. Poll (part1 and part2)
- A short introduction on tools for code security analysis [slides]
Reading suggestions:
Lecture notes from E. Poll Language-Based Security (chapter 4 and 5)
-
- Written assignment at 2 pm
- Tools for code analysis (a short introduction)
-
Dynamic code analysis: fuzzing and symbolic execution
- A short introduction on tools for code security analysis [slides]
- An outline on fuzzing and Symbolic Execution [slides] [+ slides from D.Song] [+ Slides from Martin Vechev]
Reading suggestions:
-
Lab on fuzzing and symbolic execution
- A short introduction on tools for code security analysis [slides]
- An outline on fuzzing and Symbolic Execution [slides] [+ slides from D.Song] [+ Slides from Martin Vechev]
-
- Static code analysis for security : some slides and [Dillig's slides]
- Exercises and Solutions
-
10/12
- Lab : (Dynamic-) Symbolic Execution with PathCrawler and KLEE
-
- Lab : static code analysis for security
- Look at the introduction slides on Frama-C
- Do the following exercises with Frama-C (using these source files)
- Lab : static code analysis for security
-
Vacations - No class !