Home

This course would cover the design and implementation of secure systems. There will be three parts in the course (1) security threats and exploits in programs (2) mitigation techniques (3) detection techniques

Tentative topics include threat models, popular security attacks like (buffer overflows, return-to-libc, format string, ROPs, heartbleed, side channel analysis, etc.). Techniques for secure system design such as the use of capabilities, SGX, root of trust, and PUFs will be discussed.

Tentative evaluation will be as follows : 50% from coding assignments, 25% for mid-semester exam, 25% for end-semester exam. Optionally, students can choose to do a course project instead of the end-semester exam.

Syllabus

• Vulnerabilites and Exploits : buffer overflows, return-to-libc, ROPs, double frees, format string vulnerabilities, covert channels

• Mitigations : W^X, ASLR, Canaries, hardware and compiler mitigations

• Capability and sandboxing systems : SGX, Trustzone

• Micro-architectural Attacks and Side Channel Analysis

• Hardware and Embedded Security: PUFs, Trojans, a case study of automotive security

Instructor

Chester Rebeiro

Logistics

Classes will be held from 31/July/2019 in CS24. Slot J.

TAs

• • Keerthi K.

  • Muhammad Arsath KF

  • Prithwish Basu Roy

  • Milind Srivastava