cs6956-001-2021spring

CS 6956-001 Software Security

Overview

Course Description. This is a graduate-level research-oriented course, which covers both classic and cutting-edge topics in the area of software security. It provides the students with a good understanding of software problems in not only traditional binary executables but also emerging mobile applications, cyber-physical systems and Blockchain platforms.

Course Outcomes. We will read and discuss research papers to grasp the core concepts of various analysis and defense techniques that improve software security. Students will further gain hands-on experience through using security analysis tools and be prepared to explore new research problems.

  • Instructor: Mu Zhang

  • Email: muzhang AT cs DOT utah DOT edu

  • Office: MEB 2168

  • Office hours: by appointment (virtual)

  • Location and Time: Zoom on Canvas, M/W 01:25PM-02:45PM

Grading

  • Paper Presentation: 15%

  • Paper reviews: 15%

  • Lab assignments: 30%

  • Project: 30%

  • Class Participation: 10%

Paper Review and Presentation

  • Each student is required to present one paper in the class for about 15 minutes and lead the discussion.

  • Each student is required to write reviews of at least 300 words for all the papers presented by students, before the papers are presented in class.

Lab Assignments

  • Lab 1: Buffer Overflow Attacks. Implement simple exploits to trigger vulnerabilities in binary code.

  • Lab 2: Static Program Analysis. Develop a simple Soot transform to reveal API usage in Android apps.

  • Lab 3: Symbolic Execution. Write simple angr scripts to find vulnerabilities.

Projects

A list of suggested projects will be provided. Students may also propose their own projects. Projects can be done individually or by groups. Each group should not exceed 2 students. In the project report, clearly state each member's contribution.

Example project directions:

1. building custom analysis tools (for Android apps, smart home IoT apps, industrial controller code, smart contract code, etc.)

2. studying app security (e.g., security mechanisms and their limitations) based upon existing tools

3. launching proof-of-concept attacks against modern software systems

Schedule

Date

1/20

1/25

1/27

2/1

2/3

2/8

2/10

2/15

2/17

2/22

2/24

3/1

3/3

3/8

3/10

3/15

3/17

3/22

3/24

3/29

3/31

4/5

4/7

4/12

4/14

4/19

4/21

4/26

Topic

Introduction

Slides, Video

Vulnerabilities

Slides, Video

Malware

Slides, Video

Defense Mechanisms 1

Slides, Video

Defense Mechanisms 2

Slides, Video

Static Analysis

Slides, Video

Dynamic Analysis

Slides, Video

Presidents' Day,

No Class

Symbolic Execution

Slides, Video

Fuzzing

Slides, Video

Fuzzing cont'd

Soot overview

Slides, Video

Reading List

Smashing the Stack for Fun and Profit. Aleph One. Phrack 49(14), Nov. 1996.

The Security Mindset, Bruce Schneier. 2008.

Semantics-Aware Malware Detection, Oakland 2005

Dissecting Android Malware: Characterization and Evolution, Oakland 2012

StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, USENIX Sec 98

Address Space Layour Randomization (ASLR)

Data Execution Prevention (DEP)

SoK: Eternal War in Memory, Oakland 2013

Control-Flow Integrity Principles, Implementations, and Applications, TISSEC 2009

Native Client: A Sandbox for Portable, Untrusted x86 Native Code, Oakland 2009

Code-Pointer Integrity, OSDI 2014

Language-Based Information-Flow Security, JSAC 2003

MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones, NDSS 2012

Finding Security Vulnerabilities in Java Applications with Static Analysis, USENIX Security 2005

FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps, PLDI 2014

Soot - A framework for analyzing and transforming Java and Android applications

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, NDSS 2005

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis, USENIX Security 2012

KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, OSDI 2008

AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection, CCS 2013

angr: a python framework for analyzing binaries

DART: Directed Automated Random Testing, PLDI 2005

AFL: american fuzzy lop

IOTFUZZER: Discovering Memory Corruptions in IoT Through App-based Fuzzing, NDSS 2018

CP-Miner: A Tool for Finding Copy-paste and Related Bugs in Operating System Code, OSDI 2004

Tracelet-Based Code Search in Executables, PLDI 2014

BinDiff: zynamics BinDiff uses a unique graph-theoretical approach to compare executables

Android Permissions Demystified, CCS 2011

A Study of Android Application Security, USENIX Security 2011

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, OSDI 2010

Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs, CCS 2014

Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation, NDSS 2018

SmartAuth: User-Centered Authorization for the Internet of Things, USENIX Security 2017

Sensitive Information Tracking in Commodity IoT, USENIX Security 2018

IOTGUARD: Dynamic Enforcement of Security and Safety Policy in Commodity IoT, NDSS 2019

SoK: Security Evaluation of Home-Based IoT Deployments, Oakland 2019

Security Analysis of Emerging Smart Home Applications, Oakland 2016

ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms, NDSS 2017

FlowFence: Practical Data Protection for Emerging IoT Application Frameworks, USENIX Security 2016

SABOT: Specification-based Payload Generation for Programmable Logic Controllers, CCS 2012

A Trusted Safety Verifier for Process Controller Code, NDSS 2014

Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit, NDSS 2017

Towards Automated Safety Vetting of PLC Code in Real-World Plants, Oakland 2019

ICSREF: A Framework for Automated Reverse Engineering of Industrial Control Systems Binaries, NDSS 2019

Making Smart Contracts Smarter, CCS 2016

ZEUS: Analyzing Safety of Smart Contracts, NDSS 2018

Securify: Practical Security Analysis of Smart Contracts, CCS 2018

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks, NDSS 2019

Backtracking Intrusions, SOSP 2003

Enriching Intrusion Alerts Through Multi-Host Causality, NDSS 2005

ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting, NDSS 2016

Towards a Timely Causality Analysis for Enterprise Security, NDSS 2018

HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows, Oakland 2019

FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution, USENIX Security 2013

AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems’ Firmwares, NDSS 2014

A Large Scale Analysis of the Security of Embedded Firmwares, USENIX Security 2014

Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware,NDSS 2015

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware, NDSS 2016

FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation, USENIX Security 2019

Code Search

Slides, Video1, Video2

Project Proposal

Reading Week,

No Class

Reading Week,

No Class

Android Security

Slides1, Slides2, Video

IoT Security

Slides, Video

Industrial Control Systems Security

Slides, Video

Smart Contracts Security

Slides, Video

Security Audit Logging

Slides, Video

Firmware Analysis

Slides, Video

Non-Instructional Day,

No Class

Paper Presentation

Paper Presentation

Paper Presentation

Paper Presentation

Project Presentation

Project Presentation

University Policies

1. The Americans with Disabilities Act. The University of Utah seeks to provide equal access to its programs, services, and activities for people with disabilities. If you will need accommodations in this class, reasonable prior notice needs to be given to the Center for Disability Services, 162 Olpin Union Building, (801) 581-5020. CDS will work with you and the instructor to make arrangements for accommodations. All written information in this course can be made available in an alternative format with prior notification to the Center for Disability Services.

2. University Safety Statement. The University of Utah values the safety of all campus community members. To report suspicious activity or to request a courtesy escort, call campus police at 801-585-COPS (801-585-2677). You will receive important emergency alerts and safety messages regarding campus safety via text message. For more information regarding safety and to view available training resources, including helpful videos, visit safeu.utah.edu.

3. Addressing Sexual Misconduct. Title IX makes it clear that violence and harassment based on sex and gender (which Includes sexual orientation and gender identity/expression) is a civil rights offense subject to the same kinds of accountability and the same kinds of support applied to offenses against other protected categories such as race, national origin, color, religion, age, status as a person with a disability, veteran’s status or genetic information. If you or someone you know has been harassed or assaulted, you are encouraged to report it to the Title IX Coordinator in the Office of Equal Opportunity and Affirmative Action, 135 Park Building, 801-581-8365, or the Office of the Dean of Students, 270 Union Building, 801-581-7066. For support and confidential consultation, contact the Center for Student Wellness, 426 SSB, 801-581-7776. To report to the police, contact the Department of Public Safety, 801-585-2677(COPS).