cs6956-001-2021spring
CS 6956-001 Software Security
Overview
Course Description. This is a graduate-level research-oriented course, which covers both classic and cutting-edge topics in the area of software security. It provides the students with a good understanding of software problems in not only traditional binary executables but also emerging mobile applications, cyber-physical systems and Blockchain platforms.
Course Outcomes. We will read and discuss research papers to grasp the core concepts of various analysis and defense techniques that improve software security. Students will further gain hands-on experience through using security analysis tools and be prepared to explore new research problems.
Instructor: Mu Zhang
Email: muzhang AT cs DOT utah DOT edu
Office: MEB 2168
Office hours: by appointment (virtual)
Location and Time: Zoom on Canvas, M/W 01:25PM-02:45PM
Grading
Paper Presentation: 15%
Paper reviews: 15%
Lab assignments: 30%
Project: 30%
Class Participation: 10%
Paper Review and Presentation
Each student is required to present one paper in the class for about 15 minutes and lead the discussion.
Each student is required to write reviews of at least 300 words for all the papers presented by students, before the papers are presented in class.
Lab Assignments
Lab 1: Buffer Overflow Attacks. Implement simple exploits to trigger vulnerabilities in binary code.
Lab 2: Static Program Analysis. Develop a simple Soot transform to reveal API usage in Android apps.
Lab 3: Symbolic Execution. Write simple angr scripts to find vulnerabilities.
Projects
A list of suggested projects will be provided. Students may also propose their own projects. Projects can be done individually or by groups. Each group should not exceed 2 students. In the project report, clearly state each member's contribution.
Example project directions:
1. building custom analysis tools (for Android apps, smart home IoT apps, industrial controller code, smart contract code, etc.)
2. studying app security (e.g., security mechanisms and their limitations) based upon existing tools
3. launching proof-of-concept attacks against modern software systems
Schedule
Date
1/20
1/25
1/27
2/1
2/3
2/8
2/10
2/15
2/17
2/22
2/24
3/1
3/3
3/8
3/10
3/15
3/17
3/22
3/24
3/29
3/31
4/5
4/7
4/12
4/14
4/19
4/21
4/26
Topic
Introduction
Vulnerabilities
Malware
Defense Mechanisms 1
Defense Mechanisms 2
Static Analysis
Dynamic Analysis
Presidents' Day,
No Class
Symbolic Execution
Fuzzing
Fuzzing cont'd
Soot overview
Reading List
Smashing the Stack for Fun and Profit. Aleph One. Phrack 49(14), Nov. 1996.
The Security Mindset, Bruce Schneier. 2008.
Semantics-Aware Malware Detection, Oakland 2005
Dissecting Android Malware: Characterization and Evolution, Oakland 2012
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, USENIX Sec 98
Address Space Layour Randomization (ASLR)
Data Execution Prevention (DEP)
SoK: Eternal War in Memory, Oakland 2013
Control-Flow Integrity Principles, Implementations, and Applications, TISSEC 2009
Native Client: A Sandbox for Portable, Untrusted x86 Native Code, Oakland 2009
Code-Pointer Integrity, OSDI 2014
Language-Based Information-Flow Security, JSAC 2003
MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones, NDSS 2012
Finding Security Vulnerabilities in Java Applications with Static Analysis, USENIX Security 2005
Soot - A framework for analyzing and transforming Java and Android applications
AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection, CCS 2013
angr: a python framework for analyzing binaries
DART: Directed Automated Random Testing, PLDI 2005
IOTFUZZER: Discovering Memory Corruptions in IoT Through App-based Fuzzing, NDSS 2018
CP-Miner: A Tool for Finding Copy-paste and Related Bugs in Operating System Code, OSDI 2004
Tracelet-Based Code Search in Executables, PLDI 2014
BinDiff: zynamics BinDiff uses a unique graph-theoretical approach to compare executables
Android Permissions Demystified, CCS 2011
A Study of Android Application Security, USENIX Security 2011
SmartAuth: User-Centered Authorization for the Internet of Things, USENIX Security 2017
Sensitive Information Tracking in Commodity IoT, USENIX Security 2018
IOTGUARD: Dynamic Enforcement of Security and Safety Policy in Commodity IoT, NDSS 2019
SoK: Security Evaluation of Home-Based IoT Deployments, Oakland 2019
Security Analysis of Emerging Smart Home Applications, Oakland 2016
ContexIoT: Towards Providing Contextual Integrity to Appified IoT Platforms, NDSS 2017
FlowFence: Practical Data Protection for Emerging IoT Application Frameworks, USENIX Security 2016
SABOT: Specification-based Payload Generation for Programmable Logic Controllers, CCS 2012
A Trusted Safety Verifier for Process Controller Code, NDSS 2014
Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit, NDSS 2017
Towards Automated Safety Vetting of PLC Code in Real-World Plants, Oakland 2019
Making Smart Contracts Smarter, CCS 2016
ZEUS: Analyzing Safety of Smart Contracts, NDSS 2018
Securify: Practical Security Analysis of Smart Contracts, CCS 2018
Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks, NDSS 2019
Backtracking Intrusions, SOSP 2003
Enriching Intrusion Alerts Through Multi-Host Causality, NDSS 2005
Towards a Timely Causality Analysis for Enterprise Security, NDSS 2018
HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows, Oakland 2019
AVATAR: A Framework for Dynamic Security Analysis of Embedded Systems’ Firmwares, NDSS 2014
A Large Scale Analysis of the Security of Embedded Firmwares, USENIX Security 2014
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware, NDSS 2016
Android Security
IoT Security
Industrial Control Systems Security
Smart Contracts Security
Security Audit Logging
Firmware Analysis
Non-Instructional Day,
No Class
Paper Presentation
Paper Presentation
Paper Presentation
Paper Presentation
Project Presentation
Project Presentation
University Policies
1. The Americans with Disabilities Act. The University of Utah seeks to provide equal access to its programs, services, and activities for people with disabilities. If you will need accommodations in this class, reasonable prior notice needs to be given to the Center for Disability Services, 162 Olpin Union Building, (801) 581-5020. CDS will work with you and the instructor to make arrangements for accommodations. All written information in this course can be made available in an alternative format with prior notification to the Center for Disability Services.
2. University Safety Statement. The University of Utah values the safety of all campus community members. To report suspicious activity or to request a courtesy escort, call campus police at 801-585-COPS (801-585-2677). You will receive important emergency alerts and safety messages regarding campus safety via text message. For more information regarding safety and to view available training resources, including helpful videos, visit safeu.utah.edu.
3. Addressing Sexual Misconduct. Title IX makes it clear that violence and harassment based on sex and gender (which Includes sexual orientation and gender identity/expression) is a civil rights offense subject to the same kinds of accountability and the same kinds of support applied to offenses against other protected categories such as race, national origin, color, religion, age, status as a person with a disability, veteran’s status or genetic information. If you or someone you know has been harassed or assaulted, you are encouraged to report it to the Title IX Coordinator in the Office of Equal Opportunity and Affirmative Action, 135 Park Building, 801-581-8365, or the Office of the Dean of Students, 270 Union Building, 801-581-7066. For support and confidential consultation, contact the Center for Student Wellness, 426 SSB, 801-581-7776. To report to the police, contact the Department of Public Safety, 801-585-2677(COPS).