CS 6956 Software and System Security

Overview

Course Description. This is a graduate-level research-oriented course, which covers both classic and cutting-edge topics in the area of software security. It provides the students with a good understanding of software problems in not only traditional binary executables but also emerging mobile applications, cyber-physical systems and Blockchain platforms.

Course Outcomes. We will read and discuss research papers to grasp the core concepts of various analysis and defense techniques that improve software security. Students will further gain hands-on experience through using security analysis tools and be prepared to explore new research problems.

  • Instructor: Mu Zhang

  • Email: muzhang AT cs DOT utah DOT edu

  • Office: MEB 2168

  • Office hours: by appointment

  • Location and Time: WEB 1248 and Zoom on Canvas, TuTh 3:40PM -- 5:00PM

Grading

  • Paper Presentation: 15%

  • Paper reviews: 15%

  • Lab assignments: 30%

  • Project: 30%

  • Class Participation: 10%

Paper Review and Presentation

  • Each student is required to present one paper in the class for about 15 minutes and lead the discussion.

  • Each student is required to write reviews of at least 300 words for all the papers presented by students, before the papers are presented in class.

Lab Assignments

  • Lab 1: Buffer Overflow Attacks. Implement simple exploits to trigger vulnerabilities in binary code.

  • Lab 2: Static Program Analysis. Develop a simple Soot transform to reveal API usage in Android apps.

  • Lab 3: Symbolic Execution. Write simple angr scripts to find vulnerabilities.

Projects

A list of suggested projects will be provided. Students may also propose their own projects. Projects can be done individually or by groups. Each group should not exceed 2 students. In the project report, clearly state each member's contribution.

Example project directions:

1. building custom analysis tools (for Android apps, smart home IoT apps, industrial controller code, smart contract code, etc.)

2. studying app security (e.g., security mechanisms and their limitations) based upon existing tools

3. launching proof-of-concept attacks against modern software systems

Schedule

University Policies

1. The Americans with Disabilities Act. The University of Utah seeks to provide equal access to its programs, services, and activities for people with disabilities. If you will need accommodations in this class, reasonable prior notice needs to be given to the Center for Disability Services, 162 Olpin Union Building, (801) 581-5020. CDS will work with you and the instructor to make arrangements for accommodations. All written information in this course can be made available in an alternative format with prior notification to the Center for Disability Services.

2. University Safety Statement. The University of Utah values the safety of all campus community members. To report suspicious activity or to request a courtesy escort, call campus police at 801-585-COPS (801-585-2677). You will receive important emergency alerts and safety messages regarding campus safety via text message. For more information regarding safety and to view available training resources, including helpful videos, visit safeu.utah.edu.

3. Addressing Sexual Misconduct. Title IX makes it clear that violence and harassment based on sex and gender (which Includes sexual orientation and gender identity/expression) is a civil rights offense subject to the same kinds of accountability and the same kinds of support applied to offenses against other protected categories such as race, national origin, color, religion, age, status as a person with a disability, veteran’s status or genetic information. If you or someone you know has been harassed or assaulted, you are encouraged to report it to the Title IX Coordinator in the Office of Equal Opportunity and Affirmative Action, 135 Park Building, 801-581-8365, or the Office of the Dean of Students, 270 Union Building, 801-581-7066. For support and confidential consultation, contact the Center for Student Wellness, 426 SSB, 801-581-7776. To report to the police, contact the Department of Public Safety, 801-585-2677(COPS).