Yonghwi Kwon (yongkwon@virginia.edu, http://yongkwon.info)
Tu., Thurs., 9:30AM - 10:45AM @ Rice 340
Office Hours: Tu 10:45AM ~ 12:00PM @ Rice 505
Cyberattacks are becoming more and more sophisticated. State-funded attackers are spending tremendous time and effort to infiltrate organizations (e.g., enterprise and government agencies) leveraging stealthy and sophisticated attack mechanisms (e.g., zero-day exploits).
To fight back against those attackers, there are various advanced techniques proposed by researchers and industry. As attackers break into systems in various ways, building a fundamental protection against these attackers require techniques across various layers of software and fundamental understanding of the system as well as attackers.
Information flow can be tracked via program analysis, meaning that we can understand how Siri and Alexa laughed.
What is tracing? Why it is needed? How to automatically trace a program?
What is dynamic analysis? What is slicing and information flow? Why we need those? How to do those effectively? What we can do with those?
Topic 1: How we can leverage our knowledge of information flow to build secure systems/make systems secure?
Topic 2: What is reverse engineering? Basic principles of disassembly. Recovering semantics
Recovering semantics, Decompilers, Anti-debugging techniques and solutions against them
Recovering semantics, Decompilers, Anti-debugging techniques and solutions against them
What is static analysis? How it is compared to dynamic analysis? What are the common static analysis techniques for security applications? => Answer: Value-set Analysis, Control-flow Integrity, Data-flow Integrity.
Guest lecture about PKI security and certificates abuse in real-world.
TBD
Analyzing real world vulnerability in web browsers to understand and prevent attacks.
Materials will be provided while we have no classes this week.
Understand how and why web is insecure. Learn various ways and methods to prevent attacks on web ecosystem across server and client.
Individual students present final results of the course project (individual project) -- 40% of the grade. (breakdown: 10% for presentation, 10% for a report, 20% for the project artifacts)
Reading Days (Oct 8) , Thanksgiving (Nov 28), Final week (Dec 10, 12): No class
This class has no exam. The grading is based on projects and presentations.
1. Presentation: 20% (10% for understanding of the paper, 10% for effective presentation)
2. Assignments: 30% (3 assignments; each 10%)
3. Independent Research Project: 40% (20% for the design and implementation, 10% for a presentation, 10% for a report)
4. Class participation: 10% (Questions and Reviews for the papers discussed in the class)
I will hand out my business cards for students who participated in the class actively. At the end of the semester, return the cards to redeem your credits.
5. Extra credit: Extra assignments: TBD% (To be announced)
Dynamic Program Analysis
Static Program Analysis
Reverse-engineering
Operating System Security
Web Security
Mobile Security
IoT Security
This reading list includes representative publications that will be covered during this class. Papers will be added during the semester. Please use them to understand high-level themes of the class topics.
Particularly for systems security papers: (1) Read Abstract -> Introduction -> Conclusion, (2) Find and read a motivation (representative) example or case studies. They include a complete (and often realistic) story and how the proposed idea solves the problem with newly proposed methods.
Dynamic/Static Analysis Frameworks
Data-flow tracking and Data-flow analysis
Control-flow tracking and Control-flow analysis
Evasive techniques
Code obfuscation/de-obfuscation
Record and replay / N-version systems
Audit-logging
Web/Browser Security
Sandboxing/isolation, Fault localization
Mobile/IoT Security
Machine Learning (Added)