Lecture (LEC)

• TOPIC:
• The above class meets with a section of INFO-I 590
• A portion of the seats for this section are reserved for MSSC students
• Above class meets for the thirteen week session

Course Title: Advanced Software Security Content: This seminar provides a comprehensive guided tour of today's software security research. We will start by studying different software vulnerability types (e.g., buffer overflow, UAF) and their security consequences (e.g., privilege escalation, information leakage), then explore how to automatically detect them with different techniques (e.g., fuzzing, static analysis, and hybrid approaches) and how to exploit them. We will further discuss popular counter-measures for software vulnerabilities, including patching practices, software hardening (e.g., CFI), debloating, etc. Special topics like hardware-assisted and AI-assisted software security will also be included if time allows. For each topic, informative lectures on background knowledge will be given, as well as a curated list of related research papers for which the students will review, present, and discuss with each other. The students will gain a systematic understanding of state-of-the-art software security research after finishing the seminar. Assignments: The assignments include critical paper reviews, in-class paper presentations and discussions, and an explorative research project. Hands-on labs are also under planning. Prerequisite: Students are expected to have learned C programming, and have basic knowledge and understanding of operating systems.