Secure Software Development (WS 2023/24)

Course Number 705022 | Wintersemester 2023/24

Lecturers

Table of Content

Content

The slides are available here after the end of each lecture. The practicals, an explanation about the lecture, exam hacklets, and old exams can be found here: Material

Date	Type	Topic	Lecturer	Material
2023-10-04 10:15	KU	Warmup + Organization		Slides
2023-10-06 12:00	VO	Organization + Intro	Daniel, Lukas, Marcel, Stefan, Vedad	Slides
2023-10-11 10:15	KU	Tools 1		Slides
2023-10-13 12:00	VO	Low Level / C++ Objects	Daniel	Slides
2023-10-18 10:15	KU	Defenselets 1
2023-10-20 12:00	VO	Memory Corruption 1	Marcel, Stefan	Slides
2023-10-25 10:15	KU	Tools 2 / Question Hour
2023-10-27 12:00	VO	Memory Corruption 2	Marcel, Stefan	Slides
2023-11-03 12:00	VO	Exploits	Lukas	Slides
2023-11-08 10:15	KU	Defenselets 2
2023-11-10 12:00	VO	Finding Bugs 1	Vedad	Slides
2023-11-15 10:15	KU	Question Hour
2023-11-17 12:00	VO	Finding Bugs 2	Vedad	Slides
2023-11-22 10:15	KU	Question Hour
2023-11-24 12:00	VO	Defensive Programming	Lukas	Slides
2023-11-29 10:15	KU	Question Hour
2023-12-01 12:00	VO	Countermeasures	Lukas	Slides
2023-12-06 10:15	KU	Defensive Programming		Slides
2023-12-13 10:15	KU	Question Hour
2023-12-15 12:00	VO	Christmas Special (?)
2024-01-10 10:15	KU	Question Hour

Material

This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve "memory safety". We will discuss methods for debugging and bug discovery as well.