Software Security

Software Security (Fall 24)

Course Information

Lectures: ???
Instructor: a, b, and rainoftime?
Teaching assistant: ?

Attack, detection, and protection (TBD)

Section	Topic	Selected?
Introduction
Buffer Overflow (?)
Retlibc/ROP (?)
Format String(?)
Foundations of Software Analysis	Proof system, soundness&completeness, program's semantics	Model theory, real closed field
From Dataflow Analsyis to Abstract Interpretation	Reaching definition, chaotic iteration, numerical domains	Alias, symbolic abstraction, IFDS, CFL-reachability
Software Model Checking	SMT, inductive loop invariant, predicate abstraction&refinement	BMC&k-induction, PDR, trace abstraction
Software Testing	Greybox fuzzing, symbolic execution, metamorphic testing	Property-based testing, dynamic taint analysis
Protection?	CFI/SFI, hardware-assisted protection	AEG

Uday P. Khedker, Amitabha Sanyal, Bageshri Karkare. Dataflow Analysis: Theory and Practice
Anders Møller, Michael I. Schwartzbach. Static Program Analysis
Xavier Rival and Kwangkeun Yi. Introduction to Static Analysis: An Abstract Interpretation Perspective
Patrick Cousot. Principles of Abstract Interpretation
Aaron Bradley and Zohar Manna. The Calculus of Computation Decision Procedures with Applications to Verification
Michael Huth and Mark Ryan. Logic in Computer Science: Modelling and Reasoning about Systems
Automated Reasoning for Logic and Programs