This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems.
Software is everywhere: in laptops and desktops, mobile phones, the power grid ... even our cars and thermostats. Software is increasingly the vehicle that drives our economy and our personal lives. But software's pervasiveness, and its importance, make it a target: at the root of many security compromises is vulnerable software.
In this course we will look at how to build software that is secure.
To start, we must know what we are up against. As such, we will examine the most prevalent software design and implementation defects.
We will examine vulnerabilities like buffer overruns and use-after-frees that are present in programs written in low-level programming languages like C and C++, and see how these vulnerabilities can be exploited by a clever attacker. We will also look attacks on applications that are part of the worldwide web -- attacks with names like SQL injection, cross-site scripting, and session hijacking. We will also mention side-channel attacks (such as those based on the size of messages or the time taken to process a request), attacks on the human user (like phishing), and failures of design (like the use of insecure defaults). Examples of these attacks will be taken from the headlines.
Having examined these defects and their role in security compromises, we will look at how to prevent them entirely, or mitigate their effects, by improving the software's design and implementation. We will see that security must appear at all phases in the development lifecycle, including requirements development, system design, implementation, and testing/validation.
Finally, we will look at state-of-the-art tools and techniques for testing and otherwise verifying that software is secure. We will consider how security testing differs from functional testing (it's harder!). We will look at the art of penetration testing, which is the activity of trying to find and exploit weaknesses in a system prior to its deployment. We will also look at an emerging class of program analysis tools that can automatically identify flaws in programs by analyzing their code.
At the conclusion of the course, the student will know how to "build security in" rather than consider it as an afterthought, and will have a plethora of skills, applicable at each phase of the development cycle, that can be used to strengthen the security of software systems.
In addition to a brief introductory sequence, the course is broken into six units, one per week:
- Low-level, memory-based attacks, including stack smashing, format string attacks, stale memory access attacks, and return-oriented Programming (ROP)
- Defenses against memory-based attacks, including stack canaries, non-executable data (aka W+X or DEP), address space layout randomization (ASLR), memory-safety enforcement (e.g., SoftBound), control-flow Integrity (CFI)
- Web security, covering attacks like SQL injection, Cross-site scripting (XSS), Cross-site request forgery (CSRF), and Session hijacking, and defenses that have in common the idea of input validation
- Secure design, covering ideas like threat modeling and security design principles, including organizing ideas like favor simplicity, trust with reluctance, and defend in depth; we present real-world examples of good and bad designs
- Automated code review with static analysis and symbolic execution, presenting foundations and tradeoffs and using static taint analysis and whitebox fuzz testing as detailed examples
- Penetration testing, presenting an overview of goals, techniques, and tools of the trade
Roughly: A third-year undergraduate in computer science.
In detail, we expect
- a good knowledge of the C programming language (equivalent of at least a one semester undergraduate course), and
- programming proficiency in at least one language (either C, or another one, equivalent to 1-2 semesters).
We also expect familiarity with the following (though we will do some review):
- Unix/Linux (basic commands using the shell, and basic tools like gcc)
- the WWW and basic networking concepts (TCP, HTTP, HTML)
- Machine-level program execution and assembly language (ideally, Intel x86)
I recommends Buy premimum account for High speed+parallel downloads!