Below is the calendar for this course. This is the preliminary schedule, which will be altered as the quarter progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

DateTopicAssignments
Due		Readings for Discussion
(do readings before class)
09/27/24Introduction
(Slides)
Course syllabus link
09/30/24History of Attacks
(Slides)
The Internet Worm Program: An Analysis, Eugene Spafford, Purdue Technical Report, CSD-TR-823, 1988 (Sections 1-3).link
10/02/24Software Vulnerabilities
(Slides)
Vulnerability Definitions link
10/04/24Software Vulnerabilities (Part 2)
(Slides)
Common Vulnerability Enumeration link
Known Exploited Vulnerabilities Catalog link
10/07/24Buffer Overflow Attacks
(Slides)
Paul van Oorschot. Tools and Jewels. Section 6.3. link
Aleph One. Smashing the Stack for Fun and Profit. Volume 7, Issue 49. link
10/09/24How Overflows Are Exploited
(Slides)
Paul van Oorschot. Tools and Jewels. Section 6.2. link
10/11/24Return-oriented Attacks (Part 1)
(Slides)
Paul van Oorschot. Tools and Jewels. Section 6.5. link
Red Team Notes. Return-to-Libc / ret2libc. link
10/14/24Return-oriented Attacks (Part 2)
(Slides)
Paul van Oorschot. Tools and Jewels. Section 6.5. link
Red Team Notes. Return-to-Libc / ret2libc. link
10/16/24Return-oriented Attacks (Part 3)
(Slides) 		Quiz 1 - 10/17 and 10/18link
Paul van Oorschot. Tools and Jewels. Section 6.5. link
Red Team Notes. Return-to-Libc / ret2libc. link
10/18/24Memory Errors
(Slides)
10/21/24Fixing Software
(Slides)
Secure Programming HOWTO - Creating Secure Software (Chapters 5 and 6) link
10/23/24Type Errors
(Slides)
Type Safety in Programming Languageslink
10/25/24Heap Errors
(Slides)
Paul van Oorschot. Tools and Jewels. Section 6.4. link
10/28/24Exploiting Memory Errors
(Slides) 		Quiz 2 - 10/28 and 10/29link
Bypassing non-executable-stack during exploitation using return-to-libc link
10/30/24Midterm Review
(Slides)
11/01/24Midterm
11/04/24Fuzz Testing
(Slides)
Beginners Guide to Fuzzing: Tutorial link
American Fuzzy Lop link
11/06/24Software Analysis
(Slides)
Enabling Taint Analysis link
11/08/24Software Defenses
(Slides)
Fighting exploits with Control-Flow Integrity (CFI) in Clang link
11/11/24Veteran's Day
11/13/24Malware and Detection
(Slides)
Paul van Oorschot. Tools and Jewels. Sections 7.1-7.5 link
11/15/24Access Control
(Slides)
Paul van Oorschot. Tools and Jewels. Section 5.2-5.3.link
11/18/24Access Control (Part 2)
(Slides) 		Quiz 3 - 11/18 and 11/19link
Paul van Oorschot. Tools and Jewels. Section 5.2-5.3.link
11/20/24Mandatory Access Controls
(Slides)
Paul van Oorschot. Tools and Jewels. Section 5.7.link
11/22/24File System Security
(Slides)
The Confused Deputy (or why capabilities might have been invented). Norm Hardy. Operating Systems Review, pp. 36-38, Oct. 1988. link
11/25/24Web and Browser Security
(Slides)
Paul van Oorschot. Tools and Jewels. Sections 9.1, 9.3-9.4 link
11/27/24Web and Browser Security (Part 2)
(Slides)
Paul van Oorschot. Tools and Jewels. Sections 9.5-9.6 link
11/29/24Thanksgiving
12/02/24Network Security
(Slides) 		Quiz 4 - 12/2 and 12/3link
Paul van Oorschot. Tools and Jewels. Sections 10.1-10.2 link
12/04/24Network Security (Part 2)
(Slides)
Paul van Oorschot. Tools and Jewels. Sections 10.1-10.2 link
12/06/24Final Review
(Slides)
12/11/24Final Exam - W 12/11/2024 - 8:00am-11:00am - Location: HMNSS 1503 (our classroom)
.