BINARY ANALYSIS AND SECURE CODING

BINARY ANALYSIS AND SECURE CODING

_
iten
Code
98683
ACADEMIC YEAR
2018/2019
CREDITS
6 credits during the 2nd year of 10852 COMPUTER SCIENCE (LM-18) GENOVA
SCIENTIFIC DISCIPLINARY SECTOR
INF/01
TEACHING LOCATION
GENOVA (COMPUTER SCIENCE )
semester
1° Semester
Teaching materials

OVERVIEW

The course aims at making developers aware that (poorly written) programs can be exploited for malicious purposes, making them act in unintended ways. This goal is achieved by showing how binary programs can be analysed and exploited.
Moreover, the course describes how to design & write secure SW, i.e., resistant to attack by malicious or mischievous people or programs.

Prerequisites: Proficiency in programming, familiarity with C (especially direct memory management) and operating system concepts

AIMS AND CONTENT

AIMS AND LEARNING OUTCOMES

After the course, participants will be able to write secure code. Furthermore, they will be able to assess the security of (source and binary) programs, pinpointing their vulnerabilities, and to fix such vulnerabilities and/or apply corrective counter-measures.

PREREQUISITES

Proficiency in programming, familiarity with C (especially direct memory management) and operating system concepts.

Teaching methods

Class lectures and hands-on assignments ("homework").

SYLLABUS/CONTENT

  • Introduction
  • Low-level refresher
  • Software security
  • Input validation
  • Memory corruption and Control-flow hijacking
  • Static Binary Analysis
  • Dynamic Binary Analysis

RECOMMENDED READING/BIBLIOGRAPHY

Support material and recommended bibliography will be available on AulaWeb.

TEACHERS AND EXAM BOARD

Ricevimento: Appointment by email Office: Valle Puggia - 303

Exam Board

GIOVANNI LAGORIO (President)

ALESSIO MERLO

LUCA DEMETRIO

ALESSANDRO ARMANDO

DAVIDE ANCONA

LESSONS

Teaching methods

Class lectures and hands-on assignments ("homework").

EXAMS

Exam description

Periodic assessment through assignments.

Written examination, followed, in case of success, by a hands-on session and oral discussion.

Assessment methods

The examination will assess the ability of analysing programs for security vulnerabilites, developing simple exploits and applying corrective fixes.

Exam schedule

Date Time Location Type Notes
14/02/2020 09:00 GENOVA Esame su appuntamento