Software Security

ISOS.
M1 2nd Semester.
since 2018.

Course Description

Nowadays, software security concerns all areas of our life. Indeed, we interact with complex inter-connected software systems on a regular basis. Bugs or defects in these systems might have severe consequences. In this course, students get familiar of the complexity of making secure software. The lecture covers various undefined and buggy behaviors in several languages, especially in C. In addition, it presents the danger of a hazardous manipulation of the memory. It also sheds some light on the intricate relationship between the optimizer and some security-related code. The students will learn how to manage a security project, and deal with its complexity.

Keywords:

MISRA-C, ELF, Undefined Behaviors, Stacks, Dead Store Elimination, ASLR.

Prerequisites:

Low-Level Programming.

Teaching Team:

Mohamed Sabt, Gwendal Patat, and Daniel De Almeida Braga.

Teaching Language:

English.

Course Organization:


Syllabus

Week 1: In This Course, 'C'ing is Believing  
Week 2: Objdump (ELF) Binaries  
Week 3: Connecting the Dots  
Week 4: First Aid Kit for Binary Analysis  
Week 5: Mind Your Language (and Behavior)  
Week 6: C Code and the Order of Certifications  
Week 7: Optimization: The Bad Parts  
Week 8: Still Under Construction  


Other Resources

Lab Session 4   tp_4
Lab Session 6   tp_6
Project   project