Schedule

This is a tentative schedule for the class. There could be some dynamic adjustments as and when needed.

Note: We will have project presentations on November 29th and December 01, 03, 06, 08, and, 10.

Event

Date

Description

Course Material
No Class

08/19/2024
Monday

Instructor Travelling
Lecture

08/21/2024
Wednesday

Introduction
[slides] [MemoryCorruption]
Required Readings:
- How to read a scientific paper
Assignment

08/21/2024
Wednesday

Assignment #0 - Self Assessment released!

[Assignment #0 - Self Assessment]
Lecture

08/23/2024
Friday

Memory Corruption and Vulnerability Detection - Static analysis (Part 1)
[slides] [References]
Required Readings:
- Galios Connection
- Undecidability of Program Analysis
Suggested Readings:
Due

08/23/2024 23:59
Friday

Assignment #0 due
No Class

08/26/2024
Monday

DARPA Meeting
Lecture

08/28/2024
Wednesday

Memory Corruption and Vulnerability Detection - Static analysis (Part 2)
[slides] [References]
Required Readings:
- Galios Connection
- Undecidability of Program Analysis
Suggested Readings:
Lecture

08/30/2024
Friday

LLVM - Crash course
[slides]
Lecture

09/02/2024
Monday

Vulnerability Detection - Fuzzing (Part 1)
[slides]
Required Readings:
- AFL Technical Details
- The Art, Science, and Engineering of Fuzzing: A Survey
Suggested Readings:
No Class

09/02/2024
Monday

Labor Day
Assignment

09/03/2024
Tuesday

Assignment #1 - LLVM Playground released!

[Assignment #1 - LLVM Playground]
Lecture

09/04/2024
Wednesday

Vulnerability Detection - Fuzzing (Part 1) -- By Shashank
[slides]
Required Readings:
- AFL Technical Details
- The Art, Science, and Engineering of Fuzzing: A Survey
Suggested Readings:
Lecture

09/06/2024
Friday

Fuzzing UEFI Interfaces (By Connor)
[slides]
Project Milestone

09/09/2024 00:00
Monday

Project Proposal Due
Lecture

09/09/2024
Monday

Vulnerability Detection - Sanitizers (Part 1)
[slides]
Recommended Readings:
- SOK: Sanitization for Security
Lecture

09/11/2024
Wednesday

Vulnerability Detection - Sanitizers (Part 2)
[slides]
Recommended Readings:
- SOK: Sanitization for Security
Lecture

09/13/2024
Friday

Vulnerability Detection - Symbolic Execution (Part 1)
[slides]
Required Readings:
- KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
- Symbolic Execution for Software Testing: Three Decades Later
Suggested Readings:
Lecture

09/16/2024
Monday

Vulnerability Detection - Best Effort (Part 1)
[slides]
Required Readings:
- A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World
Recommended Readings:
Suggested Readings:
Project Milestone

09/23/2024 00:00
Monday

Related Work Due
Lecture

09/23/2024
Monday

Vulnerability Prevention (Part 1)
[slides]
Required Readings:
- SoftBound: Highly Compatible and Complete Spatial Memory Safety for C
- Preventing Use-after-free with Dangling Pointers Nullification
Suggested Readings:
Lecture

09/25/2024
Wednesday

Vulnerability Prevention (Part 1)
[slides]
Required Readings:
- SoftBound: Highly Compatible and Complete Spatial Memory Safety for C
- Preventing Use-after-free with Dangling Pointers Nullification
Suggested Readings:
Lecture

09/27/2024
Friday

Vulnerability Prevention (Part 1)
[slides]
Required Readings:
- SoftBound: Highly Compatible and Complete Spatial Memory Safety for C
- Preventing Use-after-free with Dangling Pointers Nullification
Suggested Readings:
Lecture

09/30/2024
Monday

Vulnerability Prevention (Part 2)
[slides]
Required Readings:
Suggested Readings:
Due

09/30/2024 23:59
Monday

Assignment #1 due
Exam

10/02/2024 04:30
Wednesday

Midterm 1 (In class, closed book, 50 min).
Topics:
- Abstract Interpretation
- Static Analysis – Sound, Complete, Sensitivities
- Fuzzing – AFL++, Coverage, Feedback, etc.
- Symbolic Execution – Technique, advantages, disadvantages.
- Sanitizers – Technique, Types, Pros, Cons.
Style:
- On paper — old style.
Types of Questions:
- Multiple choice.
- Descriptive.
- Fill in the blanks.
- Open ended.
Assignment

10/04/2024
Friday

Assignment #2 - Symbolic Execution Playground released!

[Assignment #2 - Symbolic Execution Playground]
Project Milestone

10/07/2024 00:00
Monday

Research Plan Due
No Class

10/07/2024
Monday

Fall Break
Lecture

10/09/2024
Wednesday

Automated Patching (Part 1)
[slides]
Required Readings:
Suggested Readings:
Lecture

10/11/2024
Friday

Automated Patching (Part 2)
[slides]
Required Readings:
Suggested Readings:
Lecture

10/14/2024
Monday

Automated Patching (Part 3)
[slides]
Required Readings:
Suggested Readings:
No Class

10/16/2024
Wednesday

Instructor Attending CCS Conference.
Project Milestone

10/21/2024 00:00
Monday

Abstract/Intro Due
Lecture

10/21/2024
Monday

Patch Propagation (Part 1)
[slides]
Required Readings:
Suggested Readings:
Lecture

10/23/2024
Wednesday

Patch Propagation (Part 2)
[slides]
Required Readings:
Suggested Readings:
Due

10/24/2024 23:59
Thursday

Assignment #2 due
Lecture

10/25/2024
Friday

Patch Propagation (Part 3)
[slides]
Required Readings:
Suggested Readings:
Assignment

10/25/2024
Friday

Assignment #3 - Real World Bug Finding released!

[Assignment #3 - Real World Bug Finding]
Lecture

11/06/2024
Wednesday

Boomerang (Confused Deputy Attacks)
[slides1] [slides2]
Lecture

11/08/2024
Friday

Confused Deputy in AI Accelators (By Srihari)
[slides]
Due

11/20/2024 23:59
Wednesday

Assignment #3 due
Exam

11/22/2024 04:30
Friday

Midterm 2.
Topics:
- Vulnerability Detection - Best effort.
- Vulnerability Prevention and Checked C.
- Automated Patching.
- Patch Propagation.
Style:
- On paper — old style.
Types of Questions:
- Multiple choice.
- Descriptive.
- Fill in the blanks.
- Open ended.
Project Milestone

12/06/2024 00:00
Friday

Project Presentation
Project Milestone

12/11/2024 00:00
Wednesday

Final Project Report Due