Syllabus
- Vulnerabilites and Exploits : buffer overflows, return-to-libc, ROPs, double frees, format string vulnerabilities, covert channels
- Mitigations : W^X, ASLR, Canaries, hardware and compiler mitigations
- Capability and sandboxing systems : SGX, Trustzone
- Detection mechansims : malware detection mechanisms, information leak mechanisms, static and dynamic techniques
Schedule
Lecture Slides
- Introduction
- Engineering for Security
- Binary Exploitation 1 : Buffer Overflows (Threats and Mitigations)
- Fat Pointers
- Binary Exploitation 2 : Buffer overreads, format string, integer overflows, and heapexploits
- Access Control
- Confinement
- Hardware Security
- Trusted Execution Environments
- Capability Based Systems