Speaker | Prof. Dr. Stefan Brunthaler |
Location | MI 02.07.034 |
Date | Thursdays 10:00-12:00 |
Module | IN2362 |
Contents
- run-time organization of programs
- code injection attacks and defenses
- buffer overflows and stack canaries
- control-flow hijacking and control-flow integrity
- code re-use attacks and defenses
- return-oriented programming and software diversity
- counterfeit object-oriented programming (COOP)
- data attacks
- non-control data attacks and data-flow integrity/randomization
- current topics
- theoretical limits of control-flow integrity
- trends in software diversity
Relevant aspects of the lecture will be complemented by lab assignments.
Lecture Slides & Assignments
Please find the lecture slides as well as the lab assignments in moodle.
Examination
The examination is an oral examination (60 minutes) in two parts (weighting 50/50).
The first part consists in a presentation of the executable implementations of simple techniques of the four exsheets on the laptop or projector and the answering of specific questions. Through this first part, students
demonstrate the ability to use theoretical content to solve concrete, application-related problems and to implethese solutions.
The second part of the oral examination consists of three questions on the subject matter of the lecture and tquestions and topics covered here. This second part of the oral test demonstrates the extent to which undersof basic language-based security procedures can be obtained.
Thus, as a whole, it should be demonstrated that in a limited time, for example, types of current attacks and/osecurity issues can be correctly identified and effective defence techniques and/or answers can be found, apassessed.
Possibility of re-taking:
- In the next semester: No
- At the end of the semester: Yes
Recommended Requirements
IN2227 - Compiler Construction I
IN2209 - IT Security