Lectures - 18-335 / 18-732

(Note this is a rough schedule and things are subject to change.)

Jan 17, 2024 Intro: Introduction and Course Overview
This lecture will give a high-level overview of the course, including topics covered, learning goals, and course mechanics.
Jan 19, 2024 Recitation: Build It; Break It; Fix It -- Overview and Introductions
We will discuss the details of the first homework assignment. There will also be time for homework groups to meet and make plans for the assignment. Time permitting, there will be general Q&A about the weeks' topics.
Jan 22, 2024 Intro: Crypto Refresher and Secure Cryptographic Coding
Jan 24, 2024 Intro: Attacks
Reminders and generalizations
| Reading:
- Computer Security and the Internet: Tools and Jewels: Ch. 9 (Portions on HTTP proxies, as well as 9.8 onwards, are optional)
- Buffer Overflows: Attacks And Defenses For The Vulnerability Of The Decade.
- Basic Integer Overflows
- Exploiting Format String Vulnerabilities
| Optional Reading:
- SoK: Eternal War In Memory
- Dynaguard: Armoring Canary-Based Protections Against Brute-Force Attacks
- Hacking Blind
- Smashing The Stack For Fun And Profit
- Low-Level Software Security: Attacks And Defenses
Jan 26, 2024 Recitation: Software Exploits
We will practice the skills needed to analyze an unknown binary, identify vulnerabilities, and exploit them.
Jan 29, 2024 Run-Time: Dynamic Taint Tracking

| Reading:
- All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)
| Optional Reading:
- Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software
- TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
Jan 31, 2024 Run-Time: Control-Flow Integrity (CFI)

| Reading:
- Control-flow integrity principles, implementations, and applications.
Feb 2, 2024 Recitation: Control Flow Graphs
We will practice extracting call graphs and control-flow graphs from code examples.
Feb 5, 2024 Run-Time: Enforceable Properties

| Reading:
- Enforceable security policies
| Optional Reading:
- Edit Automata: Enforcement Mechanisms for Run-time Security Policies
Feb 7, 2024 Run-Time: Enforceable Properties (Continued)
Feb 9, 2024 Recitation: Enforceable Properties
We will practice creating and analyzing automata.
Feb 12, 2024 Code Analysis: Fuzzing

| Optional Reading:
- Scheduling black-box mutational fuzzing
- Skyfire: data-driven seed generation for fuzzing
Feb 14, 2024 Code Analysis: Static Analysis

| Reading:
- Buffer overrun detection using linear programming and static analysis
- Checking system rules using system-specific, programmer-written compiler extensions
| Optional Reading:
- A few billion lines of code later: using static analysis to find bugs in the real world
Feb 16, 2024 Recitation: Code Analysis
We will practice applying various forms of code analysis
Feb 19, 2024 Code Analysis: Symbolic Execution

| Reading:
- Dart: directed automated random testing
- All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)
| Optional Reading:
- EXE: Automatically generating inputs of death
Feb 21, 2024 Code Analysis: Model Checking

| Reading:
- A tool for checking ANSI-C programs
| Optional Reading:
- Design, implementation and verification of an extensible and modular hypervisor framework
Feb 23, 2024 Review: Exam 1 review
This will be a review session. Please think ahead of time what questions you may have.
Feb 26, 2024 Exam: 1
We will have the first exam of the course. This will be a closed book, closed notes, closed neighbor exam.
Feb 28, 2024 Architecture: Separation Mechanisms

| Reading:
- The protection of information in computer systems
| Optional Reading:
- Efficient software-based fault isolation
- A virtual machine introspection based architecture for intrusion detection.
Mar 1, 2024 : No Recitation
Canceled
Mar 4, 2024 : No Class
Mid-Semester Break
Mar 6, 2024 : No Class
Mid-Semester Break
Mar 8, 2024 : No Recitation
Mid-Semester Break
Mar 11, 2024 Architecture: Separation Challenges

| Reading:
- A note on the confinement problem
Mar 13, 2024 Architecture: Separation Policies

| Reading:
- User-driven access control: Rethinking permission granting in modern operating systems
| Optional Reading:
- Run-time enforcement of information-flow properties on Android (extended abstract)
- SoK: Lessons learned from android security research for appified software platforms
Mar 15, 2024 Recitation: Side Channels
We will practice identifying and exploiting side channel vulnerabilities.
Mar 18, 2024 Architecture: Trusted Computing

| Reading:
- Bootstrapping trust in commodity computers
- Design and implementation of a tcg-based integrity measurement architecture.
- Flicker: an execution infrastructure for tcb minimization
| Optional Reading:
- Trustvisor: efficient TCB reduction and attestation
Mar 20, 2024 Languages: Programmer Assisted Verification - Part 1

| Reading:
- Program proofs - Ch 1, Ch 2 (skipping 2.3.4 and 2.7-2.12), Ch 11, 13.0, 13.1
Mar 22, 2024 Review: Exam 2 review
This will be a review session. Please think ahead of time what questions you may have.
Mar 25, 2024 Languages: Programmer Assisted Verification - Part 2

| Reading:
- Program Proofs: Ch 4 (skipping 4.3, 4.5) and Ch 5.1-5.2,5.4,5.7,5.8
Mar 27, 2024 Exam: 2
We will have the second exam of the course. This will be a closed book, closed notes, closed neighbor exam.
Mar 29, 2024 Recitation: Dafny Practice
We will work through a variety of Dafny problems to help you prepare for the last two homework assignments.
Apr 1, 2024 Languages: Type Systems
Apr 3, 2024 Languages: Type Systems (continued) and Non-Interference

| Reading:
- Mathematical models of computer security
- A sound type system for secure flow analysis
- Certification of programs for secure information flow
Apr 5, 2024 Recitation: Types
We will practice applying type rules and reasoning about non-interference.
Apr 8, 2024 Languages: WebAssembly

| Reading:
- Bringing the web up to speed with WebAssembly
| Optional Reading:
- Mechanising and verifying the webassembly specification
Apr 10, 2024 Languages: Rust - Part 1

| Reading:
- The Rust Programming Language
- Comprehensive Rust
Apr 12, 2024 : No Recitation
Spring Carnival
Apr 15, 2024 Languages: Rust - Part 2
Apr 17, 2024 : Usability
Apr 19, 2024 Recitation: TAL and Wasm
We will practice reasoning about TAL and Wasm programs.
Apr 22, 2024 Review: Exam 3 review
This will be a review session. Please think ahead of time what questions you may have.
Apr 24, 2024 Exam: 3
We will have the third exam of the course. This will be a closed book, closed notes, closed neighbor exam.
Apr 26, 2024 : No Recitation
No recitation