CSE504: Program Analysis for Software Security

Spring 2010

Hours	Monday and Wednesday, 10:30-11:50. Office hours are held after class.
Instructor	Ben Livshits (livshits@cs)
Location	CSE 503 (5^th floor conference room)

Course overview	PPTX\|PDF

Reading list (subject to change):

	Topic	Mandatory reading	Optional reading	Notes/presenter	Slides
3/29M	Course introduction			Ben	ppt\|pdf
3/31W	Introductory papers	Smashing the Stack for Fun and Profit	Engineering Heap Overflow Exploits with JavaScript	Ben	ppt\|pdf
4/5M	Memory errors and buffer overruns (overview)	StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks	Reflections on Trusting Trust	Crispin Cowan	ppt\|pdf
4/7W	How it all started	Static Detection of Dynamic Memory Errors	A static analyzer for finding dynamic programming errors	Jaeyeon	ppt\|pdf
4/12M	Web application security (overview)	Securing Web Applications with Static and Dynamic Information Flow Tracking	Merlin: Specification Inference for Explicit Information Flow Problems	Jason	ppt\|pdf
Memory safety
4/14W	Buffer overruns	A first step towards automated detection of buffer overrun vulnerabilities	A practical flow-sensitive and context-sensitive C and C++ memory leak detector	Sam	ppt\|pdf
4/19M	Language solutions	CCured: Type-Safe Retrofitting of Legacy Code	Detecting Format-String Vulnerabilities with Type Qualifiers	Jeff	ppt\|pdf
4/21W	Worms	Vigilante: End-to-End Containment of Internet Worms	ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing	Marcus Peinado	ppt\|pdf
4/26M	Runtime analysis	Preventing memory error exploits with WIT	DieHard: Probabilistic memory safety for unsafe languages	Justin	ppt\|pdf
4/28W	Symbolic execution	EXE: Automatically Generating Inputs of Death	Automated Whitebox Fuzz Testing	Kevin	ppt\|pdf
Web security
5/3M	SQL Injection/XSS	Finding Security Vulnerabilities in Java Applications with Static Analysis	Essence of Command Injection Attacks	Justin	ppt\|pdf
5/5W	Languages	SWIFT	Ripley	Jeff	ppt\|pdf
5/10M	Scripts and related mayhem	Spectator: Detection and Containment of JavaScript Worms	Static Detection of Security Vulnerabilities in Scripting Languages	Colin	ppt\|pdf
5/12W	Malware on the Web	The Ghost In The Browser Analysis of Web-based Malware	Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code	Jason	ppt\|pdf
5/17M	Mash-ups	BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML	MashupOS: Operating System Abstractions for Client Mashups	Colin	ppt\|pdf
5/19W	Information flow	Enforcing Stateful Authorization and Information Flow Policies in Fine	Type-preserving compilation for end-to-end verification of security enforcement	Nikhil Swamy	ppt\|pdf
5/24M	Browser security	ConScript	End-to-end Web Application Security	Sam	ppt\|pdf
5/26W	Static analysis on the Web	Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code Staged Information Flow for JavaScript	Using Static Analysis for Ajax Intrusion Detection	Jaeyeon	ppt\|pdf
Final stretch
5/31M	Memorial day holiday
6/2W	Project presentations