Code: analysis, bugs, and security

optional course, supported by Bitdefender

Instructor: Marius Minea, marius@cs.upt.ro (Office: B531. Phone: +40-256-403284)
Lab assistant: Andrei Ardelean, gmail: andreirardelean
Course: Wed 8-10, ASPC
Lab: Thu 16-18, B528; Fri 12-14, B418

New: contest with special prizes for students participating in the course

Course materials

  1. Introduction.
    Sample program: print addresses
  2. Assembly language.
    Sample programs: nested expression (and in three-address code), switch, array of function pointers, lists with pointers to pointers
    See also: x86 Assembly Guide (David Evans, U. Virginia)
  3. Robust and secure programming in C
    See also: CERT C Coding Standard
  4. Compiler basics. Native code and bytecode.
  5. Linking and loading.
    A very good summary (D. Beazley et al.)
    U. Drepper. How to write shared libraries -- a very detailed description.
  6. Obfuscation (summary). Extensive slideset (Christian Collberg, U. Arizona)
    Extra: a recent deobfuscation paper (IEEE S&P 2015) -- see general discussion and obfuscated graphs.
  7. Analysis with LLVM. Intro and LLVM Passes (F. Pereira, UFMG), also tutorial from 2015 LLVM Dev meeting
    Obuscate add pass + CMakeFile (adapted from tutorial above).
    Writing an LLVM pass and LLVM Programmer's Manual

Laboratory

Resources

Other courses


Marius Minea
Last modified: Thu Nov 10 14:15:00 EET 2016