Salta al contenuto principale della pagina

BINARY ANALYSIS AND SECURE CODING

CODE 98683
ACADEMIC YEAR 2019/2020
CREDITS 6 credits during the 2nd year of 10852 COMPUTER SCIENCE (LM-18) GENOVA

6 credits during the 2nd year of 8733 Computer Engineering (LM-32) GENOVA

SCIENTIFIC DISCIPLINARY SECTOR INF/01
LANGUAGE English
TEACHING LOCATION GENOVA (COMPUTER SCIENCE )
SEMESTER 1° Semester
TEACHING MATERIALS AULAWEB

OVERVIEW

The course aims at making developers aware that (poorly written) programs can be exploited for malicious purposes, making them act in unintended ways. This goal is achieved by showing how binary programs can be analysed and exploited.
Moreover, the course describes how to design & write secure SW, i.e., resistant to attack by malicious or mischievous people or programs.

Prerequisites: Proficiency in programming, familiarity with C (especially direct memory management) and operating system concepts

AIMS AND CONTENT

AIMS AND LEARNING OUTCOMES

Being able to write secure code, analyze the behavior and assess security properties of source and binary programs, pinpointing their vulnerabilities, and fix such vulnerabilities or apply corrective counter-measures.

 

PREREQUISITES

Proficiency in programming, familiarity with C (especially direct memory management) and operating system concepts.

TEACHING METHODS

Class lectures and hands-on assignments ("homework").

SYLLABUS/CONTENT

  • Introduction
  • What binaries are, and how they get executed
  • The linking process
  • Dynamic Analysis, tracing and instrumentation
  • Static Analysis, reversing engineering
  • Secure coding; common weaknesses and security assessment (static and dynamic analysis tools)
  • Exploitation

RECOMMENDED READING/BIBLIOGRAPHY

Support material and recommended bibliography will be available on AulaWeb.

TEACHERS AND EXAM BOARD

Exam Board

GIOVANNI LAGORIO (President)

DAVIDE ANCONA

ALESSANDRO ARMANDO

LUCA DEMETRIO

ALESSIO MERLO

LESSONS

TEACHING METHODS

Class lectures and hands-on assignments ("homework").

Class schedule

All class schedules are posted on the EasyAcademy portal.

EXAMS

EXAM DESCRIPTION

Periodic assessment through assignments.

Written examination, followed, in case of success, by a hands-on session and oral discussion.

ASSESSMENT METHODS

The examination will assess the ability of analysing programs for security vulnerabilites, developing simple exploits and applying corrective fixes.

Exam schedule

Date Time Location Type Notes
16/01/2020 00:09 GENOVA Esame su appuntamento
28/02/2020 09:00 GENOVA Esame su appuntamento
16/06/2020 00:09 GENOVA Esame su appuntamento
16/09/2020 00:09 GENOVA Esame su appuntamento
18/09/2020 09:00 GENOVA Esame su appuntamento