Salta al contenuto principale della pagina

BINARY ANALYSIS AND SECURE CODING

CODE 101811
ACADEMIC YEAR 2022/2023
CREDITS
  • 6 cfu during the 2nd year of 11160 COMPUTER ENGINEERING (LM-32) - GENOVA
  • 9 cfu during the 2nd year of 10852 COMPUTER SCIENCE (LM-18) - GENOVA
  • SCIENTIFIC DISCIPLINARY SECTOR INF/01
    LANGUAGE English
    TEACHING LOCATION
  • GENOVA
  • SEMESTER 1° Semester
    TEACHING MATERIALS AULAWEB

    OVERVIEW

    The course aims at making developers aware that (poorly written) programs can be exploited for malicious purposes, making them act in unintended ways. This goal is achieved by showing how binary programs can be analysed and exploited.
    Moreover, the course describes how to design & write secure software, i.e., resistant to attack by malicious or mischievous people or programs.

    AIMS AND CONTENT

    LEARNING OUTCOMES

    Being able to write secure code, analyze the behavior and assess security properties of source and binary programs, pinpointing and fix their vulnerabilities or apply corrective counter-measures.

    AIMS AND LEARNING OUTCOMES

    Being able to write secure code, analyze the behavior and assess security properties of source and binary programs, pinpointing their vulnerabilities, and fix such vulnerabilities or apply corrective counter-measures.

    PREREQUISITES

    Proficiency in programming, familiarity with C (especially direct memory management) and operating system concepts.

    TEACHING METHODS

    Class lectures and hands-on assignments ("homework").

    Some topics and exercises, explicitly marked as such in the support material, are optional for students with the "6-CFU version".

    SYLLABUS/CONTENT

    • Introduction
    • What binaries are, and how they get executed
    • The linking process
    • Dynamic Analysis, tracing and instrumentation
    • Static Analysis, reversing engineering
    • Secure coding; common weaknesses and security assessment (static and dynamic analysis tools)
    • Exploitation

    Some topics and exercises, explicitly marked as such in the support material, are optional for students with the "6-CFU version".

    RECOMMENDED READING/BIBLIOGRAPHY

    Support material and recommended bibliography will be available on AulaWeb.

    TEACHERS AND EXAM BOARD

    Exam Board

    GIOVANNI LAGORIO (President)

    ALESSANDRO ARMANDO

    DAVIDE ANCONA (Substitute)

    MAURA CERIOLI (Substitute)

    LESSONS

    Class schedule

    All class schedules are posted on the EasyAcademy portal.

    EXAMS

    EXAM DESCRIPTION

    Hands-on session and oral discussion.

    ASSESSMENT METHODS

    The examination will assess the ability of analysing programs for security vulnerabilites, developing simple exploits and applying corrective fixes.

    Exam schedule

    Date Time Location Type Notes