CODE 101811 ACADEMIC YEAR 2023/2024 CREDITS 9 cfu anno 2 COMPUTER SCIENCE 10852 (LM-18) - GENOVA 6 cfu anno 2 COMPUTER ENGINEERING 11160 (LM-32) - GENOVA SCIENTIFIC DISCIPLINARY SECTOR INF/01 LANGUAGE English TEACHING LOCATION GENOVA SEMESTER 1° Semester TEACHING MATERIALS AULAWEB OVERVIEW The course aims at making developers aware that (poorly written) programs can be exploited for malicious purposes, making them act in unintended ways. This goal is achieved by showing how binary programs can be analysed and exploited. Moreover, the course describes how to design & write secure software, i.e., resistant to attack by malicious or mischievous people or programs. Analysis procedures in adversarial contexts, such as malware analysis, will be also discussed. AIMS AND CONTENT LEARNING OUTCOMES Being able to write secure code, analyze the behavior and assess security properties of source and binary programs, pinpointing and fix their vulnerabilities or apply corrective counter-measures. AIMS AND LEARNING OUTCOMES Being able to write secure code, analyze the behavior and assess security properties of source and binary programs, pinpointing their vulnerabilities, and fix such vulnerabilities or apply corrective counter-measures. For the 9-CFU path, being able to analyze programs in adversarial contexts; e.g., malware samples. PREREQUISITES Proficiency in programming, familiarity with C (especially direct memory management) and operating system concepts. TEACHING METHODS Class lectures and hands-on assignments ("homework"). Some topics and exercises, explicitly marked as such in the support material, are optional for students with the "6-CFU version". SYLLABUS/CONTENT Introduction What binaries are, and how they get executed The linking process Dynamic Analysis, tracing and instrumentation Static Analysis, reversing engineering Secure coding; common weaknesses and security assessment (static and dynamic analysis tools) Anti-analysis techniques and malware analysis Exploitation Some topics and exercises, explicitly marked as such in the support material, are optional for students with the "6-CFU version". RECOMMENDED READING/BIBLIOGRAPHY Support material and recommended bibliography will be available on AulaWeb. TEACHERS AND EXAM BOARD GIOVANNI LAGORIO Ricevimento: On appointment by email Exam Board GIOVANNI LAGORIO (President) ALESSANDRO ARMANDO DAVIDE ANCONA (Substitute) MAURA CERIOLI (Substitute) LESSONS LESSONS START In agreement with the calendar approved by the Degree Program Board of Computer Science. Class schedule The timetable for this course is available here: Portale EasyAcademy EXAMS EXAM DESCRIPTION Hands-on session and oral discussion. ASSESSMENT METHODS The examination will assess the ability of analysing programs for security vulnerabilites, developing simple exploits and applying corrective fixes. 9-CFU students may be assigned malware/malware-like samples to analyze. Exam schedule Data appello Orario Luogo Degree type Note 29/01/2024 09:00 GENOVA Esame su appuntamento 15/02/2024 09:00 GENOVA Esame su appuntamento 15/02/2024 09:00 GENOVA Esame su appuntamento 30/05/2024 09:00 GENOVA Esame su appuntamento 28/06/2024 09:00 GENOVA Esame su appuntamento 30/08/2024 09:00 GENOVA Esame su appuntamento 09/09/2024 09:00 GENOVA Esame su appuntamento 13/09/2024 09:00 GENOVA Esame su appuntamento