The course aims at making developers aware that (poorly written) programs can be exploited for malicious purposes, making them act in unintended ways. This goal is achieved by showing how binary programs can be analysed and exploited. Moreover, the course describes how to design & write secure software, i.e., resistant to attack by malicious or mischievous people or programs. Analysis procedures in adversarial contexts, such as malware analysis, will be also discussed.
Learning how to write secure code, analyze the behavior and assess security properties of source and binary programs, pinpointing and fix their vulnerabilities or apply corrective counter-measures.
At the end of the course, students will be able to:
For the 9-CFU path, students will be also able to analyze programs in adversarial contexts; e.g., malware samples.
Proficiency in programming, familiarity with C (especially direct memory management) and operating system concepts.
Class lectures and project activities, which consist of some assignments.
Some topics and exercises, explicitly marked as such in the support material, are optional for students with the "6-CFU version".
Support material and recommended bibliography will be available on AulaWeb.
Ricevimento: On appointment by email
GIOVANNI LAGORIO (President)
ALESSANDRO ARMANDO
MAURA CERIOLI (President Substitute)
DAVIDE ANCONA (Substitute)
In agreement with the calendar approved by the Degree Program Board of Computer Science.
Hands-on session and oral discussion.
The examination will assess the ability of analysing programs for security vulnerabilites, developing simple exploits and applying corrective fixes.
9-CFU students may be assigned malware/malware-like samples to analyze.
