COMS W4995: Program Analysis for Security
Lecture Details
Instructor: Suman Jana
Office: Mudd 412
Office hours: Friday (3:40-4:40 pm)
Classroom: Mudd 644
Class hours: Friday (1:10-3:40 pm)
Description
Writing secure code is notoriously hard! Security vulnerabilities resulting from software bugs
cost companies billions of dollars every year. Program analysis is a key technique for automatically
finding security vulnerabilities. In this course you will learn about principles, algorithms, challenges,
and limitations of program anlaysis in the context of security testing. You will also work on a semester-long
group project.
We will use the fuzzing book as reference.
Prerequisite
Security 1 or equivalent. You should also be generally comfortable to deal with complex large source code (> 1000 lines of C/C++ code) and have basic knowledge of testing/debugging tools like gdb, gcov, etc. Feel free to send me an email if you have any specific questions.
Grading
- Midterm project reports - 25%
- Group Project (3-4 students) - 40%
- Group Project Presentation - 30%
- List of group members due - Feb 10th before class
- Project proposal (1 page) due - Feb 24th before class
- Midterm project status report (3 pages) due - Mar 31st before class
- Final report (6-12 double-column pages with 10pt font) due - May 12th (11:59 pm ET)
- Class participation - 5%
Schedule
| Date | Topics | Lecture slides & Reading | |
| Jan 20 | Introduction | intro.pdf,
Control flow analysis Control Flow Analysis.pptx, Control Flow Analysis.pdf Reading assignment: First two chapters of the fuzzing book |
Additional reading: Control Flow Analysis, Using llvm to view CFG (Slide 6). |
| Jan 27 | Data flow analysis | Data Flow Analysis.pptx, Data Flow Analysis.pdf Fuzing reading assignment: Search-based fuzzer Additional reading: Data Flow Analysis. Symbolic execution Symbolic Execution.pptx, Symbolic Execution.pdf |
Additional reading: Symbolic Execution for Software Testing: Three Decades Later (Cadar and Sen) KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs (Cadar et al.) CUTE: A Concolic Unit Testing Engine for C (Sen et al.) DART: Directed Automated Random Testing (Godfroid et al.) Symbolic execution and program testing (King et al.) |
| Feb 3 | Symbolic execution (cntd.) | ||
| Feb 10 | Fuzzing |