COMS W4995: Program Analysis for Security


Lecture Details

Instructor: Suman Jana
Office: Mudd 412
Office hours: Friday (3:40-4:40 pm)
Classroom: Mudd 644
Class hours: Friday (1:10-3:40 pm)

Description

Writing secure code is notoriously hard! Security vulnerabilities resulting from software bugs cost companies billions of dollars every year. Program analysis is a key technique for automatically finding security vulnerabilities. In this course you will learn about principles, algorithms, challenges, and limitations of program anlaysis in the context of security testing. You will also work on a semester-long group project. We will use the fuzzing book as reference.

Prerequisite

Security 1 or equivalent. You should also be generally comfortable to deal with complex large source code (> 1000 lines of C/C++ code) and have basic knowledge of testing/debugging tools like gdb, gcov, etc. Feel free to send me an email if you have any specific questions.

Grading

Schedule

Date Topics Lecture slides & Reading
Jan 20 Introduction intro.pdf, Control flow analysis Control Flow Analysis.pptx, Control Flow Analysis.pdf
Reading assignment: First two chapters of the fuzzing book
Additional reading: Control Flow Analysis, Using llvm to view CFG (Slide 6).
Jan 27 Data flow analysis Data Flow Analysis.pptx, Data Flow Analysis.pdf
Fuzing reading assignment: Search-based fuzzer
Additional reading: Data Flow Analysis.
Symbolic execution Symbolic Execution.pptx, Symbolic Execution.pdf
Additional reading: Symbolic Execution for Software Testing: Three Decades Later (Cadar and Sen)
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs (Cadar et al.)
CUTE: A Concolic Unit Testing Engine for C (Sen et al.)
DART: Directed Automated Random Testing (Godfroid et al.)
Symbolic execution and program testing (King et al.)
Feb 3 Symbolic execution (cntd.)
Feb 10 Fuzzing