- Code COMP3703
- Unit Value 6 units
- Offered by School of Computing
- ANU College ANU College of Engineering and Computer Science
- Course subject Computer Science
- Areas of interest Computer Science
- Academic career UGRD
- Mode of delivery In Person
This course has been adjusted for remote participation in Semester 1, 2022.
Software Security covers advanced techniques in software vulnerability assessment, discovery and mitigation. These include: common patterns in software vulnerabilities, such as stack-based buffer overflow, format string vulnerabilities, and heap-based vulnerabilities; exploitation techniques such as code injection, return-oriented-programming; techniques for vulnerability discovery, such as program binaries reverse engineering, fuzzing and symbolic execution; and mitigation techniques such
as memory protection mechanisms, input sanitation, and control flow integrity protection. The course features hands-on lectures and labs to analyse software vulnerabilities, both in the source code and in program binaries, and design and implement appropriate mitigation techniques.
Upon successful completion, students will have the knowledge and skills to:
- Demonstrate a thorough understanding of common sources of vulnerabilities in software.
- Demonstrate a thorough understanding in exploitation techniques against software vulnerabilities and defensive techniques against these exploitations.
- Demonstrate proficiency in software reverse engineering.
- Demonstrate proficiency in vulnerability discovery processes, from both source code and binary.
- Apply the vulnerability discovery techniques to real-world software, analyse their vulnerabilities and design and implement appropriate mitigation techniques.
- Assignments with practical hands-on components, and report writing with in-depth analysis of vulnerabilities and designs and implementations of mitigation techniques. (60) [LO 1,2,3,4]
- Final computer-based exam in vulnerability discovery and exploit writing. (40) [LO 3,4,5]
The ANU uses Turnitin to enhance student citation and referencing techniques, and to assess assignment submissions as a component of the University's approach to managing Academic Integrity. While the use of Turnitin is not mandatory, the ANU highly recommends Turnitin is used by both teaching staff and students. For additional information regarding Turnitin please visit the ANU Online website.
The workload will be approximately 130 hours, with a mixture of lectures, labs, assignments, independent reading and study.
Information in inherent requirements for this course is currently not available
Requisite and Incompatibility
The following are indicative of reference material relevant to the course. Since software security (and cyber security in general) is a fast changing field, this list will be updated as necessary to take into account the latest development in the field.
- Dennis Andriesse. Practical Binary Analysis - Build Your Own Linux Tools for Binary Instrumentation, Analysis and Disassembly. No starch press, 2019.
- Wenliang Du. Computer Security: A Hands-on Approach. 2nd edition, 2019.
- Andrew Honig and Michael Sikorski. Practical Malware Analysis. No starch press, 2012.
- Chris Anley, Felix Lindner, and John Heasman. The Shellcoder’s Handbook. 2nd edition, Wiley, 2007
- Research papers and online references
Tuition fees are for the academic year indicated at the top of the page.
Commonwealth Support (CSP) Students
If you have been offered a Commonwealth supported place, your fees are set by the Australian Government for each course. At ANU 1 EFTSL is 48 units (normally 8 x 6-unit courses). More information about your student contribution amount for each course at Fees.
- Student Contribution Band:
- Unit value:
- 6 units
If you are a domestic graduate coursework student with a Domestic Tuition Fee (DTF) place or international student you will be required to pay course tuition fees (see below). Course tuition fees are indexed annually. Further information for domestic and international students about tuition and other fees can be found at Fees.
Where there is a unit range displayed for this course, not all unit options below may be available.