• Class Number 4185
  • Term Code 3430
  • Class Info
  • Unit Value 6 units
  • Mode of Delivery In Person
    • Dr Alwen Tiu
    • Adrian Herrera
    • Dr Alwen Tiu
    • Dr Mike Purcell
  • Class Dates
  • Class Start Date 19/02/2024
  • Class End Date 24/05/2024
  • Census Date 05/04/2024
  • Last Date to Enrol 26/02/2024
SELT Survey Results

Software Security covers advanced techniques in software vulnerability assessment, discovery and mitigation. These include: common patterns in software vulnerabilities, such as stack-based buffer overflow, format string vulnerabilities, and heap-based vulnerabilities; exploitation techniques such as code injection, return-oriented-programming; techniques for vulnerability discovery, such as program binaries reverse engineering, fuzzing and symbolic execution; and mitigation techniques such

as memory protection mechanisms, input sanitation, and control flow integrity protection. The course features hands-on lectures and labs to analyse software vulnerabilities, both in the source code and in program binaries, and design and implement appropriate mitigation techniques.

Learning Outcomes

Upon successful completion, students will have the knowledge and skills to:

  1. Demonstrate a thorough understanding of common sources of vulnerabilities in software.
  2. Demonstrate a thorough understanding in exploitation techniques against software vulnerabilities and defensive techniques against these exploitations.
  3. Demonstrate proficiency in software reverse engineering.
  4. Demonstrate proficiency in vulnerability discovery processes, from both source code and binary.
  5. Apply the vulnerability discovery techniques to real-world software, analyse their vulnerabilities and design and implement appropriate mitigation techniques.

Research-Led Teaching

This course covers both foundational and advanced topics in binary analysis and exploitation, including state-of-the-art exploitation techniques and vulnerability discovery techniques taught by researchers and practitioners in the field.

Examination Material or equipment

All examination materials are permitted.

Required Resources

Main textbooks:

-        [DA19] Dennis Andriesse. Practical Binary Analysis - Build Your Own Linux Tools for Binary Instrumentation, Analysis and Disassembly. No starch press, 2019.

-        [WD19] Wenliang Du. Computer Security: A Hands-on Approach. 2nd edition, 2019.

Other references:

-        [CA07] Chris Anley, Felix Lindner, and John Heasman. The Shellcoder’s Handbook. 2nd edition, Wiley, 2007.

-        [AH12] Andrew Honig and Michael Sikorski. Practical Malware Analysis. No starch press, 2012.

-        Research papers and online references - to be provided in due course.

The labs will use extensively various tools. These will be provided as virtual machine (VM) images. Links to download these VMs will be provided during the labs. 

Whether you are on campus or studying remotely, there are a variety of online platforms you will use to participate in your study program. These could include videos for lectures and other instruction, two-way video conferencing for interactive learning, email and other messaging tools for communication, interactive web apps for formative and collaborative activities, print and/or photo/scan for handwritten work and drawings, and home-based assessment.

ANU outlines recommended student system requirements to ensure you are able to participate fully in your learning. Other information is also available about the various Learning Platforms you may use.

Staff Feedback

Students will be given feedback in the following forms in this course:

  • written comments
  • verbal comments
  • feedback to whole class, groups, individuals, focus group etc

Student Feedback

ANU is committed to the demonstration of educational excellence and regularly seeks feedback from students. Students are encouraged to offer feedback directly to their Course Convener or through their College and Course representatives (if applicable). Feedback can also be provided to Course Conveners and teachers via the Student Experience of Learning & Teaching (SELT) feedback program. SELT surveys are confidential and also provide the Colleges and ANU Executive with opportunities to recognise excellent teaching, and opportunities for improvement.

Other Information

The use of Generative AI Tools (e.g., ChatGPT) is permitted in this course, given that proper citation and prompts are provided, along with a description of how the tool contributed to the assignment. Guidelines regarding appropriate citation and use can be found on the ANU library website (https://libguides.anu.edu.au/generative-ai ). Marks will reflect the contribution of the student rather than the contribution of the tools. Further guidance on appropriate use should be directed to the course convener.

Class Schedule

Week/Session Summary of Activities Assessment
1 Basics of x86/x64 assembly; linux internals and binary formats.
2 Basic binary analysis Online quiz
3 Disassembly and binary analysis; simple code injection Assignment 1 released
4 Customising binary analysis
5 Stack-based exploitation Assignment 1 due
6 Return-oriented programming
7 Heap exploitation (part 1) Assignment 2 released
8 Heap exploitation (part 2)
9 Binary instrumentation
10 Fuzzing Assignment 2 due
11 Symbolic execution: basic concepts and tools
12 Vulnerability discovery and exploit generation (guest lectures)

Tutorial Registration

ANU utilises MyTimetable to enable students to view the timetable for their enrolled courses, browse, then self-allocate to small teaching activities / tutorials so they can better plan their time. Find out more on the Timetable webpage.

Assessment Summary

Assessment task Value Learning Outcomes
Quiz 5 % 3,4
Assignment 1 20 % 3,4
Assignment 2 30 % 1,2,3,4,5
Final Examination 45 % 1,2,3,4,5

* If the Due Date and Return of Assessment date are blank, see the Assessment Tab for specific Assessment Task details


ANU has educational policies, procedures and guidelines , which are designed to ensure that staff and students are aware of the University’s academic standards, and implement them. Students are expected to have read the Academic Integrity Rule before the commencement of their course. Other key policies and guidelines include:

Assessment Requirements

The ANU is using Turnitin to enhance student citation and referencing techniques, and to assess assignment submissions as a component of the University's approach to managing Academic Integrity. For additional information regarding Turnitin please visit the Academic Skills website. In rare cases where online submission using Turnitin software is not technically possible; or where not using Turnitin software has been justified by the Course Convener and approved by the Associate Dean (Education) on the basis of the teaching model being employed; students shall submit assessment online via ‘Wattle’ outside of Turnitin, or failing that in hard copy, or through a combination of submission methods as approved by the Associate Dean (Education). The submission method is detailed below.

Moderation of Assessment

Marks that are allocated during Semester are to be considered provisional until formalised by the College examiners meeting at the end of each Semester. If appropriate, some moderation of marks might be applied prior to final results being released.


The final examination will be a computer-based examination, taking the form of a CTF challenge.

Assessment Task 1

Value: 5 %
Learning Outcomes: 3,4


This quiz will test your basic knowledge of x86/x64 assembly and ELF binary format. It will take the form of an online quiz hosted on Wattle. It is a lightweight assessment item intended to prepare students for the more advanced material in the following weeks.

Assessment Task 2

Value: 20 %
Learning Outcomes: 3,4

Assignment 1

This assignment will feature problems related to binary analysis techniques. It will use a 'capture the flag' (CTF) format, where a successful exploitation would result in a unique 'flag' (that can be any random text). Students will be assessed based on the correctness of the submitted flag, modified program binaries (when applicable), and a brief written response for each question.

Assessment Task 3

Value: 30 %
Learning Outcomes: 1,2,3,4,5

Assignment 2

This assignment will feature problems related to vulnerability analysis and exploitation techniques. This assignment uses the same CTF format as in Assignment 1, but there is a greater emphasis on demonstrating a deeper understanding on the sources of vulnerability in software and the exploitation methods. Each student is required to submit a detailed written report demonstrating their approach to solving the problems.

Assessment Task 4

Value: 45 %
Learning Outcomes: 1,2,3,4,5

Final Examination

The final examination will take the form of a CTF challenge. This will be a computer-based examination. Each student will be assigned a unique a set of challenge problems related to topics covered in this course. To gain full score for each problem, a student will need to uncover a ‘flag’ associated with that problem, and provide a short written explanation of their discovery and exploitation process. The flag will be hidden or obscured in some ways, and the process to uncover the flag may require code analysis, code patching, vulnerability discovery and/or writing exploits. 

Academic Integrity

Academic integrity is a core part of the ANU culture as a community of scholars. The University’s students are an integral part of that community. The academic integrity principle commits all students to engage in academic work in ways that are consistent with, and actively support, academic integrity, and to uphold this commitment by behaving honestly, responsibly and ethically, and with respect and fairness, in scholarly practice.

The University expects all staff and students to be familiar with the academic integrity principle, the Academic Integrity Rule 2021, the Policy: Student Academic Integrity and Procedure: Student Academic Integrity, and to uphold high standards of academic integrity to ensure the quality and value of our qualifications.

The Academic Integrity Rule 2021 is a legal document that the University uses to promote academic integrity, and manage breaches of the academic integrity principle. The Policy and Procedure support the Rule by outlining overarching principles, responsibilities and processes. The Academic Integrity Rule 2021 commences on 1 December 2021 and applies to courses commencing on or after that date, as well as to research conduct occurring on or after that date. Prior to this, the Academic Misconduct Rule 2015 applies.


The University commits to assisting all students to understand how to engage in academic work in ways that are consistent with, and actively support academic integrity. All coursework students must complete the online Academic Integrity Module (Epigeum), and Higher Degree Research (HDR) students are required to complete research integrity training. The Academic Integrity website provides information about services available to assist students with their assignments, examinations and other learning activities, as well as understanding and upholding academic integrity.

Online Submission

You will be required to electronically sign a declaration as part of the submission of your assignment. Please keep a copy of the assignment for your records.

For Assignment 2, unless an exemption has been approved by the Associate Dean (Education), submission of the written component of must be done through Turnitin.

Hardcopy Submission

For some forms of assessment (hand written assignments, art works, laboratory notes, etc.) hard copy submission is appropriate when approved by the Associate Dean (Education). Hard copy submissions must utilise the Assignment Cover Sheet. Please keep a copy of tasks completed for your records.

Late Submission

Late submission not permitted. For each assessment item, unless otherwise approved by the course convener, a late submission will receive a 100% penalty of the possible mark for the assignment.

Referencing Requirements

The Academic Skills website has information to assist you with your writing and assessments. The website includes information about Academic Integrity including referencing requirements for different disciplines. There is also information on Plagiarism and different ways to use source material.

Extensions and Penalties

Extensions and late submission of assessment pieces are covered by the Student Assessment (Coursework) Policy and Procedure. Extensions may be granted for assessment pieces that are not examinations or take-home examinations. If you need an extension, you must request an extension in writing on or before the due date. If you have documented and appropriate medical evidence that demonstrates you were not able to request an extension on or before the due date, you may be able to request it after the due date.

Privacy Notice

The ANU has made a number of third party, online, databases available for students to use. Use of each online database is conditional on student end users first agreeing to the database licensor’s terms of service and/or privacy policy. Students should read these carefully. In some cases student end users will be required to register an account with the database licensor and submit personal information, including their: first name; last name; ANU email address; and other information.
In cases where student end users are asked to submit ‘content’ to a database, such as an assignment or short answers, the database licensor may only use the student’s ‘content’ in accordance with the terms of service – including any (copyright) licence the student grants to the database licensor. Any personal information or content a student submits may be stored by the licensor, potentially offshore, and will be used to process the database service in accordance with the licensors terms of service and/or privacy policy.
If any student chooses not to agree to the database licensor’s terms of service or privacy policy, the student will not be able to access and use the database. In these circumstances students should contact their lecturer to enquire about alternative arrangements that are available.

Distribution of grades policy

Academic Quality Assurance Committee monitors the performance of students, including attrition, further study and employment rates and grade distribution, and College reports on quality assurance processes for assessment activities, including alignment with national and international disciplinary and interdisciplinary standards, as well as qualification type learning outcomes.

Since first semester 1994, ANU uses a grading scale for all courses. This grading scale is used by all academic areas of the University.

Support for students

The University offers students support through several different services. You may contact the services listed below directly or seek advice from your Course Convener, Student Administrators, or your College and Course representatives (if applicable).

Dr Alwen Tiu

Research Interests

computational logic, formal methods, cyber security

Dr Alwen Tiu

Monday 11:00 12:00
By Appointment
Adrian Herrera

Research Interests

computational logic, formal methods, cyber security

Adrian Herrera

Dr Alwen Tiu

Research Interests

computational logic, formal methods, cyber security

Dr Alwen Tiu

Monday 11:00 12:00
By Appointment
Dr Mike Purcell

Research Interests

computational logic, formal methods, cyber security

Dr Mike Purcell


Responsible Officer: Registrar, Student Administration / Page Contact: Website Administrator / Frequently Asked Questions