• Offered by School of Computing
  • ANU College ANU College of Systems and Society
  • Course subject Computer Science
  • Areas of interest Computer Science, Software Engineering, Security Studies, Artifical Intelligence
  • Academic career UGRD
  • Mode of delivery In Person
  • Co-taught Course
  • STEM Course
Vulnerability Research and Exploit Mitigation (COMP4703)

Historically, major defensive security techniques for software systems were developed as a response to the emergence of classes of exploitation techniques. The aims of such defensive techniques are usually not about preventing software developers from writing insecure code, but rather, they are aimed at preventing bugs in software to be exploited by attackers to compromise their targets. Vulnerability Research and Exploit Mitigation examines important exploit mitigation techniques deployed in modern software systems through an adversarial lens: software vulnerabilities are explored in depth, through how they can be discovered and exploited, in order to understand the mechanisms behind the exploit mitigation techniques. The course covers topics ranging from common patterns in software vulnerabilities, such as stack-based buffer overflow, format string vulnerabilities, and heap-based vulnerabilities; exploitation techniques such as code injection, code obfuscation, return-oriented-programming; techniques for vulnerability discovery, such as program binaries reverse engineering, fuzzing and symbolic execution; and mitigation techniques such as memory protection mechanisms, input sanitization, and control flow integrity protection. The course features hands-on lectures and labs to analyse software vulnerabilities, both in the source code and in program binaries, to develop proof-of-concept exploits, and to design and implement appropriate mitigation techniques against exploitation. Students will learn state-of-the-art vulnerability research and exploitation tools and techniques, and apply their knowledge on case studies involving real-world software systems.

Learning Outcomes

Upon successful completion, students will have the knowledge and skills to:

  1. Demonstrate a thorough understanding of common sources of vulnerabilities in software.
  2. Demonstrate a thorough understanding in exploitation techniques against software vulnerabilities and defensive techniques against these exploitations.
  3. Demonstrate proficiency in software reverse engineering.
  4. Demonstrate proficiency in vulnerability discovery processes, from both source code and binary.
  5. Apply vulnerability discovery techniques to real-world software.

Indicative Assessment

  1. Assignments (60) [LO 1,2,3,4,5]
  2. Final computer-based exam. (40) [LO 3,4,5]

The ANU uses Turnitin to enhance student citation and referencing techniques, and to assess assignment submissions as a component of the University's approach to managing Academic Integrity. While the use of Turnitin is not mandatory, the ANU highly recommends Turnitin is used by both teaching staff and students. For additional information regarding Turnitin please visit the ANU Online website.

Workload

The workload will be approximately 130 hours, with a mixture of lectures, labs, assignments, independent reading and study.

Inherent Requirements

None.

Requisite and Incompatibility

To enrol in this course you must have completed COMP2310 and COMP2700. Incompatible with COMP2710, COMP3703 and COMP8703.

Prescribed Texts

none

Preliminary Reading

The following are indicative of reference material relevant to the course. Since software security (and cyber security in general) is a fast changing field, this list will be updated as necessary to take into account the latest development in the field.

  • Dennis Andriesse. Practical Binary Analysis - Build Your Own Linux Tools for Binary Instrumentation, Analysis and Disassembly. No starch press, 2019.
  • Wenliang Du. Computer Security: A Hands-on Approach. 2nd edition, 2019.
  • Andrew Honig and Michael Sikorski. Practical Malware Analysis. No starch press, 2012.
  • Chris Anley, Felix Lindner, and John Heasman. The Shellcoder’s Handbook. 2nd edition, Wiley, 2007
  • Research papers and online references

Fees

Tuition fees are for the academic year indicated at the top of the page.  

Commonwealth Support (CSP) Students
If you have been offered a Commonwealth supported place, your fees are set by the Australian Government for each course. At ANU 1 EFTSL is 48 units (normally 8 x 6-unit courses). More information about your student contribution amount for each course at Fees

Student Contribution Band:
2
Unit value:
6 units

If you are a domestic graduate coursework student with a Domestic Tuition Fee (DTF) place or international student you will be required to pay course tuition fees (see below). Course tuition fees are indexed annually. Further information for domestic and international students about tuition and other fees can be found at Fees.

Where there is a unit range displayed for this course, not all unit options below may be available.

Units EFTSL
6.00 0.12500
Note: Please note that fee information is for current year only.

Offerings, Dates and Class Summary Links

ANU utilises MyTimetable to enable students to view the timetable for their enrolled courses, browse, then self-allocate to small teaching activities / tutorials so they can better plan their time. Find out more on the Timetable webpage.

There are no current offerings for this course.

Responsible Officer: Registrar, Student Administration / Page Contact: Website Administrator / Frequently Asked Questions