- Class Number 4418
- Term Code 3230
- Class Info
- Unit Value 6 units
- Mode of Delivery In Person
- AsPr Alwen Tiu
- AsPr Alwen Tiu
- Dr Silvio Cesare
- Class Dates
- Class Start Date 21/02/2022
- Class End Date 27/05/2022
- Census Date 31/03/2022
- Last Date to Enrol 28/02/2022
- Cassy Chun-Crogan
- Darren Li
- Leopold Zhou
- Tali de Mestre
Software Security covers advanced techniques in software vulnerability assessment, discovery and mitigation. These include: common patterns in software vulnerabilities, such as stack-based buffer overflow, format string vulnerabilities, and heap-based vulnerabilities; exploitation techniques such as code injection, return-oriented-programming; techniques for vulnerability discovery, such as program binaries reverse engineering, fuzzing and symbolic execution; and mitigation techniques such
as memory protection mechanisms, input sanitation, and control flow integrity protection. The course features hands-on lectures and labs to analyse software vulnerabilities, both in the source code and in program binaries, and design and implement appropriate mitigation techniques.
Upon successful completion, students will have the knowledge and skills to:
- Demonstrate a thorough understanding of common sources of vulnerabilities in software.
- Demonstrate a thorough understanding in exploitation techniques against software vulnerabilities and defensive techniques against these exploitations.
- Demonstrate proficiency in software reverse engineering.
- Demonstrate proficiency in vulnerability discovery processes, from both source code and binary.
- Apply the vulnerability discovery techniques to real-world software, analyse their vulnerabilities and design and implement appropriate mitigation techniques.
This course covers both foundational and advanced topics in binary analysis and exploitation, including state-of-the-art exploitation techniques and vulnerability discovery techniques taught by researchers and practitioners in the field.
Examination Material or equipment
All examination materials are permitted.
- [DA19] Dennis Andriesse. Practical Binary Analysis - Build Your Own Linux Tools for Binary Instrumentation, Analysis and Disassembly. No starch press, 2019.
- [WD19] Wenliang Du. Computer Security: A Hands-on Approach. 2nd edition, 2019.
- [CA07] Chris Anley, Felix Lindner, and John Heasman. The Shellcoder’s Handbook. 2nd edition, Wiley, 2007.
- [AH12] Andrew Honig and Michael Sikorski. Practical Malware Analysis. No starch press, 2012.
- Research papers and online references - to be provided in due course.
The labs will use extensively various tools. These will be provided as virtual machine (VM) images. Links to download these VMs will be provided during the labs.
Whether you are on campus or studying remotely, there are a variety of online platforms you will use to participate in your study program. These could include videos for lectures and other instruction, two-way video conferencing for interactive learning, email and other messaging tools for communication, interactive web apps for formative and collaborative activities, print and/or photo/scan for handwritten work and drawings, and home-based assessment.
ANU outlines recommended student system requirements to ensure you are able to participate fully in your learning. Other information is also available about the various Learning Platforms you may use.
Students will be given feedback in the following forms in this course:
- written comments
- verbal comments
- feedback to whole class, groups, individuals, focus group etc
ANU is committed to the demonstration of educational excellence and regularly seeks feedback from students. Students are encouraged to offer feedback directly to their Course Convener or through their College and Course representatives (if applicable). Feedback can also be provided to Course Conveners and teachers via the Student Experience of Learning & Teaching (SELT) feedback program. SELT surveys are confidential and also provide the Colleges and ANU Executive with opportunities to recognise excellent teaching, and opportunities for improvement.
|Week/Session||Summary of Activities||Assessment|
|1||Basics of x86/x64 assembly; linux internals and binary formats.|
|2||Basic binary analysis||Online quiz|
|3||Disassembly and binary analysis; simple code injection||Assignment 1 released|
|4||Customising binary analysis|
|5||Stack-based exploitation||Assignment 1 due|
|7||Heap exploitation (part 1)||Assignment 2 released|
|8||Heap exploitation (part 2)|
|9||Binary instrumentation||Assignment 2 due|
|10||Fuzzing||Assignment 3 released|
|11||Symbolic execution: basic concepts and tools|
|12||Vulnerability discovery and exploit generation (guest lectures)||Assignment 3 due|
|Assessment task||Value||Learning Outcomes|
|Assignment 1||15 %||3,4|
|Assignment 2||20 %||1,2,3,5|
|Assignment 3||20 %||1,2,3,4,5|
|Final Examination||40 %||1,2,3,4,5|
* If the Due Date and Return of Assessment date are blank, see the Assessment Tab for specific Assessment Task details
ANU has educational policies, procedures and guidelines , which are designed to ensure that staff and students are aware of the University’s academic standards, and implement them. Students are expected to have read the Academic Integrity Rule before the commencement of their course. Other key policies and guidelines include:
- Academic Integrity Policy and Procedure
- Student Assessment (Coursework) Policy and Procedure
- Special Assessment Consideration Guideline and General Information
- Student Surveys and Evaluations
- Deferred Examinations
- Student Complaint Resolution Policy and Procedure
- Code of practice for teaching and learning
The ANU is using Turnitin to enhance student citation and referencing techniques, and to assess assignment submissions as a component of the University's approach to managing Academic Integrity. For additional information regarding Turnitin please visit the Academic Skills website. In rare cases where online submission using Turnitin software is not technically possible; or where not using Turnitin software has been justified by the Course Convener and approved by the Associate Dean (Education) on the basis of the teaching model being employed; students shall submit assessment online via ‘Wattle’ outside of Turnitin, or failing that in hard copy, or through a combination of submission methods as approved by the Associate Dean (Education). The submission method is detailed below.
Moderation of Assessment
Marks that are allocated during Semester are to be considered provisional until formalised by the College examiners meeting at the end of each Semester. If appropriate, some moderation of marks might be applied prior to final results being released.
The final examination will be a computer-based examination, taking the form of a CTF challenge.
Assessment Task 1
Learning Outcomes: 3,4
This quiz will test your basic knowledge of x86/x64 assembly and ELF binary format. It will take the form of an online quiz hosted on Wattle. It is a lightweight assessment item intended to prepare students for the more advanced material in the following weeks.
Assessment Task 2
Learning Outcomes: 3,4
This assignment will feature problems related to basic binary analysis techniques. It will use a 'capture the flag' (CTF) format, where a successful exploitation would result in a unique 'flag' (that can be any random text). Students will be assessed based on the correctness of the submitted flag and/or a brief written response for each question.
Assessment Task 3
Learning Outcomes: 1,2,3,5
This assignment will feature problems related to advanced binary analysis techniques and stack exploitation. This assignment uses the same CTF format as in Assignment 1, but there is a greater emphasis on the vulnerability analysis and the exploitation method. Each student is required to submit a detailed written report demonstrating their approach to solving the problems.
Assessment Task 4
Learning Outcomes: 1,2,3,4,5
This assignment will feature problems related to heap exploitation, automated vulnerability discoveries. This assignment has two parts: heap exploitation and vulnerability discoveries. The first part takes the same format as in Assignment 2, whereas the second part requires the student to perform analyses on software artefacts to find vulnerabilities using fuzzing and symbolic execution techniques. Each student is required to submit a detailed written report demonstrating their approach to solving the problems.
Assessment Task 5
Learning Outcomes: 1,2,3,4,5
The final examination will take the form of a CTF challenge. This will be a computer-based examination. Each student will be assigned a unique a set of challenge problems related to topics covered in this course. To gain full score for each problem, a student will need to uncover a ‘flag’ associated with that problem, and provide a short written explanation of their discovery and exploitation process. The flag will be hidden or obscured in some ways, and the process to uncover the flag may require code analysis, code patching, vulnerability discovery and/or writing exploits.
Academic integrity is a core part of the ANU culture as a community of scholars. The University’s students are an integral part of that community. The academic integrity principle commits all students to engage in academic work in ways that are consistent with, and actively support, academic integrity, and to uphold this commitment by behaving honestly, responsibly and ethically, and with respect and fairness, in scholarly practice.
The University expects all staff and students to be familiar with the academic integrity principle, the Academic Integrity Rule 2021, the Policy: Student Academic Integrity and Procedure: Student Academic Integrity, and to uphold high standards of academic integrity to ensure the quality and value of our qualifications.
The Academic Integrity Rule 2021 is a legal document that the University uses to promote academic integrity, and manage breaches of the academic integrity principle. The Policy and Procedure support the Rule by outlining overarching principles, responsibilities and processes. The Academic Integrity Rule 2021 commences on 1 December 2021 and applies to courses commencing on or after that date, as well as to research conduct occurring on or after that date. Prior to this, the Academic Misconduct Rule 2015 applies.
The University commits to assisting all students to understand how to engage in academic work in ways that are consistent with, and actively support academic integrity. All coursework students must complete the online Academic Integrity Module (Epigeum), and Higher Degree Research (HDR) students are required to complete research integrity training. The Academic Integrity website provides information about services available to assist students with their assignments, examinations and other learning activities, as well as understanding and upholding academic integrity.
You will be required to electronically sign a declaration as part of the submission of your assignment. Please keep a copy of the assignment for your records. Unless an exemption has been approved by the Associate Dean (Education) submission of the written component of an assingment (if applicable) must be through Turnitin.
For some forms of assessment (hand written assignments, art works, laboratory notes, etc.) hard copy submission is appropriate when approved by the Associate Dean (Education). Hard copy submissions must utilise the Assignment Cover Sheet. Please keep a copy of tasks completed for your records.
Late submission not permitted. For each assessment item, unless otherwise approved by the course convener, a late submission will receive a 100% penalty of the possible mark for the assignment.
The Academic Skills website has information to assist you with your writing and assessments. The website includes information about Academic Integrity including referencing requirements for different disciplines. There is also information on Plagiarism and different ways to use source material.
Extensions and Penalties
Extensions and late submission of assessment pieces are covered by the Student Assessment (Coursework) Policy and Procedure. Extensions may be granted for assessment pieces that are not examinations or take-home examinations. If you need an extension, you must request an extension in writing on or before the due date. If you have documented and appropriate medical evidence that demonstrates you were not able to request an extension on or before the due date, you may be able to request it after the due date.
Distribution of grades policy
Academic Quality Assurance Committee monitors the performance of students, including attrition, further study and employment rates and grade distribution, and College reports on quality assurance processes for assessment activities, including alignment with national and international disciplinary and interdisciplinary standards, as well as qualification type learning outcomes.
Since first semester 1994, ANU uses a grading scale for all courses. This grading scale is used by all academic areas of the University.
Support for students
The University offers students support through several different services. You may contact the services listed below directly or seek advice from your Course Convener, Student Administrators, or your College and Course representatives (if applicable).
- ANU Health, safety & wellbeing for medical services, counselling, mental health and spiritual support
- ANU Access and inclusion for students with a disability or ongoing or chronic illness
- ANU Dean of Students for confidential, impartial advice and help to resolve problems between students and the academic or administrative areas of the University
- ANU Academic Skills and Learning Centre supports you make your own decisions about how you learn and manage your workload.
- ANU Counselling Centre promotes, supports and enhances mental health and wellbeing within the University student community.
- ANUSA supports and represents undergraduate and ANU College students
- PARSA supports and represents postgraduate and research students
computational logic, formal methods, cyber security
AsPr Alwen Tiu
AsPr Alwen Tiu
Dr Silvio Cesare