Software Security

NUMMER: 212026
KÜRZEL: SoftSec
MODULBEAUFTRAGTE:R: Prof. Dr. Kevin Borgolte
DOZENT:IN: Prof. Dr. Kevin Borgolte
FAKULTÄT: Fakultät für Informatik
SPRACHE: English
SWS: 4
CREDITS: 5
WORKLOAD: 150
ANGEBOTEN IM: each winter semester

LERNFORM

Lectures
Assignments
Practical challenges (eLearning)
Self study of additional material

LERNZIELE

At the end of this course, students will be able to:

classify and describe vulnerabilities and protection mechanisms of software systems
analyze and reason about protection mechanisms for modern software systems
identify vulnerabilities in software systems
develop proofs of concept exploits/verifications to show the existence of a vulnerability in a software system
understand how to write code defensively to reduce the risk of vulnerabilities

INHALT

The course covers the area of software security and vulnerability discovery and vulnerability verification, focusing on:

Assembly and Disassembly, Shellcode
Binary Reverse Engineering and Debugging
Sandboxing
Memory and Type Safety/Errors
Information Leakage
Vulnerability Exploitation/Verification, Buffer and Heap Overflows
Code Re-use Attacks, e.g., Return Oriented Programming
Race Conditions
Format String Vulnerabilities
Exploit/Verification Synthesis and Automated Exploitation/Verification
Kernel Security
Defensive Programming

VORAUSSETZUNGEN CREDITS

EMPFOHLENE VORKENNTNISSE

Prior knowledge from sys­te­m security, operating systems, and basic C and assembler programming is required

LITERATUR

The course material will be available online (Moodle or via a separate website)

LINK IM VORLESUNGSVERZEICHNIS

https://vvz.ruhr-uni-bochum.de/campus/all/event.asp?gguid=0xF53FD7EE52A346568CE4506C914BA737&from=vvz&mode=own&tabID=1&tguid=0xBEC4EBD3E08E451BB6DEBD69F230152F&objgguid=NEW&lang=de

AKTUELLE INFORMATIONEN

First Lecture: Thursday, 20.10.22: 8-10
From 26.10.22: Lectures on Wednesday (10-12) and Exercises on Thursday (8-10), first exercise on 27.10.22

SONSTIGE INFORMATIONEN

The course is primarily aimed at master\\\'s students of IT security and ITS/networks and systems.

Upon approval of the lecturer, students from Bachelor ITS, Bachelor Computer Science as well as Master Applied Computer Science may also participate.