CS 858 - Software Security Seminar
Topics in the S24 Term: Software Security via Program Analysis
About This Course
This course provides an in-depth introduction to the state-of-the-art research on software security through the lens of program analysis, i.e., powerful techniques that can
- discover vulnerabilities automatically, or
- assist program hardening with analysis results.
You will apply what we learn and discuss in the course by
- playing a Capture-The-Flag (CTF) challenge and
- extending the LLVM IR Bindings for Rust-based Analyzers (LIBRA) framework.
As the CTF requires coding in C and LIBRA is written in Rust, familiarity with C and Rust or at least C and C++ (which bootstraps the learning of Rust) is a must to take this course.
Course Logistics
We meet weekly 1pm - 3:50pm on Thursday at
- DC 2568 (for in-person meetings) AND
- Zoom (for occasional virtual meetings)
This course is run primarily through
- this website (for public information),
- GitHub (for submission and review of Pull Requests to LIBRA),
- HotCRP (for presentation and project peer reviews), and
- Ugster (for CTF submission).
On this website, everyone, including non-registered students, can access the syllabus, weekly schedule, modules and assignments from this website. However, due to university policies, private information (such as grades or internal communications) will only be available to enrolled students via LEARN.
The paper presentation and research project assignments will be handled via HotCRP — a popular academic conference management software. All students enrolled in this class will need to create a HotCRP account, preferably with your @uwaterloo.ca email address, and will be assigned the role of PC (Program Committee) member. With this role, you can bid for presentation slots and submit peer reviews and comments.