CS 858 - Software Security Seminar

Name: about this course
Author: Meng Xu

Topics in the S24 Term: Software Security via Program Analysis

About This Course

This course provides an in-depth introduction to the state-of-the-art research on software security through the lens of program analysis, i.e., powerful techniques that can

discover vulnerabilities automatically, or
assist program hardening with analysis results.

You will apply what we learn and discuss in the course by

playing a Capture-The-Flag (CTF) challenge and
coding a mini research project with options include (but are not limited to)
- extending the LLVM IR Bindings for Rust-based Analyzers (LIBRA) framework
- extending the Rust-SMT Transpiler (Rusmart)
- anything you are interested in or aligns with your research interests.

As the CTF requires coding in C and LIBRA and Rusmart are written in Rust, familiarity with C and Rust or at least C and C++ (which bootstraps the learning of Rust) is a must to take this course.

Course Logistics

We meet weekly 1pm - 3:50pm on Thursday at

DC 2568 (for in-person meetings) AND
Zoom (for occasional virtual meetings)

This course is run primarily through

this website (for public information),
GitHub (for submission and review of Pull Requests to LIBRA or Rusmart),
HotCRP (for presentation and project peer reviews), and
Ugster (for CTF submission).

On this website, everyone, including non-registered students, can access the syllabus, weekly schedule, modules and assignments from this website. However, due to university policies, private information (such as grades or internal communications) will only be available to enrolled students via LEARN.

The paper presentation and research project assignments will be handled via HotCRP — a popular academic conference management software. All students enrolled in this class will need to create a HotCRP account, preferably with your @uwaterloo.ca email address, and will be assigned the role of PC (Program Committee) member. With this role, you can bid for presentation slots and submit peer reviews and comments.

Latest Announcement

CTF assignment cancelled

Jun 13 · 0 min read

Hi Everyone,

Due to technical issues in setting up the Ugster machine, the capture-the-flag (CTF) assignment is canceled. Effectively, this means that everyone will get a full mark on this assignment.

Best Regards,
Meng

All announcements