CS 858 - Software Security Seminar

Topics in the S24 Term: Software Security via Program Analysis

About This Course

This course provides an in-depth introduction to the state-of-the-art research on software security through the lens of program analysis, i.e., powerful techniques that can

  • discover vulnerabilities automatically, or
  • assist program hardening with analysis results.

You will apply what we learn and discuss in the course by

As the CTF requires coding in C and LIBRA and Rusmart are written in Rust, familiarity with C and Rust or at least C and C++ (which bootstraps the learning of Rust) is a must to take this course.


Course Logistics

We meet weekly 1pm - 3:50pm on Thursday at

  • DC 2568 (for in-person meetings) AND
  • Zoom (for occasional virtual meetings)

This course is run primarily through

  • this website (for public information),
  • GitHub (for submission and review of Pull Requests to LIBRA or Rusmart),
  • HotCRP (for presentation and project peer reviews), and
  • Ugster (for CTF submission).

On this website, everyone, including non-registered students, can access the syllabus, weekly schedule, modules and assignments from this website. However, due to university policies, private information (such as grades or internal communications) will only be available to enrolled students via LEARN.

The paper presentation and research project assignments will be handled via HotCRP — a popular academic conference management software. All students enrolled in this class will need to create a HotCRP account, preferably with your @uwaterloo.ca email address, and will be assigned the role of PC (Program Committee) member. With this role, you can bid for presentation slots and submit peer reviews and comments.


Latest Announcement

CTF assignment cancelled

Jun 13 · 0 min read

Hi Everyone,

Due to technical issues in setting up the Ugster machine, the capture-the-flag (CTF) assignment is canceled. Effectively, this means that everyone will get a full mark on this assignment.

Best Regards,
Meng

All announcements