CS 858 - Software Security Seminar

Topics in the S24 Term: Software Security via Program Analysis

About This Course

This course provides an in-depth introduction to the state-of-the-art research on software security through the lens of program analysis, i.e., powerful techniques that can

• discover vulnerabilities automatically, or
• assist program hardening with analysis results.

You will apply what we learn and discuss in the course by

• playing a Capture-The-Flag (CTF) challenge and
• coding a mini research project with options include (but are not limited to)
  • extending the LLVM IR Bindings for Rust-based Analyzers (LIBRA) framework
  • extending the Rust-SMT Transpiler (Rusmart)
  • anything you are interested in or aligns with your research interests.

As the CTF requires coding in C and LIBRA and Rusmart are written in Rust, familiarity with C and Rust or at least C and C++ (which bootstraps the learning of Rust) is a must to take this course.

---

Course Logistics

We meet weekly 1pm - 3:50pm on Thursday at

• DC 2568 (for in-person meetings) AND
• Zoom (for occasional virtual meetings)

This course is run primarily through

• this website (for public information),
• GitHub (for submission and review of Pull Requests to LIBRA or Rusmart),
• HotCRP (for presentation and project peer reviews), and
• Ugster (for CTF submission).

On this website, everyone, including non-registered students, can access the syllabus, weekly schedule, modules and assignments from this website. However, due to university policies, private information (such as grades or internal communications) will only be available to enrolled students via LEARN.

The paper presentation and research project assignments will be handled via HotCRP — a popular academic conference management software. All students enrolled in this class will need to create a HotCRP account, preferably with your @uwaterloo.ca email address, and will be assigned the role of PC (Program Committee) member. With this role, you can bid for presentation slots and submit peer reviews and comments.

---

Latest Announcement

Research Paper Presentation Survey

May 9 · 1 min read

Hi Everyone,

First, a big thank you for attending the seminar today.

As mentioned in the seminar, we hope to have three paper presentations per each topic although the final number and schedule will be decided by the enrollment of this course.

In the meanwhile, we are collecting preferences on paper presentation topics via this Google Form.

• If you have signed up for a lecture presentation (i.e., the 1-hour one), please choose 2 topics in the form.

• If you did not sign up for a lecture presentation, please choose 5 topics in the form.

Please do so before the end of this week. I’ll collect the results after Sunday midnight and send another email with an updated presentation schedule after that.

Best Regards,
Meng

All announcements