ASI36


Software attacks are a common part of today's headlines. This course aims at demystifying them by giving the fundamentals to understand these attacks, what they consist in and how to mitigate them. We will mostly focus on software vulnerabilities.

We will cover the following topics:

  • semantics and modelization of low-level languages
  • classical attack and exploitation
  • control-flow integrity techniques
  • MATE attacks and reverse engineering
  • code obfuscation

Note: These lectures will require a fair amount of hands-on experiments on the computer to make the concepts more practical. They also involve supplementary reading material as part of the contents.

Lectures

# Date Title
1 2020-01-16 Introduction
2 2020-01-23 Basic attacks & exploitation
3 2020-02-03 Control-flow integrity
4 2020-02-06 MATE, attack & defense
5 2020-02-13 Fuzzing
6 2020-02-27 Semantic attacks (program analysis)
7 2020-03-05 Exam

References

1. Introduction


Description

This introductory session presents an overview of the contents, the issues surrounding security in general, the more restricted issue of analyzing vulnerabilities in low-level code, as well as reminders regarding compilation and code analysis.

Lecture contents

2. Basic attacks & exploitation


Description

This session presents basic low-level attack techniques:

  • buffer overflows;
  • heap overflows; &
  • format string exploitation.

Most of the session is allotted to hands-on experimentation.

Lecture contents

3. Control-flow integrity


Description

This session presents three main basic binary exploitation mitigation techniques:

  • stack canaries;
  • data execution prevention; &
  • ASLR.

We will also talk about their limitations and briefly present more advanced control-flow integrity measures that are currently available.

A good part of the session is allotted to hands-on experimentations.

Lecture contents

4. MATE, attack & defense


Description

This lecture discusses at length the Man-At-The-End (MATE) scenario. MATE is an attack model where the attackers are very powerful since they basically are on your computer, can read/write the code, execute it step-by-step or patch it on the fly.

We will here expose the current state of known attacks and defenses, giving an overview of this research area.

Lecture contents

5. Fuzzing


Description

An overview of the current state of software fuzzing. Fuzzers have gained tremendous traction recently as automatic tools to find bugs. There have been a number of experiments trying to improve their worst aspects while keeping their best ones. This course will present the basics about fuzzing, an overview of recent results in the field. We will devote a good amount of time to hands-on experiments with the AFL fuzzer.

Lecture contents

6. Semantic attacks (program analysis)


Description

TBA

7. Exam


Description

The final exam will contain 2 parts:

  • The presentation of a research article (groups of 2, 20 minutes + questions) – rank the articles from the list in decreasing order and send a message ranking them to the professors;

  • A mini CTF problem (find the secret key!) and its written solution report (5p. max).

The CTFs are available from:

https://github.com/rbonichon/asi36-ctf

Presentations

Selected article Students Scheduled
Preventing zero-day exploits of memory vulnerabilities with guard lines Alexandre, Emeline 9:15
Nibbler: Debloating Binary Shared Libraries Sébastien, Baptiste 9:45
Learn&Fuzz: machine learning for input fuzzing Mehdi, Corentin 10:15
Hacking Blind Isabelle, Soline 10:45
Syntia: Synthesizing the Semantics of Obfuscated Code Paul, Antoine 11:15
Practical Control Flow Integrity & Randomization for Binary Executables Pierrick, Julien TBD