ASI36


Software attacks are a common part of today's headlines. This course aims at demystifying them by giving the fundamentals to understand these attacks, what they consist in and how to mitigate them. We will mostly focus on software vulnerabilities.

We will cover the following topics:

  • semantics and modelization of low-level languages
  • classical attack and exploitation
  • control-flow integrity techniques
  • MATE attacks and reverse engineering
  • code obfuscation

Note: These lectures will require a fair amount of hands-on experiments on the computer to make the concepts more practical. They also involve supplementary reading material as part of the contents.

Lectures

# Date Title
1 2021-01-05 Introduction
2 2021-01-12 Basic attacks & exploitation
3 2021-01-19 MATE, attack & defense
4 2021-01-26 Control-flow integrity
5 2021-02-02 Semantic attacks (program analysis)
6 2021-02-09 Fuzzing
7 2021-02-16 Exam

References

1. Introduction


Description

This introductory session presents an overview of the contents, the issues surrounding security in general, the more restricted issue of analyzing vulnerabilities in low-level code, as well as reminders regarding compilation and code analysis.

Lecture contents

2. Basic attacks & exploitation


Description

This session presents basic low-level attack techniques:

  • buffer overflows;
  • heap overflows; &
  • format string exploitation.

Most of the session is allotted to hands-on experimentation.

Lecture contents

3. MATE, attack & defense


Description

This lecture discusses at length the Man-At-The-End (MATE) scenario. MATE is an attack model where the attackers are very powerful since they basically are on your computer, can read/write the code, execute it step-by-step or patch it on the fly.

We will here expose the current state of known attacks and defenses, giving an overview of this research area.

Lecture contents

4. Control-flow integrity


Description

This session presents three main basic binary exploitation mitigation techniques:

  • stack canaries;
  • data execution prevention; &
  • ASLR.

We will also talk about their limitations and briefly present more advanced control-flow integrity measures that are currently available.

A good part of the session is allotted to hands-on experimentations.

Lecture contents

5. Semantic attacks (program analysis)


Description

TBA

6. Fuzzing


Description

An overview of the current state of software fuzzing. Fuzzers have gained tremendous traction recently as automatic tools to find bugs. There have been a number of experiments trying to improve their worst aspects while keeping their best ones. This course will present the basics about fuzzing, an overview of recent results in the field. We will devote a good amount of time to hands-on experiments with the AFL fuzzer.

Lecture contents

7. Exam


Description

The final exam will contain 2 parts:

  • The presentation of a research article (groups of 2, 20 minutes + questions) – rank the articles from the list in decreasing order and send a message ranking them to the professors;

  • A mini CTF problem (find the secret key!) and its written solution report (10p. max).

    The CTFs are available from:

    https://github.com/rbonichon/asi36-ctf/tree/ctf-2020-2021

    Deadline for CTF reports: April 2 2021

Presentations

Selected article Students Scheduled
Weird Machines in ELF Loïc, Jean-Baptiste 9:00
Transparent ROP Exploit Mitigation using Indirect Branch Tracing Alizée, Sabry 9:30
ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection Tom 10:00
Grey-box Concolic Testing on Binary Code Laetitia, Laetitia 10:30
Function Boundary Detection in Stripped Binaries Quentin, Pierre-Élisée 11:00
Towards Paving the Way for Large-Scale Windows Malware Analysis: Generic Binary Unpacking with Orders-of-Magnitude Performance Boost Charbel, Mahmoud 11:30