Topics and Projects Covered in Software Security
Link to
Software Security class files
- Memory Security :
- layout
- memory-based attacks
- stack smashing
- buffer overflow
- code injection
- format string vulnerabilities and attacks
- stale memory access attacks
- Memory and Type Safety Languages
- immune from memory based attacks
- Defenses :
- stack canaries
- data execution protection (DEP)
- address space layout randomization (ASLR)
- undertstand how attacks based on return-oriented-programming (ROP) work
- understand the concept of control-flow Integrity
(CFI) and how it can defeat ROP-based
attacks.
- Web :
- HTTP (hypertext transfer protocol)
- HTML (hypertext markup language)
- SQL (standard query language)
- Javascript programming language
- vulnerabilities, exploitation, defenses :
- SQL injection attacks
- web session state
- using cookies and hidden form fields
- Session hijacking
- Cross-site Request Forgery (CSRF) attacks
- browser-executed Javascript programs exploits
leading to Cross-site Scripting (XSS) vulnerabilities. Avoid flaws and bugs that
introduce these vulnerabilities with input validation and sanitization
- Flaws and bugs
- Secure design
- threat modeling (Architectural risk analysis)
- security requirements
- avoiding flaws with principles :
- like favor simplicity
- trust with reluctance
- defend in depth
- monitoring/traceability
- real-world examples of good and bad designs
- Testing and validation phases :
- automated tools assist developers, testers in
finding important security bugs--2 technologies--:
- static analysis (SA) including flow analysis
with and without adding sensitivity
- and context sensitve analysis and symbolic
execution (SE) as search
- and the rise of solvers, the basics and their precision and scalabiltiy
- SE is often used as the core of a
penetration testing technology called white
box fuzz testing.
- Penetration testing :
- tools using these technologies and their techniques
- Focus: whitebox fuzz testing, a technique that
attempts to find potentially security-relevant
software failures.
Topics Covered in Hardware Security:
Link to
Hardware Security class files
- Digital System Design: Basics and Vulnerabilities:
- understand how digital system is specified,
implemented, and optimized
- learn what are sequential systems and how they are
designed
- identify the don't care conditions introduced
during the design process
- know that there exist security and trust
vulnerabilities in hardware
- Intellectual Property Protection: self-protection
techniques for design IPs :
- watermarking
- fingerprinting
- metering, assess the trade-off among security,
cost and performance
- Physical Attacks and Modular Exponentiation :
- understand the vulnerability to a system from hardware (physical attacks)
- learn the available countermeasures to physical attacks
- perform security evaluation for the hardware
- implementation of security modules
- modular exponentiation in cryptography, various
ways to evaluate it and the security
vulnerability
- Montgomery Reduction
- Side Channel Attacks(SCA) vulnerabilities and
information leaks :
- study in-depth the following SCAs :
- cache attacks
- power analysis
- timing attacks
- scan chain attacks
- Learn countermeasures from software, hardware, and algorithm design.
- Implement security primitives such as RSA security, Modified Modular Exponentiation.
- System engineering approach of building secure systems in all phases of the design.
- Hardware Trojan: (additions or modifications of the
circuit with malicious purposes)
- trusted integrated circuit (IC) design (does
exactly what it is asked for, no less and no
malicious more)
- Hardware Trojan taxonomies based on different
criteria
- how hardware Trojans work
- approaches to detect hardware trojans
- Illustrate by design space analysis
- hardware trojan prevention to build trust in
ICs
- Emerging Hardware Security Topics :
- trust platform module (TPM)
- physical unclonable function (PUF) and a RO
Reliability PUF
- FPGA Implementation of Crypto
- Vulnerabilities and Countermeasures
- Role of Hardware in Security and Trust.
