CE 40-815: Secure Software Systems
Sunday/Tuesday 900-1030
Room: TBD
TAs: Zahra Fazli
Mohammad Haddadian
Quick Links: Description Acknowledgment Policies Announcements Homeworks CourseMaterial
Description:
This graduate-level course on secure software systems is presented in three parts: classical attacks and defensive mechanisms, the impact of AI on vulnerability detection and causal analysis, and recent advancements in AI-driven approaches for securing software systems:
Part 1: Classical Attacks and Defensive Mechanisms
In the first part, the course covers classical attack techniques such as Buffer Overflow, Format String Vulnerabilities, Return-Oriented Programming (ROP), and other related threats. It also explores run-time protection mechanisms like Taint Tracking, Control Flow Integrity (CFI), and Causal Analysis, along with techniques for code analysis, including Static Analysis, Symbolic Execution, and Fuzzing. The initial syllabus for this part draws inspiration from the Secure Software Systems course taught at Carnegie Mellon University (CMU).
Part 2: Part 2: AI in Vulnerability Detection and Causal Analysis
In the second part, the course focuses on how AI is transforming two key areas of vulnerability detection and causal analysis. Topics include AI-driven methods for identifying security vulnerabilities, predictive analytics in threat detection, and enhanced causal analysis through machine learning models. This section highlights the growing role of AI in automating and improving these crucial areas of secure software systems.
Part 3: AI-Driven Advancements in Secure Software Systems
In the third part, the course examines recent research papers published within the past few years, specifically focusing on how AI has contributed to enhancing secure software systems. We will explore AI's role in automated vulnerability detection, software patching, security auditing, and defensive mechanisms tailored to software systems. This part emphasizes state-of-the-art developments in AI-driven techniques that address security challenges in software engineering.
Policies:
- Grading policy is as follows. This is tentative.
- 5% Class Participation
- 45% Homework
- 20% Class Project
- 30% Final
There will be no exceptions to the following rules:
- If you turn in your assignments one day late you will loose 25% of the grade, two days will cost you 50% and three days 75% of the grade. No submissions will be accepted after the third day. Penlaty may be calculted continusly and per hour of delay.
- There will be a zero tolerance policy for cheating/copying HWs. The first time you are caught, you will receive a zero for the task at hand. If you are caught for a second time, you will fail the course. Providing your assignment to someone else is considered cheating on your behalf.
- Each of you has a 3 day extension you could use over the individual assignments. The minimum you could use at each instance is a 1 day extension. So you can not extend HW1 by 12 hours and then HW2 by 60 hours. You could use the 3 days with one HW, or 1 day for each HW, or 2 days for hW1 and 1 day for HW2, or 1 day for HW1 and 2 days for HW2, or ... (I hope you get the idea!)
- The 3 day extension will be applied to HW1 and what ever remains would be carried over to HW2 and so on. The 3 day extension can not be applied to the challenges.
- There is a good probability that things go south (i.e. you get sick, network fails, your computer crashes, there is a bug in the HW, server fails, etc.) as the deadline approaches. Such issues will not result in an extension to the deadline. So keep that in mind and plan for Murphy's law in advance, don't leave things for the last minute.
- There will be a zero tolerance policy for any misuse of the course infrastructure (i.e. Judge, Tarasht, etc.), regardless of the intent
- If any of the class policies are unclear, they should be brought up and discussed in the first week of the semester at hand.
Announcements:
Homeworks:
- HW 1: Available: TBA, Deadline: TBA, 11:59PM
- HW 2: Available: TBA, Deadline: TBA, 11:59PM.
- HW 3: Available: TBA, Deadline: TBA, 11:59PM.
Course Material:
-7/1
- Lecture 0- Pre-Introduction [PDF]